Embed Size (px)
Citation preview
Technology, Media and Telecoms Legal update
May 2015
2 3
Contents
Welcome to Eversheds’ Technology, Media and Telecoms newsletter, which is designed to keep lawyers and other professionals working in the Tech, Media and Telecoms sectors abreast of industry news, trends and changes in the law.
In this edition, we provide an overview of several cases that may have huge implications for the industry such as the “Fish legal” case. We also discuss the implications for TMT businesses following the changes to the Serious Crime Act and the Consumer Rights Bill.
I hope you find the content useful. If you would like to discuss any areas raised in this newsletter, then please do not hesitate to contact myself or the author of any article directly.
Charlotte Walker-Osborn Partner, Head of Technology Media and Telecoms Tel: +44 121 232 1220 [email protected]
4 Are telecoms companies now public authorities who must comply with law on access to environmental information?
7 Eversheds launch Pensions White Paper
8 Will the Serious Crime Act 2015 toughen the UK’s cybercrime regime?
10 Software development: protecting source code
12 C More: Hyperlinks, live streaming and broadcasters’ rights
14 Domain names and sports teams
16 Scrabble v Scramble: a game changer?
19 Eversheds launch global M&A report
20 UK Consumer Rights Act
22 The Public Contracts Regulations 2015
22 Crown Commercial Service guidance on amendments to contracts during their term and termination provisions
25 Cookies law: update and key developments
27 ICC Cyber Security Guide for Business
29 Eversheds events
30 Contact us
4 5
Are telecoms companies now public authorities who must comply with law on access to environmental information?
The Environmental Information Regulations 2004 (“EIR”) (a form of Freedom of Information legislation) compel public authorities subject to them to disclose requested environmental information, which can range from a land development contract to information about emissions, with limited exceptions. Water companies have until now not been treated as EIR public authorities. Fish Legal and Mrs Shirley between them challenged three water companies on this point and the long running campaign (often referred to for ease as the “Fish Legal” case) was decided in late February. Even though the Information Commissioner and First-tier Tribunal agreed with the water companies, the Upper Tribunal (which is the highest UK tribunal for determining issues relating to the EIRs), having consulted the European Court of Justice (“CJEU”), did not. The outcome was that the three water and sewerage companies concerned were found to be EIR public authorities.
The decision noted “The extent to which the CJEU’s judgment will result in bodies being classified as public authorities is unclear and undecided, but potentially wide.”
The European position
Unless successfully appealed, the decision will have major consequences, not only for the three affected water companies but also more widely. This will not just be in England and Wales. The EIR implement EU Directive 2003/4/EC which also applies across all EU member states.
The EU Directive imposes the obligations of disclosure upon a “public authority” - which Article 2 (2) defines as:
a. government or other public administration...
b. any natural or legal person performing public administrative functions under national Law, [including specific duties, activities or services in relation to the environment];
c. any natural or legal person having public responsibilities or functions, or providing public services [relating to the environment] under the control of a body or person falling within (a) or (b).
The CJEU’s judgment found that entities are “under control” of a government body (etc.) for the purposes of limb (c) of the “public authority” test, “if they do not determine in a genuinely autonomous manner the way in which they provide [their public] services since a public authority [covered by limbs (a) or (b) of the public authority test] is in a position to exert decisive influence on their action...” and confirmed that the manner in which that influence is exercised is irrelevant.
The judgment also considered what is meant by “a natural or legal person performing “public administration functions” under national law” (Article 2 (2) (b)). It concluded that a body will be performing those functions if it has vested in it (under national law) “special powers beyond those which result from the normal rules applicable in relations between persons governed by private law”.
The UK position
From Europe the case was then sent back to the Upper Tribunal in the UK to consider the position under national law accordingly and come to a decision on those facts. Having done so, the Tribunal concluded that water and sewerage companies should be considered public authorities under the EIR by virtue of their “special powers”, not because they are under State control. What are “special powers”?
The term “special powers” is perhaps not as exciting as it initially sounds. Essentially the Tribunal felt that to be carrying out public administration, the water and sewerage companies need to have the ability to do something, conferred by law, above and beyond those abilities which “result from the normal rules applicable in relations between persons governed by private law”. Something that makes them different from and gives them a practical advantage compared to all those other companies governed by private law. The water sector legislation and the terms of statutory licences to water companies were analysed in depth.
Examples given by the Tribunal of special powers under the specific water industry legislation (that are different to any powers available under private law) are to:
• compulsorily purchase any land anywhere in England and Wales;
• make byelaws in respect of the public use of their land or waterways;
• lay pipes in land other than the street;
• access another’s land, including to carrying out surveys or boring on the land; or
• impose a hosepipe ban.
Implications for other organisations
The three affected water companies (United Utilities plc, Yorkshire Water Services Limited and Southern Water Services Limited) must now comply with the EIR unless they successfully appeal the decision. Other water and sewerage companies with identical or equivalent special powers are likely to find it challenging to successfully convince the regulator that they are not also EIR public authorities.
More importantly, the decision means other bodies with “special powers” are now also at risk of being EIR public authorities: ”the reasoning in these cases is potentially relevant to other privatised, regulated industries that deliver a once publicly owned service: …telecoms…”. The greater the similarity between the legal framework, statutory licence provisions and powers of water and telecoms companies, the greater the risk of telecoms companies also being EIR public authorities.
6 7
So what?
Businesses in the telecoms sector should anticipate that following this decision they are likely to receive information requests from those assuming that telecoms companies are now EIR public authorities who are obliged to disclose environmental information on demand, or pushing for that outcome.
Businesses should ensure they are prepared for such requests and that they have an agreed approach to them which has been communicated to staff who may receive such requests. An EIR request may be made orally or in writing to anybody in the business. Ultimately, any failure to respond, deal in time, accept the business is an EIR public authority, or provide all requested information may lead to a compliant to the EIR regulator, the Information Commissioner’s Office, who will investigate and will determine whether or not the business is a public authority and if so, may order compliance and disclosure.
Even where the regulator accepts arguments by a business that they are not an EIR public authority, that decision can be challenged and may be decided differently by an Information Rights Tribunal. Businesses need to start analysing their position and any potential “special powers” bearing in mind the guidance from these recent cases.
Even if the business is confident it is not an EIR public authority, others in the sector may be and communications with and records held by those others may now become accessible to the public under EIR. The frankness of such communications and how they are provided should be reviewed and adjusted where required to reduce any EIR risks.
For further details, please contact:
Liz Fitzsimons,Legal Director +44 1223 44 [email protected]
Penelope Jarvis,Associate (South African qualified) +44 207 919 [email protected]
Eversheds launch Pensions White PaperRebuilding the consensus
It is nearly 10 years since the Pension Commission led by Lord Turner and supported by Baroness Jeannie Drake and Professor Sir John Hills issued its second and final report ‘A New Settlement for the Twenty-First Century’. In that report, the Commission made a series of recommendations on the future of the UK pension system, which were designed to address the challenges posed by an ageing population and the fact that millions of people were not saving enough for their retirement.
Central to the Commission’s recommendations was the introduction of automatic enrolment, which began being rolled out in October 2012 and has already led to over 5 million more people saving for their retirement in a workplace pension scheme.
Automatic enrolment may be the Commission’s greatest legacy, but its greatest achievement was the consensus that Lord Turner and his colleagues were able to build around the challenges facing the UK pension system and the steps that needed to be taken to address them. This ‘buy-in’ from politicians and stakeholders of all persuasions has resulted in most of the Commission’s recommendations having now been implemented and it has guided pensions policymaking in the UK for much of the last decade.
Over the past year, however, the pensions consensus has begun to unravel. The Chancellor’s surprise announcement of pensions freedom and choice in March 2014 – a policy introduced without consultation – has been followed by a series of policy announcements which seem to signal a shift back to short-term pensions policymaking based on political expediency in place of long-term, strategic policymaking based on clearly articulated aims and objectives.
On 9 March 2015, we hosted a Pension Reform roundtable, which was attended by a number of leading figures from within the pensions industry (see below). The overwhelming message from that event was the crucial importance of rebuilding a long-term consensus around UK pensions policy to ensure that the progress that has been made since the Pension Commission concluded its work is not in vain.
Ensuring that each generation has enough to live on in retirement, and does not place too great a burden on either the state or future generations, takes long-term, strategic planning. That is why we are calling on the new Government to establish a new independent pension commission to review the progress made in the past 10 years and to rearticulate the long-term, strategic goals for UK pensions policy in the future.
In our view, a new independent pensions commission is essential if we are to rebuild the pensions consensus. A great deal of work and dialogue with all stakeholders will also need to go on to secure this. Without it, UK pensions policy is in danger of being blown to and fro by the winds of political expediency and short term economic pressures, which risks leaving millions without the safe harbour of an adequate income in retirement.
This White Paper is explicitly not party political. Rather it seeks to encourage the new Government, of whatever flavour, to work to rebuild the consensus around the UK’s long-term pensions policy and strategic aims.
Click here to read the full white paper
Eversheds’ report
8 9
Will the Serious Crime Act 2015 toughen the UK’s cybercrime regime?Below we consider the recent toughening of cybercrime legislation in the UK through the passing of the Serious Crime Act 2015 (the “Act”) and examine the ways in which the Act will assist the Government in achieving the objectives set out in the National Cyber Security Strategy.
With effect from 3 May 2015, sections 41 - 44 of the Act, which amend the Computer Misuse Act 1990, will come into effect. As a result, offenders will face much tougher penalties for committing certain cyber acts intended to cause serious damage. The legislative updates are an attempt by the Government to provide further powers to assist in the achievement of the objective of “tackling cyber-crime and making the UK one of the most secure places in the world to do business in cyberspace”.
One of the key updates is the creation of a new offence of committing “unauthorised acts causing, or creating risk of, serious damage” in relation to a computer.
The provisions defining “serious damage” which has to be “of a material kind” are drafted widely and include damage to human welfare, the economy of a country, the national security of a country and also interestingly, the environment. “Human welfare” is itself widely defined and includes loss or injury to human life as well as disruption to communication, power, food distribution and transport systems as well as health services. The introduction of this criminal offence strengthens a previously relatively weak area of the UK’s net of cybercrime legislation for dealing with major cyber-attacks with the potential to cause serious loss of life or disruption to the country’s economic and civilian systems. A person guilty of the new offence is liable to: (i) a prison sentence of up to 14 years (or life imprisonment in certain serious circumstances) (ii) a fine; or (iii) both a sentence and a fine. The offender must only have a “significant link” to the UK in order to be caught by the legislation. This stretches the jurisdiction of the Act to cover acts committed by UK nationals abroad, provided that the relevant
act constituted an offence under the law of the country in which it occurred. This is an extension to the jurisdictional reach of the previous legislation in addition to the increase to the maximum punishment for serious computer misuse offences which was previously 10 years imprisonment.
So what?
In practice, it will be interesting to see how the police harness new powers under the Act to intervene against a suspect before a cyber-attack occurs and also whether the extra territorial jurisdiction of the Act will result in the extradition of British citizens. We may also see the Act being used to prosecute foreign citizens who use the UK as a base to attack non-UK targets. In this regard, the Act removes the borders from cybercrime in a way which is more reflective of the fact that the internet operates across jurisdictions.
The aim of the Act is to reduce the threat and impact of cybercrime by ensuring UK legislation is up to date with the fast evolving methods utilised by cybercriminals. Studies have long since indicated that the number of cyber-attacks have continued to rise with the UK now (according to some data) the second most targeted nation in the world. The UK government recognises that a more effective legal solution is required to stem or reverse this trend.
The additional protection offered by the Act is drafted very widely and it will be interesting to see how prosecutors use the breadth of the provisions. An unintended consequence of this may be that provisions devised to extradite individuals committing acts of cyber terrorism or aggression abroad, could equally be used in targeting other,
arguably less serious cyber acts, still falling within the scope of the Act.
Further, with the extra-territorial jurisdiction accompanying the new offence, prosecutors may find that much of the difficulty in enforcing the new laws to extradite individuals will not arise from a legal basis, but rather from a political one. It seems likely that effective application of the Act will rely on the co-operation with other states in relation to the relevant local laws which may apply to a particular “cyber act”.
It is therefore arguable that whilst the development of the new offence may provide a deterrent against some individuals targeting the UK or aspects of it on a smaller scale, it is unlikely to be the solution against the global threat of cybercrime; rather simply a new “reactive” recourse for UK prosecutors. Addressing the bigger and more dangerous forms of cybercrime will require an approach on a considerably larger, pan-European or global scale, based on much greater co-operation in the field and with the backing of international conventions. The problem remains that as many forms of cybercrimes are relatively new, both the law and its enforcers will struggle to apply an effective framework. However, the passing of the computer misuse provisions in the Act are certainly a promising indicator of the seriousness with which the UK government treats cybersecurity and a signal that the use of jurisdictions with lax cybersecurity enforcement will no longer put a cybercriminal with a link to the UK beyond the reach of the law.
The ongoing development of new technology will certainly have an impact on the Government’s ability to target offenders. The ways in which
individuals and consumers interact with the internet and communicate with one another has changed enormously over recent years and continues to do so. Whilst it may be difficult to argue that a tablet or even a phablet falls outside the realms of the term “computer” (as used in the legislation), new wearable technologies are moving further and further away from our traditional conception of computer-based objects or tools as set out under the Computer Misuse Act 1990. It is likely that this trend will continue, and any effective approach to tackling cybercrime needs to accommodate this.
For further details please contact: Charlotte Walker-OsbornPartner, Head of Technology, Media and Telecoms+44 121 232 [email protected]
Ben McleodSenior Associate+44 121 232 [email protected]
10 11
Software development: protecting source code
The recent decision in FilmFlex Movies Limited v Piksel Limited [2015] EWHC 426 (Ch) highlights the risks of losing control of IPR in joint software development agreements. Companies entering into such agreements should be clear about the nature and extent of the rights they wish to grant and what that means if and when interests diverge. A lack of clarity could lead to implied terms and reduced control (and therefore value) of crucial IPR.
FilmFlex is a well-known provider of content streaming services for companies such as Virgin Media, TalkTalk and EE, who then provide that content to consumers.
FilmFlex’s online content delivery platform was developed and maintained by Piksel. Piksel developed the base source code and then signed an agreement with FilmFlex to further develop it and a content delivery platform on FilmFlex’s behalf (the “MSA”). The software was licensed on the basis that Piksel would have rights to the original source code it had developed up to when the MSA was signed, and thereafter the IPR would belong to FilmFlex for the development work done after the date of the MSA.
In November 2014, Flimflex requested a copy of the source code so that it could contract with another instead to further develop the platform. Piksel refused to provide it. In addition to Piksel, the source code was also held by NCC Group (“NCC”) under an escrow agreement signed several months after the MSA. The release triggers under the MSA and escrow agreement differed, with the escrow agreement being more restrictive.
FilmFlex therefore sought an order for: (a) delivery of the source code; (b) damages; and (c) Piksel to assist FilmFlex in procuring the release of the source code from NCC. It argued an entitlement via contractual rights: (i) a right to appoint a third party to provide the services in relation to the IPR (and the definition of the IPR in this case was very broad); (ii) a right of “access” to the source code
throughout the term; and (iii) its licence of Piksel’s IPR (broadly defined) which entitled it to do such things as “access”, “modify” and “enhance” Piksel’s IPR and its ownership of developed IPR (again, broadly defined). Filmflex accepted that it could not seek a release of the source code directly from NCC due to the terms of the escrow agreement not being triggered.
Piksel defended the claim on the basis that the release triggers in the MSA were superseded by the escrow agreement (and the terms of the escrow agreement had not been triggered) and, even if not, the MSA terms of release had not been triggered.
The Court disagreed. It held that the terms of the escrow agreement did not supersede the MSA because there was no evidence that the parties intended that to be the case. In addition, where there was an inconsistency between the two agreements, the bespoke wording of the MSA would be favoured over the standard terms of the escrow agreement as evidencing the parties objective intent.
As for the MSA terms of release, all of the contractual rights relied on by Filmflex were applicable and entitled it to a release of the source code. The Court held that rights of “access” linked to purposes of being able to “use”, “enhance” and “modify” implied a right to obtain a copy of the source code and access would not be restricted to merely “viewing” it. However, more generally, what is included in a right of access to something would depend on the nature of the thing and the purpose for which access is being given.
So what?
This case is a useful reminder of the risks involved with licensing software, the issues that can arise when interests diverge and the importance of clear drafting. In particular the need for clarity concerning (i) the limits to the rights granted under licence; (ii) the definitions of each parties’ IPR and dividing lines between background and foreground IPR; (iii) rights granted in relation to release events; (iv) the terms of the MSA and ancillary agreements such as an escrow agreement; and (v) the exits.
For further details please contact:
William CrumpTrainee Solicitor +44 113 200 4025 [email protected]
James Hyde Partner+44 113 200 [email protected]
12 13
C More: Hyperlinks, live streaming and broadcasters’ rightsThe Court of Justice of the European Union (“CJEU”) has ruled that providing hyperlinks to website content will only be an act of ‘making available to the public’ under Article 3(2) of Directive 2001/29 (the “Copyright Directive”) if it is available at both a place and a time chosen by the user. Therefore access to the streaming of live broadcasts, even where they circumvent a paywall, will not be caught by the provision.
However, this does not preclude Member States from legislating to extend broadcasters’ right of communication to the public to include the act of providing hyperlinks to live broadcasts, provided that this does not undermine copyright protection.
What?
C More Entertainment (“C More”) is a pay-TV channel which provides live streaming via its website in return for payment. In 2007, it broadcast several ice hockey matches. Mr Sandberg created links and posted them on his website, which circumvented the paywall put in place by C More and therefore allowed internet users to view the live broadcasts without paying to do so. C More brought a claim for copyright infringement.
In 2011, the Swedish Court of Appeal overturned a decision of the Swedish District Court, and ruled that no element of the broadcasts met the level of originality required to achieve copyright protection under Swedish law, although related rights had been infringed. C More appealed against this decision to the Swedish Supreme Court, seeking a declaration that it held the copyright in the broadcasts.
In reaching its decision, the Swedish Supreme Court decided to seek guidance from the CJEU and asked the following question:
“May the Member States give wider protection to the exclusive right of authors by enabling
‘communication to the public’ to cover a greater range of acts that provided for in Article 3(2) of Directive 2001/29?”
Article 3 of the Copyright Directive states the following:
1. Member States shall provide authors with the exclusive right to authorise or prohibit any communication to the public of their works, by wire or wireless means, including the making available to the public of their works in such a way that members of the public may access them from a place and at a time individually chosen by them.
2. Member States shall provide for the exclusive right to authorise or prohibit the making available to the public, by wire or wireless means, in such a way that members of the public may access them from a place and at a time individually chosen by them: (a) for performers, of fixations of their performances; (b) for phonogram producers, of their phonograms; (c) for the producers of the first fixations of films, of the original and copies of their films; (d) for broadcasting organisations, of fixations of their broadcasts, whether these broadcasts are transmitted by wire or over the air, including by cable or satellite.
The CJEU ruled that the concept of ‘making available to the public’ formed part of the wider ‘communication to the public’. It went on to state that in order to amount to ‘making available to the public’ the act must meet both conditions of being accessible at a place and at a time chosen by the members of the public. Here, as the broadcast was streamed live, this did not amount to making available to the public and was therefore not captured by the provision.
So what?
This decision of the CJEU is a further development in the field of copyright and hyperlinks.
In the case of Svensson and others v Retriever Sverige AB, Case C-466/12 (as previously discussed here), the CJEU was asked to decide whether hyperlinks to articles that were already freely available on the internet should be deemed to be an act of ‘communication to the public’ under the Copyright Directive. The CJEU held that the provision of clickable links amounted to ‘making available’ and was therefore an ‘act of communication’ caught by the Copyright Directive. As the same technical means had been used for the communication (here, via the internet), it would only infringe the copyright holder’s rights if it was directed at a ‘new public’ to the one that the original communication was made. In Svensson, the hyperlinks were available to the same public who would have had the right to access the original communication, and so there was no new public, and therefore the provision of hyperlinks did not amount to infringement.
The CJEU developed this principle in the case of BestWater International, Case C-348/13. In this case, the alleged infringer ‘framed’ a short video on its website, from a third party website (YouTube). This case was particularly interesting, as the rights holder claimed (unlike in Svensson) that the video had
been uploaded to YouTube without his consent. This had no bearing on the decision; the CJEU reiterated its judgment in Svensson and held that, as there was no transmission to a new public (the video itself was freely accessible on YouTube), and the communication was via the same technical means, there was no ‘communication to the public’ and therefore no infringement.
The decision in C More appears to be in line with the decisions in Svensson and BestWater, where the contents were, by their very nature, available ‘on demand’. The decision of the CJEU not to extend the wording of the Copyright Directive to include content that is streamed live may be considered highly unfair to broadcasters of such content. However, the CJEU stated that the wording of Article 3(2) of the Copyright Directive did not preclude Member States from protecting the broadcasting and communication to the public of transmissions made by broadcasting organisations through other means, provided that this did not undermine the protection of copyright. It highlighted the possibility of national laws to implement Article 8(3) of Directive 2006/115 (the Rental and Lending Rights Directive), which gives broadcasters the exclusive right to provide access to broadcasts in return for a fee. The decision in C More is therefore perhaps less surprising than it may at first appear.
For further details please contact:
Neil MohringPartner+44 20 7919 0653 [email protected]
Kathryn DawsonAssociate+44 20 7919 4852 [email protected]
14 15
Domain names and sports teams
In the early stages of the internet domain names were used as a way to locate specific computers on the internet often referred to as ‘signposting’. However, with the expansion and commercialisation of the internet, domain names have begun to appear in the ‘real world’. They can appear on television adverts, billboards, magazines and have become integral business identifiers. As the real and digital spaces begin to overlap, intellectual property issues begin to arise.
There are two elements of domain names which have accelerated the digital/real world conflict. Firstly, domain names are very specific, only a certain combination of words can link to a particular site and secondly, consumers/members of the public have a tendency to guess at domain names and so intuitive domain names have become valuable to companies and organisations.
An example of intuitive domain names can be seen in the recent issue the England and Wales Cricket Board (“ECB”) have raised after being alerted to the attempted registration of ‘Cricket Association of England’ as a domain name. In this case, the correct domain name for the ECB is ‘www.ecb.co.uk’, however, an unknowing member of the public could reasonably guess that to find information about cricket in England they could search for the ‘Cricket Association of England’.
What protection or action can be sought against these intuitive domain names?
What
The traditional approach would be to pursue a claim in passing off. A claimant can bring proceedings in respect of a domain name if one has been registered which, obviously refers to and identifies a particular entity in a bid to ‘hijack’ the name. In the past, Judges have been wary to accept that domain name registration can constitute passing off, but in the case of British Telecommunications Plc and others
v One in a Million Ltd and others it was found that passing off could subsist in domain name registration.
Therefore the domain name is registered in a bid to deceive a proportion of the public then a claim for passing off is a viable option. This could be a route of action for the ECB.
However, there is a less well known remedy for the ECB. This comes from the World Intellectual Property Organization (“WIPO”), which has offered arbitration and mediation services for domain name disputes since 1994. With fees ranging from USD1500 to USD5000 the WIPO route is an attractively priced alternative to the UK courts.
One example from the WIPO of particular interest was between the Canadian Hockey Association of Calgary and a respondent who had registered the domain name ‘hockeycanada.com’. Of the possible remedies offered by the WIPO; cancellation of domain names; transfer of domains; and costs allocation, it was decided that the domain name should be transferred to the Canadian Hockey Association of Calgary, a good sign for the ECB.
So what?
This case serves as a good warning for other companies and sports associations, although they may have protection for their own specific domain names, in the age of Google and predictive searches
some thought should be given to intuitive domain names and the issues that can arise.
The best course of action is generally prevention, companies and associations should be encouraged to;
• register domain names featuring common misspellings,
• consolidate domains into one company to simplify the renewal process;
• register intuitive domain names which link through to the core domain,
• actively monitor key words in domain names; and
• register domain names as trademarks.
For further details please contact:
Selina HinchliffePrincipal Associate+44 115 931 [email protected]
16 17
Scrabble v Scramble: a game changer?
The Court of Appeal has held that Zynga’s electronic game name ‘SCRAMBLE’ also known as ‘SCRAMBLE WITH FRIENDS’ did not infringe Mattel’s SCRABBLE community trade marks (“CTMs”) although it did infringe Mattel’s SCRAMBLE CTM.
The Court stated that the degree of similarity between SCRABBLE and ‘SCRAMBLE’ or ‘SCRAMBLE WITH FRIENDS’ was not sufficient to cause a likelihood of confusion, and nor did they take unfair advantage of, or cause detriment to, the reputation of SCRABBLE (JW Spear & Sons Ltd & Others v Zynga Inc [2015] EWCA Civ 290).
What?
The Claimant Mattel brought CTM infringement (under Articles 9(1)(a)-(c) of the CTM Regulation (“CTM Reg”)) and passing off proceedings against the Defendant, Zynga, to prevent it from selling an electronic game called ‘SCRAMBLE’ also known as ‘SCRAMBLE WITH FRIENDS’, as it infringed Mattel’s SCRAMBLE and SCRABBLE CTMs. Scrabble is a well-known board game, first released in the EU in 1954. Scramble was launched by Zynga in 2007, initially via Facebook and Zynga is described as the world’s biggest social gaming company.
In 2013 the High Court held that Zynga had not infringed Mattel’s SCRAMBLE word mark on the grounds that it was invalid or liable to be revoked because it was descriptive of the goods for which it was registered and had become the common name in the trade for word games (under Art. 7(1)(c)-(d) and Art. 51(1)(b) of the CTM Reg).
The High Court also held that there was no similarity between Zynga’s sign and Mattel’s SCRABBLE marks, but did find that Zynga’s use of a stylised ‘M’ in its SCRAMBLE WITH FRIENDS logo meant that on a ‘quick glance’ it looked like a ‘B’ and was liable to lead to confusion with Mattel’s SCRABBLE marks.
Both parties appealed, and the Court of Appeal reversed the ruling of invalidity/liability to revocation for Mattel’s SCRAMBLE and ruled that it was indeed infringed by Zynga’s ‘SCRAMBLE’ and ‘SCRAMBLE WITH FRIENDS’. However, the Court of Appeal held that Zynga’s marks did not infringe Mattel’s SCRABBLE CTMs, albeit through different reasoning to the High Court.
So what?
The decision highlights the latest approach taken by the Courts for determining CTM infringement.
In considering the appeal, the Court of Appeal applied the following questions:
• Can a court rely on contextual matter extraneous to a trade mark when assessing the likelihood of confusion on the part of the public?
• Is there a threshold of similarity before the Court must consider the likelihood of confusion?
• Is SCRAMBLE merely descriptive?
The Court then went on to consider whether Mattel’s SCRAMBLE CTM was infringed, and then whether its SCRABBLE CTM was infringed, by the use of ‘SCRAMBLE’ and ‘SCRAMBLE WITH FRIENDS’.
In relation to the first question, Mattel submitted that the Court should take into account matter which had been “routinely and uniformly used in association with the mark” (here the word SCRABBLE), thus extending the global appreciation principle set out in Specsavers International Healthcare Ltd v Asda Stores Ltd. This context
included the use of game tiles, numbers, premium word scores and the background colour of “woodland green”.
The Court rejected that submission by holding it was sufficient to effect a comparison between the marks as they appear on the register with the signs as they would appear in use to the average consumer, and that Mattel sought to extend the global appreciation principle too far.
The Court then held there is no minimum threshold of similarity that a mark must meet before it is required to assess likelihood of confusion under Art. 9(1)(b) of the CTM Reg. If an average consumer would perceive no overall similarity, then a Court does not have to consider the likelihood of confusion on the part of the public, as Art. 9(1)(b) of the CTM Reg is conditional on the existence of some similarity. If, on the other hand, an average consumer would perceive some overall similarity, however faint, the Court must carry out the global appreciation test expounded in Specsavers for the likelihood of confusion, taking into account any enhanced reputation or recognition of the registered mark in question.
Zynga went on to allege that the SCRAMBLE CTM consisted of a common word in English meaning: to move with urgency or panic; to struggle eagerly or unceremoniously for possession of something; and to get or gather something with difficulty or in irregular ways (a ‘rushed activity meaning’). Zynga also alleged that ‘scramble’ had been commonly and extensively used by third parties before and after 2007 (the date of registration of the CTM) for a range of physical and electronic board games where
the user is required to make one or more words from scrambled letters (a ‘jumbled letters meaning’).
The Court reviewed the evidence of use of ‘scramble’ in 2007 put forward by Zynga, and held that an average consumer would not immediately understand ‘scramble’ to mean a word game which involved a race against time and therefore the rushed activity meaning was not a characteristic of SCRAMBLE. Nor could Zynga establish extensive or common use in the EU and thus the jumbled letters meaning of scramble was not a characteristic of SCRAMBLE either. Although there was quite a degree of descriptive allusion in the SCRAMBLE mark, its impact was not towards the descriptive end of the spectrum that would have made it unregisterable under Art. 7(1)(c) of the CTM Reg.
In addition, the evidence highlighted above did not come near to establishing that there was any customary use or established practice of the trade relating to the word ‘scramble’ as at 2007. Therefore the SCRAMBLE mark was not invalid or liable to be revoked under Art. 7(1)(d) of the CTM Reg either.
Zynga also failed to establish that SCRAMBLE was a common name in the EU for a game and the Court therefore reversed the lower Court’s decision and held that Mattel’s SCRAMBLE mark was therefore valid and not liable to be revoked under Art. 51(1)(b) of the CTM Reg.
Infringement of the SCRAMBLE CTM
As the Court had held that the SCRAMBLE CTM was valid, it considered whether the mark had been infringed under Article 9(1)(b) of the CTM Reg.
18 19
The Court held that the goods registered under the mark and those used by Zynga’s ‘SCRAMBLE’ were identical. Confusion was not just likely but inevitable, and the addition of the words WITH FRIENDS by Zynga was not adequate to avoid confusion.
Infringement of the SCRABBLE CTMS
The Court noted that the SCRABBLE CTM and ‘SCRAMBLE’ were of the same length differing by only a single letter in the middle, therefore there was a relatively high degree of visual similarity, as well as of phonetic similarity, which would be apparent to the average consumer. In addition, the Court held the two words were interchangeable in some, but not all contexts, therefore there was a moderate degree of similarity between conceptual meanings which would be less obvious to the average consumer. Therefore there was a moderate degree of overall similarity between the mark and sign.
As the Judge in the lower Court had failed to conduct a prima facie assessment of the trade mark against the sign, it entitled the Court of Appeal to perform a global assessment as to whether there had been a likelihood of confusion on the part of the public.
The Court held that the enhanced distinctive character of SCRABBLE was an important factor to take into account because it meant that the average consumer was used to seeing the mark in the context of games.
The Court reviewed evidence in the form of Tweets and iTunes reviews where users had mistakenly downloaded or played ‘SCRAMBLE’ thinking that it was SCRABBLE. However the Court stated that it would expect to see far more abundant evidence of confusion by the date of the trial, and so held that there was no infringement under Art 9(1)(b) of the CTM Reg.
To prove infringement under Art 9(1)(c) of the CTM Reg Mattel needed to show that use of the word ‘SCRAMBLE’ took unfair advantage of or was detrimental to the distinctive character or repute of the SCRABBLE CTM. The Court had not been shown evidence of a change in the economic behaviour of an average consumer or serious likelihood of such a change occurring in the future, and did not find infringement. The Court also reversed the decision that the stylised ‘M’ in Zynga’s ‘SCRAMBLE WITH FRIENDS’ logo meant that on a ‘quick glance’ it looked like the ‘B’ in the SCRABBLE CTMs, as this was not reflected in the available evidence of confusion.
In conclusion, this decision affirms (although it does not extend) the contextual point made in Specsavers. It may also be considered surprising to some that no infringement was found of the SCRABBLE CTM, given the oral and visual similarities with SCRAMBLE, as well as the use of both in relation to electronic games. Available evidence of confusion (or rather, lack thereof) seems to have played a key part.
For further details please contact:
Kathryn DawsonAssociate+44 20 7919 4852 [email protected]
Daniel PrimTrainee Solicitor+44 20 7919 [email protected]
Eversheds launch global M&A reportA new report has revealed how increasingly difficult it is becoming for companies in the TMT sector to sell a business. Eversheds international study, Streamlining for Success, shows how businesses face difficulties at every stage of the divestment process.
The findings come at a time when – in general - there is a greater focus on divestment activity – although the TMT sector was the least likely of the markets surveyed to be focussed on selling assets. One in 10 respondents in the TMT sector said their M&A strategy was solely focussed on divestments, rising to one in five (22%) who were equally focussing on divestments and acquisitions.
However, the study examines how changes in the commercial and regulatory landscape have made deals less certain and more complex, with divestments taking longer to complete. Most companies spend an average of three to six months on a routine deal, increasing to one to two years for larger, more complex transactions.
The study reveals the most common problematic area of a divestment for TMT respondents was IP transfer. The risk of being encumbered with liability or shared service costs following divestment was also raised by respondents in these sectors.
More generally, TMT respondents noted that employee transfer was fraught with problems. They viewed IP and employee transfer issues as related when selling a business that had much of its value tied up in intangible assets. US sellers disposing of assets across Europe also noted the difficulties they faced in synchronising employee transfer.
As with other market sectors, respondents in the TMT space were generally keen to complete disposals as quickly as possible in order to minimise uncertainty surrounding an asset’s ownership and the performance issues that might result. However, there were notable differences between technology, telecoms and media respondents - those in the telecoms sector were more likely to prefer a slower sale process that would lead to a buyer capable of maintaining or improving the asset’s performance.
Tech and media businesses were more concerned with knowing if an asset’s value was going to peak
following disposal - respondents struggled with calculating fair value and wondered whether they were unwittingly throwing the next tech or social media phenomenon into a deal.
Lack of clarity surrounding data privacy laws was an added concern for some. With sellers bearing primary responsibility for data control until completion of the deal, respondents noted that certification and transfer processes were becoming more complicated. More broadly, respondents wondered if the potentially valuable asset of consumer data would present a future regulatory risk.
Collectively the respondents to the Eversheds study have worked on more than 2,400 M&A deals across 60 jurisdictions during the past five years. Nearly two fifths of these were divestments. Drawing on this vast experience, the study concludes with six key points to increasing deal value and certainty:
• Adopt a clear and cooperative approach to communicating with the buyer
• Keep in regular contact with local management at the target company to maintain morale
• Have clear separation plans, which you share with the buyer
• Keep a close eye on conflicts of interest
• Build flexibility into legal contracts
• Plan for delays
To request a copy of the report click here.
For further details please contact:
Daniel HallPartner+44 161 831 8206 [email protected]
Eversheds’ report
20 21
The Consumer Rights Act (the “CRA”) received Royal Assent on 26 March 2015 and is expected to, for the most part, come into force on 1 October 2015. As a result, consumers will have enhanced rights and businesses will need to comply with a new statutory remedies regime. We set out below a summary of certain important changes which will likely affect the TMT sector.
The CRA applies to contracts and notices between a trader and a consumer. It sets out a framework that consolidates in one place key consumer rights covering contracts for the supply of goods, services and digital content (e.g. online films, games, e-books) and the law relating to unfair terms in consumer contracts.
The CRA is in three Parts and deals with:
1. Consumer contracts for goods, digital content and services;
2. Unfair terms; and
3. Miscellaneous and general, including investigatory powers.
For the purposes of this briefing we will focus on Part 1 and the treatment of pre-contractual information.
Generally, the law encapsulated in the CRA is similar to existing UK laws, although there have been some changes particularly in relation to the remedies which consumers will be entitled to for defective goods, digital content and services. In terms of the remedies, please note that the new statutory remedies are in addition to the common law remedies so consumers are not prohibited from seeking other remedies for a breach of a contractual term. Such additional remedies include damages, seeking specific performance and a right to treat the contract as terminated.
Goods
In terms of quality, goods are, for the most part, treated as they were treated under the Sales of Goods Act (i.e they must be of satisfactory quality, fit for purpose, and conform with the description provided by the trader). However, the remedies which apply in respect of defective goods have changed. Under the CRA:
• consumers will have 30 days within which to reject substandard goods and be entitled to a full refund;
• after the expiry of those 30 days, the trader will have a right to (at the consumer’s option) repair or replace the goods; and
• finally, the consumer will have a right to a price reduction or a final right to reject (with the right to obtain a refund/price reduction) if the consumer has not received adequate redress by way of either a repair or replacement.
Digital content
The CRA is the first piece of legislation to regulate the supply of digital content (ie. data which are produced and supplied in digital form). It applies to digital content that is (1) paid for; or (2) supplied free with other paid for items. The CRA introduces tailored quality rights for digital content and tailored remedies if the digital content rights are not met. Under the CRA, if
UK Consumer Rights Act Major changes ahead in 2015
digital content does not conform to the relevant contract, the consumer will have a right to a repair or replacement of the digital content or a price reduction.
Services
Similar to goods, the standards to which services are to be performed will remain substantially the same as before. However, as for goods and digital content, the CRA introduces the following “tiered” statutory remedies:
• Tier 1 remedy – the trader should either redo the element of the service which is inadequate or perform the whole service again; or
• Tier 2 remedy – the trader provides a reduction in the charge to cover the element that has not been provided with reasonable care and skill
A consumer cannot require re-performance if it is not possible, for example, if the service was time specific. As a result, due to the nature of some technology contracts (e.g. a telecoms company connecting a mobile phone), it may be that re-performance is not possible. A consumer is therefore likely to be able to rely upon the “tier 2” reduction in price remedy. However, it will not always be clear how this will be applied by the courts.
The effect of pre-contractual information
You may recall that under The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 certain information about digital content, goods and services must be provided to consumers prior to the consumer entering into the contract. Under the CRA any such information will become a contractual term. In addition, the CRA introduces a new statutory right that if a trader provides pre-contract information in relation to a service, and the consumer takes this information into account, the service must comply with that information.
So what?
The CRA will have a significant impact on the TMT sector, specifically impacting businesses across the sector which deal directly with consumers in many guises; for example, in relation to home computing, mobile and landline telecoms services and digital media services. It is therefore essential that businesses in the sector fully appreciate the impact the CRA will have on their business.
To ensure that you comply with the CRA, before 1 October 2015, you will need to think about reviewing your processes and consumer-facing documentation, including:
• sales processes;
• cancellation and returns policies; and
• consumer supply terms (including app supply terms).
Essentially, businesses will need to carefully consider the extent to which communications made to consumers will incorporate additional terms into their contracts. This may require them to undertake a whole scale critical review of, for example, marketing materials, telephone scripts, websites and other pre-contractual documentation and processes.
For further details please contact:
Matthew GoughPartner+44 29 2047 7943 [email protected]
Angellee Small Associate +44 113 200 4187 [email protected]
22 23
On 25 March 2015, the Crown Commercial Service (“CCS”) issued guidance on amendments to contracts during their term as permitted under regulation 72 of the Public Contracts Regulations 2015 (“PCR 2015”) and the right to terminate a contract in regulation 73. We set out below a summary of the key points in the guidance. The guidance itself can be found here.
Modification of contracts
The guidance explains that regulation 72 is aimed at clarifying the extent to which concluded contracts may be amended without the need for a new advertised tender process by establishing “safe harbours” for certain types of amendments. CCS take the view that PCR 2015 go further than a simple codification of case law (namely Pressetext C-454/06) in setting out all the circumstances in which amendments can be made in order to reduce uncertainty.
It is important to note that this guidance confirms that regulation 72 of PCR 2015 will apply to modifications to contracts on or after 26 February 2015 and therefore applies to existing contracts procured under the Public Contracts Regulations 2006 which are being amended now or may be amended in the future. The guidance emphasises that it is the date of the amendment(s) which is important, not the date when the original contract was entered into.
The guidance describes changes by reference to four categories:
Category 1 “any change”
These are changes where there is no financial limit provided the conditions set out in regulation 72 are satisfied. These changes cover the “clear, precise and unequivocal review clauses” in regulation 72(1)(a)
and changes which are not substantial within the meaning of regulation 72(8).
The guidance explains that a substantial change is defined in regulation 72(8) as any change, irrespective of value which meets any one or more of the following conditions:
• Materially alters the character of the original contract/framework; or
• Would have allowed other potential suppliers to participate or be selected, or another tender to be accepted; or
• Changes the economic balance in favour of the contractor; or
• Extends the scope of the contract/framework “considerably”; or
• A new contractor replaces the original contractor, other than where the change arises from an unequivocal review or option clause in the original contract or from corporate changes such as merger takeover or insolvency.
The guidance goes on to say that it is not possible to define “materially alter” or “considerably” as this may depend on the circumstances of each case. Accordingly, contracting authorities are advised to exercise their judgment, taking legal advice as necessary.
The Public Contracts Regulations 2015Crown Commercial Service guidance on amendments to contracts during their term and termination provisions
Category 2 “major changes”
These are described as changes the value of which is limited to up to 50% of the value of the original contact and:
• relate to additional works, services or supplies which have become necessary and certain other conditions are met (regulation 72(1)(b)); or
• the need for these changes could not have been foreseen by a diligent contracting authority and the changes do not affect the nature of the original contract or framework (regulation 72(1)(b)).
According to the guidance, where an authority makes more than one major change, the 50% limit will apply to each individual major change (rather than cumulatively), subject of course to the change not being aimed at avoiding the procurement rules. The guidance also confirms that the 50% limit is calculated by reference to the value of the original contract, not any increased value which resulted from an earlier variation.
Category 3 “minor changes”
These are changes where the value is:
• less than the relevant value threshold triggering the application of the procurement rules; and
• less than 10% (for services or supplies) or 15% (for works) of the original value of the contract or framework.
CCS have taken the view that, where there are multiple changes, the cumulative assessment is against the 10% or 15% limit and not against the value threshold triggering the application of the
rules. In other words, the guidance suggests that it is possible to have multiple changes each having a value which is below the value threshold for the application of the rules, provided that, in aggregate, the changes are below the relevant 10% or 15% limit.
We view this as an interesting interpretation of regulation 72(5) and (6) which, given the EU Court’s consistent strict interpretation of exemptions, is not without risk. A stricter reading of the legislation (and by implication the one which carries less risk) is that the changes need to be cumulatively under the threshold and under the relevant 10% or15% limit.
Category 4 “corporate changes”
The guidance merely restates the position under regulation 72(1)(d) that a safe harbour is available in circumstances such as where a supplier has been the subject of a merger, takeover or insolvency provided the replacement meets the original selection criteria and other substantial changes are not made to the contract or framework.
Termination of contracts
Regulation 73 introduces a new obligation on contracting authorities to include a right to terminate in certain circumstances including where a substantial modification has been made outside of the safe harbours set out in regulation 72. If such a right is not included, the power to terminate the contract on reasonable notice will be an implied term of the contract.
The guidance clarifies that the right to terminate must be included in all contracts awarded on or after 26 February 2015. However, the guidance also goes further and takes the view that a termination right will be implied into existing contracts. Whilst,
24 25
in principle, we consider this to be the correct approach (and indeed the approach which we have supported in the context of the consultations on the draft Regulations) it must be recognised that this is now inconsistent with previous Cabinet Office statements on this point and, most importantly, with the general transitional provisions as set out in Regulation 118. Accordingly, it would be important for the Government to provide further clarifications on the apparent inconsistency of this position with the legislation.
Separately, whilst regulation 73 provides a right to terminate, the guidance states that contracting authorities should terminate a contract placed on or after 26 February 2015 which is subject to modifications outside of the safe harbours set out in regulation 72. On the basis that a termination right is to be implied into existing contracts as well as contracts which were placed on or after 26 February 2015 it is not obvious why the guidance considers that contracting authorities should act in this way only in relation to contracts that were awarded on or after 26 February 2015 and not also in relation to existing contracts. The guidance goes on to say that “for all contracts”, in other words irrespective of when they were awarded, a contracting authority “also” has the option of not agreeing to the change.
Ultimately, a contracting authority might not in fact have a choice as in circumstances where a court confirms that there has been a substantial change to a concluded contract, the court can declare the contract ineffective. In addition, one cannot exclude the possibility that, in certain circumstances, the court might find it appropriate to grant an order setting aside the contracting authority’s decision not
to terminate the substantially amended contract, or indeed, to require the contracting authority to exercise its express or implied right to terminate that contract.
So what?
Overall, this guidance provides some welcome clarifications in this complex area of the law. However, it also raises a number of further questions. The new provisions in regulations 72 and 73 have not yet been tested in the courts and we will have to wait and see the extent to which some of the more controversial points here will be confirmed by the courts. As with any guidance, it is no substitute to understanding the legislation itself and applying it to the specific circumstances of each case.
For further details please contact:
Bridgette WilcoxPartner+44 292 047 [email protected]
Totis KotsonisPartner+44 845 497 [email protected]
Richard MatthewsPartner+44 113 200 [email protected]
Cookies law: update and key developments
In September 2014, we published our updated European guide to cookies which provides an overview of the effects of Article 5(3) of the European E-Privacy Directive (the “Directive”) in relation to the laws and practices surrounding the use of cookies across Europe. Since then, there have been a number of interesting developments in the cookies sphere, see our summaries of the developments below.
Device fingerprinting
In November 2014 the Article 29 Working Party (“AWP”) released its Opinion 9/2014 on the application of the Directive in relation to device fingerprinting (the “Opinion”). The primary aim of the Opinion was to address reports that third parties are looking into alternative technologies to cookies for a range of purposes in an effort to circumvent the consent requirement under Article 5(3) of the Directive.
In particular, the combination of a set of information elements in order to uniquely identify particular devices or application instances, so-called “device-fingerprinting”, was examined.
The information elements commonly used for device fingerprinting comprise: CSS information, JavaScript objects, HTTP header information, clock information, TCP stack variation, installed fonts, installed plugin information (e.g. configuration and version information) and the use of internal/external APIs.
Fingerprinting tools can be deployed for a range of different devices: computers, tablets, smart phones, e-readers, games consoles, TVs, in-car systems and smart meters (among others).
In the Opinion, the AWP highlighted one main concern – that device fingerprinting can operate covertly. Unlike cookies, there are no simple means for users to prevent the activity and there are limited opportunities available to reset or modify any information elements being used to generate a fingerprint.
Key points to note
The Opinion confirmed the AWP’s view that:
• where a fingerprint is generated through the storage of or access to information stored in the user’s terminal device, the Directive will apply (i.e. the same consent requirements that apply to the use of cookies); and
• device fingerprinting technologies may constitute personal data and where this is the case, data protection legislation will also apply.
You can read the full Opinion by clicking here.
Cookie sweep report
In February of this year, the AWP published a new report detailing its findings following a “cookie sweep” of 478 websites in the e-commerce, media and public sectors across the Czech Republic, Denmark, France, Greece, Netherlands, Slovenia, Spain and the UK.
Although the sweep was not designed as an assessment of cookie compliance, the report has highlighted areas for improvement. Further, the AWP noted that its analysis is likely to inform the landscape of steps taken towards compliance in the future.
Key points to note
• Some cookies were found to have a duration period of over 8000 years in contrast to the
26 27
average of 1 – 2 years. In future, regulators may view cookies that have a life span of over 2 years as excessive and/or non-compliant.
• Whilst the most popular method of informing website users to the use of cookies was via a notification banner in addition to a header or footer linking to further information, there were still a number of sites offering no notification in relation to the use of cookies, insufficient notification and/or not seeking consent from the user regarding the implementation of cookies. We recommend that websites that do not currently have a cookie consent mechanism, in addition to a header or footer (as described above) consider implementing one where required.
• The AWP was encouraged to see that a proportion of websites (16%) offered a high degree of user control regarding cookies. The AWP clearly sees user control in relation to cookie privacy settings in a positive light.
• As part of their sweep analysis, the AWP conducted their search, firstly by automated and secondly by manual analysis. The developing use of automated technologies in this way will enable regulators to become far more efficient in conducting analysis and ‘spot checks’ in their respective jurisdictions. Therefore, businesses with an online presence should ensure that they are compliant with the regulations sooner rather than later.
The full Article 29 Working Party Cookie Sweep Combined Analysis Report can be found here.
Vidal-Hall case
As an aside, at the end of March this year, the English Court of Appeal considered whether Browser Generated Information (“BGI”) is capable of amounting to personal data against the backdrop of the Vidal-Hall case. While this issue was not determined, should the claimants in the case be
awarded damages as an outcome of the class action, the implication would be that there is a risk compensation may be awarded for distress, resulting from the unconsented use of BGI in this manner. We suspect that such a potential risk may cause companies to revisit their own practices, particularly as this is an area of regulation that has, so far, had limited financial implications.
So what?
Businesses deploying cookies and similar technologies should be alive to these recent developments, as they do signify that such practices are being subjected to regulatory scrutiny.
However, it should also be noted that the European Commission suggested last year that the Directive would be revisited in 2015. Therefore, it will be interesting to see whether the consent requirements for cookies and similar technologies (e.g. fingerprinting) are tightened or relaxed if/when this happens.
For a refresher on how to comply with the Directive’s cookie consent requirements, please read our European guide to cookies.
For further information please contact:
Paula BarrettInternational Head of Privacy and Information Law+44 207 919 [email protected]
Lizzie CharltonAssociate+44 20 7919 [email protected]
Tom MilnerTrainee Solicitor+44 20 7919 [email protected]
ICC Cyber Security Guide for Business
The International Chamber of Commerce (the “ICC”) has released a new cyber security guide for business, the ICC Cyber Security Guide for Business (the “Guide”). The Guide was inspired by the Belgian Cyber security guide and aims to assist businesses in identifying and managing cyber security risks.
The Guide is made up of the following four main areas:
1. Principles: Five principles to steer development of an organisation’s cyber security risk management activities.
2. Actions: Six essential actions to optimise cyber security systems, including backing up information; keeping IT systems up to date, training staff on security issues; monitoring for security breaches; layering security defences to reduce risk and making contingency plans to deal with breaches.
3. Implementation: Ways in which the principles can be implemented into policies.
4. Self-Assessment: A security self-assessment questionnaire, to allow businesses to evaluate the current state of their cyber security management and to identify ways in which it can be improved, in accordance with the guidance in the preceding sections.
The five principles to steer development of an organisation’s cyber security risk management activities set out in the guide are:
1. Focus on the information, not on the technology: This principle encourages business to focus on protection of their most valuable information and systems where loss of confidentiality, integrity or availability would seriously harm the company.
2. Make resilience a mind-set: This principle is about ongoing assessment of the company’s resilience to cyber threats.
3. Prepare to respond: This principle encourages the development of organisational response plans in addition to technical response measures.
4. Demonstrate a leadership commitment: This principle is about business leaders being seen to be supportive of risk management activities, including by allocating adequate resources (both financial and human resources) to protection of company assets.
5. Act on your vision: This is about translating the company’s vision for cyber security risk management into practice by ensuring the company has in place appropriate information security policies.
28 29
So what?
The Guide takes a pragmatic approach and sets out some useful basic tips for businesses to consider. In practice we suspect that in terms of the actions most large companies are already acting in the manner envisaged by the Guide therefore, in this regard it will be of more use to SMEs.
However, in terms of the key principles for development of an organisation’s cyber security risk management activities, these principles will be of interest to SMEs and large organisations. Principles such as “demonstrate a leadership commitment” and “make resilience a mind-set” are about presenting a certain behaviour as regards the business’ stance on information security and will be of benefit to organisations of all sizes.
For further information, please contact:
Angellee SmallAssociate+44 121 232 [email protected]
James FrostTrainee+44 121 232 [email protected]
Eversheds events
Technology, Media and Telecoms Annual Conference Save the date
24th September 2015, Eversheds, One Wood Street, London, EC2V 7WS
Industry speakers and legal professionals will discuss and debate recent changes in the Technology, Media and Telecoms sector. Full programme to be announced. If you would like us to cover any particular topics please let us know.
To reserve your place, email [email protected]
Procurement basics for bidders event
15th June 2015, 09.30 – 12.30Eversheds offices 1 Wood Street, London
Understand the basics of Procurement Law with this half day event.
For further details and to book click here
Procurement training for bidders event
18th June 2015, 09.30 – 16.30Eversheds offices, 1 Wood Street, London
This seminar gives an overview the implications of new Public Contracts Regulations 2015 and how to challenge procurement decisions.
For further details and to book click here
Pensions: Key trustee and employer responsibilitiesVarious dates and locations
Pension scheme trustees are required by law to have a knowledge and understanding of the law relating to pensions and trusts, and the principles relating to scheme funding and investment. Trustees are also required to be familiar with their scheme’s governing documentation. This course is designed to give trustees, HR specialists, pensions managers and company directors the knowledge they need to run their schemes effectively.
For further details and to book your place click here
HR summer school16th – 17th July 2015 Merton College, Oxford
It is in the interest of every HR professional to deepen their understanding of their organisation’s purpose and operating context, and the part they play in achieving goals. The aim of this Summer School is to explore some skills of ‘future HR leaders’ and some evergreen people issues.
For further details and to book click here
30
Contact us
If you would like further information on anything appearing in this newsletter or would like to learn more about Eversheds, please contact:
Charlotte Walker-Osborn Head of Technology, Media and Telecoms Tel: +44 121 232 [email protected]@eversheds.com www.eversheds.com
Follow us on twitter @evershedstmt
This newsletter is for guidance purposes only and should not be regarded as a substitute for taking legal advice. It only relates to the law of England and Wales unless otherwise mentioned. Permission is granted to distribute this newsletter to your colleagues. If they wish to join our mailing list (or you wish to unsubscribe), please contact Sarah Padgett on the details below.
If you do not wish to continue to receive this publication please contact Sarah Padgett. Under the Data Protection Act, you may request details of personal information we hold about you. Our address for information requests is Eversheds LLP, Bridgewater Place, Water Lane, Leeds, LS11 5DR for the attention of Sarah Padgett (telephone on +44 113 200 4583 or e-mail [email protected]). If at a future date you believe that any information we hold about you is incorrect or incomplete, you should write to or e-mail us without delay at the above address. Any information which is incorrect or incomplete will be corrected promptly.
©Eversheds LLP 2015. Eversheds LLP is a limited liability partnership, registered in England and Wales, registered number OC304065, registered office One Wood Street,London EC2V 7WS. Please note that when we refer to “a partner” or “partners” of Eversheds LLP, the term “partner” indicates a member of Eversheds LLP. It should not be construed as indicating that the members of Eversheds LLP are carrying on business in partnership for the purposes of the Partnership Act 1890.
www.eversheds.com©EVERSHEDS LLP 2015. Eversheds LLP is a limited liability partnership.
