Legal News

Judge Sara Cockerill handed the bank a penalty at Southwark Crown Court for breaching regulations after a regional commodities trader paid in £365m ( US$483m), chiefly in cash, over five years. She remarked that, while the bank was not itself complicit in the laundering taking place, the crimes could not have occurred without its shortcomings. The judge set out numerous lapses and failures by the lender in overseeing and probing Fowler Oldfield Ltd, a gold dealer connected to the case......

A recent county court judgment throws a spotlight on CCTV/video camera surveillance and data protection, including the lesser-discussed issue of audio recording. André Bywater and Jonathan Armstrong, lawyers at Cordery in London with a compliance focus, outline the ruling’s key data protection points. Fairhurst v Woodward case no G00MK161 What are the practical implications of this case? As a county court decision, this is not binding authority. Nevertheless, with the spread of smart doorbells and other video and audio recording systems, it offers a helpful illustration of questions that courts and regulators are likely to face in future. Although the claim concerned a domestic property, the same issues can also arise for businesses, serving as a reminder that both individuals and organisations must take data protection compliance seriously when using surveillance systems. UK businesses should consider the most...

The European Parliament has backed a legislative initiative report obliging companies operating within the EU internal market to identify and remedy their effects on human rights and the environment. It also endorses sanctions for non-compliance and the provision of legal support for third-country victims of corporate misconduct. Adopted by 504 votes in favour, 79 against and 112 abstentions, the report presses for a binding EU law to ensure businesses are held to account and made liable where they cause—or contribute to causing—harm to the environment, human rights and good governance... Who would fall within the scope of the proposed law? In short, both EU and non- EU businesses. The proposed law would apply to: large undertakings governed by the law of an EU Member State or established in the territory of the EU, regardless of sector and irrespective of public ownership or control ...

The complete paper is available here. An engaging seminar on the report, hosted with the Bonavero Institute of Human Rights, can also be accessed here. A proposed UK HRDD law The HRDD law could place the following duties on subjected organisations (broadly): to prevent negative human rights and environmental impacts arising from their domestic and overseas operations, including within their supply and value chains to devise and apply appropriate due diligence procedures to avert such impacts to publish a forward-looking plan for future procedures to be adopted, together with an assessment of the effectiveness of past procedures The report also proposes liability......

The objections centre on well-known long-standing concerns over data retention, access for law enforcement, and immigration policy; moreover, lawmakers went further, drawing attention to serious earlier issues with the UK’s use of the Schengen Information System ( SIS) database and to both potentially conflicting commitments under other international agreements. Under EU data protection rules, sending personal data to countries beyond the EEA is strictly lawful only where protection is judged ‘adequate’, where extra safeguards are adopted, or where one of a small set of derogations applies. At present, ongoing data flows between the EU and the UK run under an interim framework embedded in the broader EU– UK Trade and Cooperation Agreement of December 2020, which will lapse by June 2021 at the latest. The Commission must determine whether the UK, which officially departed the 27‑nation EU last year, affords...

This is a retrospective on some of the most notable corporate crime cases to reach the courts in 2020. Serious Fraud Office’s Barclays case collapses In February 2020, the Serious Fraud Office ( SFO) endured a bruising loss when a jury cleared three ex- Barclays plc directors of fraud linked to the bank’s financial-crisis fundraising, prompting doubts about the wisdom of pressing on through two trials and repeated courtroom reverses. The Old Bailey prosecution had been weakened by a series of heavy blows starting in 2018, when charges against the bank itself were thrown out. In 2019, midway through the trial of the individual defendants, the presiding judge directed the acquittal of former Chief Executive John Varley. According to Neil Williams, legal director at Rahman Ravelli, warning signs should have sounded once the Court of Appeal backed the ruling that the bank should not be...

Germany, presiding over gatherings of the EU’s member-state governments in the latter half of the year, plans to table an updated draft for the 11 November 2020 session, potentially opening the door to a common position among EU capitals. Should ministers settle on a deal, negotiations with the European Parliament may commence; the Parliament endorsed its own take on the e Privacy Regulation back in October 2017. The Commission first put the proposal forward in January 2017. Berlin has elevated the contentious e Privacy Regulation to a headline file for its six‑month stint at the helm of the EU Council, seeking a mandate to open talks with the European Parliament. Progress has been blocked by disputes about aligning the plan with the EU’s flagship General Data Protection Regulation, Regulation ( EU) 2016/679; about the treatment of ‘cookie walls’ (pop‑up prompts that deny entry to sites until a...

On Friday 16 October 2020, the Information Commissioner’s Office ( ICO) confirmed that the airline had not implemented adequate security controls, leading to a data breach impacting more than 400,000 customers. In a 114-page penalty notice, the ICO determined that BA infringed the integrity and confidentiality requirements of the General Data Protection Regulation, Regulation ( EU) 2016/679 ( GDPR), by failing to ensure the proper protection of personal data. ‘ The attack exposed numerous shortcomings across BA’s security arrangements and network,’ the regulator noted (see here). Trinidad and Tobago The decision, for the first time, sets out details of the incident and emphasises the risks in how organisations manage remote access to their servers, particularly during the coronavirus ( COVID-19) pandemic. The breach began on 22 June 2018, when an unknown attacker gained entry to BA’s network using the credentials of a Swissport...

Naibu Global International Company plc and another v Daniel Stewart & Company plc and another [2020] EWHC 2719 ( Ch) What are the practical implications of this case? This decision presents several wide-ranging, practically significant points. In substance, it stands as another concrete illustration of a first‑instance court adopting the Supreme Court’s approach in Sevilleja v Marex Financial Ltd [2020] UKSC 31, and consequently striking out a claim characterised as reflective loss. That strike‑out occurred at an early juncture notwithstanding the claim’s substantial value. It therefore underlines how the Marex principle can be decisive at the threshold, irrespective of quantum, when a claim properly falls within the category of reflective loss as understood by the Supreme Court in that judgment itself. Different strategies will therefore be required when formulating losses liable to be treated as ‘reflective’...

Outcome 11.3 Outcome 11.3 of the former 2011 code (old code) in the 2011 SRA Handbook on contract races is not carried across into the two new codes under the new SRA Standards and Regulations. Is any other provision in the new codes relevant to contract races? Yes. Principles 2 (maintaining public trust and confidence), 4 (acting honestly) and 5 (acting with integrity) in the Standards and Regulations almost certainly encompass contract races, and paragraphs 1.2 (not taking unfair advantage) and 1.4 (not misleading) in the ' Maintaining trust and acting fairly' section of the new codes would bear upon contract races in property transactions. Contract races can be ethically complex, arising where a property seller instructs their solicitor to proceed with more than one prospective buyer. In such circumstances it is common for attempts by the selling client or a bidder to secure a...

Original News R v Alstom Network UK Ltd [2019] EWCA Crim 1318, [2019] All ER ( D) 133 ( Jul) Court of Appeal’s decision The Court of Appeal has rejected Alstom Network UK Ltd’s assertion that its 2018 conviction on a single count of conspiracy to corrupt followed an unfair trial. The appellate court dismissed the company’s challenge, which related to a €2.4m payment to Canadian shell company Construction et Gestion Nevco Inc to obtain a contract for infrastructure and trams in Tunisia. Alstom contended the proceedings were unfair as the directors central to the allegations were absent. The energy firm also argued the judge failed to give the jury adequate guidance on the basis for convicting a corporate entity where its ‘directing minds’—who could speak to their own knowledge and actions—were unable to attend the trial. Delivering the ruling, Lord Justice Peter Gross,...

Plevin v DAS Legal Expenses Insurance Company Ltd [2019] EWHC 1339 ( Comm) What are the practical implications of this case? Disputes over the reach of CFAs and after-the-event ( ATE) insurance are routine within inter partes detailed assessment proceedings. This matter is somewhat out of the ordinary because it concerns a quarrel between a claimant, her solicitors, and an ATE insurer—though, in substance, between the solicitors and the insurer—about the effect of a clumsily drafted CFA and policy of insurance. The ruling is not the first occasion on which issues of construction of the CFA and the insurance policy in this litigation have surfaced. During the detailed assessment before the Supreme Court that culminated in Plevin v Paragon Personal Finance Limited [2017] UKSC 23, Paragon mounted similar objections. The case stands as a cautionary illustration of the hazards of neglecting to reach clear...

Innsworth Litigation Funding and a law firm, Keystone Law, are assembling institutional shareholders who bought or held shares in Petrofac starting from October 2010 Innsworth said in a statement that its assessment of potential claims is already well progressed. Claims against Petrofac, registered in the offshore UK dependency of Jersey, are understood to potentially surpass £400m ($516m). Lawyers intend to issue proceedings in April or May, once their investigations have been completed. It is claimed shareholders sustained substantial losses linked to Petrofac’s alleged involvement in bribery, corruption and money laundering, with Petrofac [allegedly] making false and misleading statements......

Average fine for data breaches doubles to £146,000 in just a year What is this development about? Average penalties issued by the ICO have risen to £146,000 ($185,888), up from £73,000 in the equivalent 12‑month period, research from RPC indicates. The aggregate value of sanctions increased by 24% to £4.98m, compared with £4m a year earlier. Richard Breavington, a partner at the firm, said the regulator is showing more bite and a readiness to echo public sentiment, noting that the necessary mindset and authority are in place and that there has been a marked shift. The GDPR took effect in May 2018 and permits fines of €20m ($22.7m) or 4% of annual global turnover, whichever is greater. Before May 2018......

Director of the Serious Fraud Office v Eurasian Natural Resources Corporation Limited and another [2018] EWCA Civ 2006, [2018] All ER ( D) 05 ( Sep) For our earlier report on this ruling, see News Analysis: Privilege in internal investigations restored ( SFO v ENRC). What does this mean in practice? The Court of Appeal has brought welcome certainty to the scope of litigation privilege. It also marks an important ruling on legal advice privilege, advancing the troubled debate over who can amount to ‘the client’ for the purposes of that protection. At first instance, ENRC’s assertion of litigation privilege was rejected. The judge decided, among other matters, that a criminal prosecution was not reasonably in contemplation at the material time, because ENRC had not produced evidence showing it knew enough about its own potential misconduct to believe that a prosecutor would be likely to...

How has the exemption available for controllers under the GDPR in relation to liability to compensate data subjects changed? Under the earlier Data Protection Directive 95/46/ EC ( Article 23(2)), where a person was entitled to damages from a controller due to unlawful processing, the controller could rely on a potential exemption if it was not responsible for the event that caused the loss. Recital 55 offered two illustrations of situations for which the controller would not bear responsibility: a mistake by the data subject, and a case of force majeure The language of these provisions lacked clarity, and the concept of ‘force majeure’ has no consistent definition across EU legal systems (it does not even carry a settled meaning in English law, depending heavily on contractual wording). Unsurprisingly, this carve-out, and the reference to force majeure, was therefore loosely carried across into...

Does the GDPR apply to unincorporated associations, such as sports clubs, and who is responsible for compliance by an unincorporated association with the GDPR? Who is ‘controller’ or ‘processor’? Yes—the General Data Protection Regulation, Regulation ( EU) 2016/679, applies to unincorporated associations in the same way it applies to companies or partnerships. The GDPR’s definitions of a ‘controller’ and a ‘processor’ encompass both natural persons and legal persons. The challenge for unincorporated associations is that they are not legal persons. They have no separate legal personality; they exist by contract, and neither statute nor case law sets out clear, definitive rules for what their governing provisions must contain. What truly matters under the GDPR is not the category of person or entity undertaking the processing, but the overall activity of collecting and using personal data. The rationale is...

It is common for suppliers in commercial services agreements to seek to generally exclude all their liability for ‘loss of data’—what sorts of potential claims would such an exclusion cover and what is the commercial rationale for including such a clause? As GDPR ( Regulation ( EU) 2016/679) neared its 25 May 2018 start date, these discussions became increasingly routine, with many organisations looking to ‘repaper’ and revise existing contracts to secure GDPR compliance. The term ‘loss of data’ has no statutory definition, so its scope must be read in the context of the particular agreement. In practice, it would usually be treated as catching claims arising from: Destruction of data Corruption of data Accidental disclosure of data Theft of data This would apply however the issue arose—eg through a virus, power failure, mechanical fault, human error or a...

How do you expect the provision of legal education at university level, namely the LLB, to change and adapt in order to attract the best students and promote the legal profession while also meeting market demands? We’re likely to see sharper distinctions between law schools, each appealing to particular kinds of students and forging links with different corners of the profession. With reforms proposed by the Solicitors Regulation Authority ( SRA) and the Bar Standards Board ( BSB), some programmes may resemble a fusion of academic study and the Legal Practice Course ( LPC), whilst others will, I hope, develop richer, more imaginative and multidisciplinary curricula. Have there been any recent proposals to change the structure or content of this course—for example, many argue the study of contract law in the first leaves students unprepared for when they next come across it, possibly four or more years...