Latest Legal and Regulatory news update - 06 December 2019

Latest Legal and Regulatory news update - 06 December 2019

In this issue we cover:

Risk & Compliance



Information Law & TMT


This month’s edition of Risk and Compliance highlights includes: (1) crime prevention; (2) AML & CTF; (3) information management & security; (4) GDPR and data protection; (5) a selection of other news and updates; (6) all the latest new and updated content. See: Risk & Compliance monthly highlights—November 2019.

Data protection

The Information Commissioner’s Office (ICO) has launched a campaign aimed at contacting all registered UK companies to remind them of the legal responsibility they have to pay a data protection fee, as part of a wider programme to ensure the data protection fee is paid by everyone required to do so. Under the Data Protection Act 2018, organisations that process personal data are obliged to pay the fee, unless exempt. See: LNB News 03/12/2019 43.

The ten largest fines levied in 2019 for breaches of the GDPR totalled €402m, figures released show, but few companies, if any, have been covered by cyber-insurance, lawyers say. See News Analysis: Biggest EU data breaches incurred €402m in fines in 2019.

AML & counter-terrorist financing

Changes to cannabis laws around the world have created a raft of business and investment opportunities, but financial institutions in the UK could find themselves on the wrong side of the country’s anti-money laundering laws by handling funds generated by legal cannabis sales. See News Analysis: UK AML laws cast a haze over legal cannabis investment.



In the case of Venson Automotive Solutions Ltd v Morrison’s Facilities Services Ltd [2019] EWHC 3089 (Comm), the High Court considered the interpretation and purpose of ‘no set-off’ clauses and how they impact on parties’ rights and remedies. Written by Neil Fawcett, specialist business and property barrister, at 3 Paper Buildings. See News Analysis: ‘No set-off’ clauses in Venson Automotive Solutions Ltd v Morrison's Facilities Services Ltd.

Lotus Cars Ltd v Marcassus Sport S.A.R.L. [2019] EWHC 3128 (Comm), [2019] All ER (D) 147 (Nov) concerns an application by Marcassus for a stay of proceedings in England on the grounds that proceedings had already been commenced by Marcassus against Lotus in Toulouse, France. The substantive argument concerned the applicability of Articles 29 and 30 of Regulation 1215/2012 (EU), Brussels I (recast), namely whether the case in France concerned the same cause of action or a related action as that in England. In rejecting the application of Marcassus, Phillips J also considered the construction and significance of the no set-off clause in the contracts between the parties and the general principles applicable to such clauses. Written by Lynne Counsell, barrister at 9 Stone Buildings. See News Analysis: Stay of proceedings on grounds of concurrent proceedings—no set-off clause (Lotus Cars Ltd v Marcassus Sport S.A.R.L.).

The High Court found that a purported purchaser of the underlying assets in a securitisation scheme was not a bona fide purchaser for value without notice, as the receiver who purported to sell had no actual or ostensible authority. Alex Cunliffe, a barrister at Lamb Chambers, examines the court’s decision. See News Analysis: Purported purchaser not equity’s darling (Business Mortgage Finance 6 Plc v Roundstone Technologies Ltd).

Consumer protection

The Council of the European Union has reached an agreement on a draft directive for representative actions for the protection of the collective interests of consumers against infringements of Union law. The council has stated the consumers will be able to defend their rights collectively and more efficiently. The directive will take effect in all Member States and will allow qualified entities to see injunctions and redress measures including compensation. See: LNB News 29/11/2019 47.



Corporate governance

Corporate have partnered with ProShare to provide a monthly news piece providing industry insight from the ‘voice of employee ownership’. This month Gabbi Stopp, executive director at ProShare, considers the effectiveness of malus and clawback in light of Thomas Cook’s recent demise. See News Analysis: ProShare industry insight—‘Fanks’ for nothing?


AGM season 2019

This Market Tracker Trend Report, AGM season 2019, looks at the latest market practice and trends emerging from the FTSE 350 annual general meeting (AGM) season 2019. See News Analysis: Market Tracker Trend Report—AGM season 2019.

Information Law & TMT

Data protection

The European Data Protection Board (EDPB) has met for its sixteenth plenary session. Documents adopted included: Article 64 GDPR opinion on accreditation requirements for codes of conduct monitoring bodies by the UK Supervisory Authority; response to the Body of European Regulators for Electronic Communication request for guidance on the revision of its guidelines on net neutrality rules; and draft guidelines on the criteria of the right to be forgotten in the search engine cases under the GDPR. See: LNB News 04/12/2019 50.

On 20 November 2019, the EDPB published its draft guidelines on the principles of Data Protection by Design and Default (the Guidelines) under Article 25 of the GDPR. Matthew Buckwell, Ruth Boardman and Ariane Mole of Bird & Bird LLP explain the latest developments. See News Analysis: EDPB publishes guidelines on data protection by design and by default.

On 15 November 2019, the EDPB published its finalised Guidelines on the Territorial Scope (Guidelines) of the GDPR. The revisions to the Guidelines followed a period of open public consultation which ran until 18 January 2019. James Fenelon, Ruth Boardman, Gabriel Voisin and Ariane Mole of Bird & Bird LLP, explain the latest developments. See News Analysis: EDPB publishes finalised guidelines on territorial scope.



The European Union Agency for Cybersecurity (ENISA) has published a new report on pseudonymisation techniques and best practices, that looks at the basic notions of pseudonymisation and technical solutions that may be able to support implementation in practice. See: LNB News 04/12/2019 63.

The ENISA has announced that it is preparing a candidate cybersecurity certification scheme for cloud services in accordance with Article 48(2) of the EU Cybersecurity Act, Regulation (EU) 2019/881. The cybersecurity certification will bring enhanced trust and legal certainty in the security of cross-border data processing. See: LNB News 04/12/2019 5.

The European Banking Authority (EBA) has published final guidelines for firms on information and communication technology (ICT) and security risk management. The guidelines establish requirements for credit institutions, investment firms and payment service providers on the mitigation and management of their ICT and security risks, and aim to ensure a consistent and robust approach across the single market. The guidelines enter into force on 30 June 2020. See: LNB News 28/11/2019 41.


Big Tech and European telecom companies like Telefónica, Orange and Vodafone are scratching their heads about what lies ahead for EU rules aimed at protecting the privacy and security of communications over their networks. The new European Commission, which will take office next week, will have to decide whether to scrap the proposal, amend it, or allow EU governments to have another crack at a compromise. See News Analysis: Comment—Big Tech, telcos face legal uncertainty as EU ePrivacy bill stalls.




The question of which individuals in a workplace are covered by the Transfer of Undertakings (Protection of Employment) Regulations 2006 (TUPE 2006), SI 2006/246, was addressed by the Central London Employment Tribunal in Dewhurst v (1) Revisecatch Ltd t/a Ecourier (2) City Sprint (UK) (Case Numbers: 2201909, 2201910, 2201911/2018). Employment Judge Joffe held that TUPE 2006 covers not only ‘employees’ in the traditional sense (ie those who work under a contract of employment) but also ‘workers’ (ie anyone who performs work or services for another under a contract, with the specific exception of independent contractors who are genuinely in business on their own account). See News Analysis: TUPE 2006 applies to all workers, not just traditional employees (Dewhurst v (1) Revisecatch Ltd t/a Ecourier (2) City Sprint (UK)).

Employee confidentiality

Whether an employee had committed an act of gross misconduct by discussing with colleagues the salary details of a senior executive, that he had become aware of due to that colleague leaving a document unattended on the communal photocopier, was considered by the EAT in Jagex Ltd v McCambridge (UKEAT/0041/19/LA). HHJ Stacey held that there is no universal answer as to whether salary information is confidential. See News Analysis: Information about a fellow employee’s salary is not always confidential (Jagex Ltd v McCambridge).

Unfair dismissal

Sean Jones QC, barrister at 11KBW, examines the Supreme Court’s decision in Royal Mail Group Ltd v Jhuti [2019] UKSC 55, that where a line manager seeks the dismissal of an employee but hides the real reason behind an invented reason which is then adopted by the officer appointed by the employer to decide on dismissal, the reason for the dismissal is the hidden reason, rather than the invented reason. The court found that the real reason for the appellant employee’s dismissal had been her making of protected disclosures rather than inadequate performance, as stated by her line manager and the decision-maker. Thus, her dismissal was automatically unfair. See: News Analysis: Supreme Court looks behind employer’s stated reason for dismissal (Royal Mail v Jhuti) and Case Digest: [2019] All ER (D) 165 (Nov).

Related Articles:
Latest Articles:
About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.