• At Kemp Little, we are known for our ability to serve the very particular needs of a large but diverse technology client base. Our hands-on industry know-how makes us a good fit with many of the world's biggest technology and digital media businesses, yet means we are equally relevant to companies with a technology bias, in sectors such as professional services, financial services, retail, travel and healthcare.
  • Kemp Little specialises in the technology and digital media sectors and provides a range of legal services that are crucial to fast-moving, innovative businesses.Our blend of sector awareness, technical excellence and responsiveness, means we are regularly ranked as a leading firm by directories such as Legal 500, Chambers and PLC Which Lawyer. Our practice areas cover a wide range of legal issues and advice.
  • Our Commercial Technology team has established itself as one of the strongest in the UK. We are ranked in Legal 500, Chambers & Partners and PLC Which Lawyer, with four of our partners recommended.
  • Our team provides practical and commercial advice founded on years of experience and technical know-how to technology and digital media companies that need to be alert to the rules and regulations of competition law.
  • Our Corporate Practice has a reputation for delivering sound legal advice, backed up with extensive industry experience and credentials, to get the best results from technology and digital media transactions.
  • In the fast-changing world of employment law our clients need practical, commercial and cost-effective advice. They get this from our team of employment law professionals.
  • Our team of leading IP advisors deliver cost-effective, strategic and commercial advice to ensure that your IP assets are protected and leveraged to add real value to your business.
  • Our litigation practice advises on all aspects of dispute resolution, with a particular focus on ownership, exploitation and infringement of intellectual property rights and commercial disputes in the technology sector.
  • We have an industry-leading reputation for our outsourcing expertise. Our professionals deliver credible legal advice to providers and acquirers of IT and business process outsourcing (BPO) services.
  • We work alongside companies, many with disruptive technologies, that seek funding, as well as with the venture capital firms, institutional investors and corporate ventures that want to invest in exciting business opportunities.
  • Our regulatory specialists work alongside Kemp Little’s corporate and commercial professionals to help meet their compliance obligations.
  • With a service that is commercial and responsive to our clients’ needs, you will find our tax advice easy to understand, cost-effective and geared towards maximising your tax benefits.
  • At Kemp Little, we advise clients in diverse sectors where technology is fundamental to the ongoing success of their businesses.They include companies that provide technology as a service and businesses where the use of technology is key to their business model, enabling them to bring their product or service to market.
  • We bring our commercial understanding of digital business models, our legal expertise and our reputation for delivering high quality, cost-effective services to this dynamic sector.
  • Acting for market leaders and market changers within the media industry, we combine in-depth knowledge of the structural technology that underpins content delivery and the impact of digitisation on the rights of producers and consumers.
  • We understand the risks facing this sector and work with our clients to conquer those challenges. Testimony to our success is the continued growth in our team of professionals and the clients we serve.
  • We advise at the forefront of the technological intersection between life sciences and healthcare. We advise leading technology and data analytics providers, healthcare institutions as well as manufacturers of medical devices, pharmaceuticals and biotechnological products.
  • For clients operating in the online sector, our teams are structured to meet their commercial, financing, M&A, competition and regulatory, employment and intellectual property legal needs.
  • Our focus on technology makes us especially well positioned to give advice on the legal aspects of digital marketing. We advise on high-profile, multi-channel, cross-border cases and on highly complex campaigns.
  • The mobile and telecoms sector is fast changing and hugely dependent on technology advances. We help mobile and wireless and fixed telecoms clients to tackle the legal challenges that this evolving sector presents.
  • Whether ERP, Linux or Windows; software or infrastructure as a service in the cloud, in a virtualised environment, or as a mobile or service-oriented architecture, we have the experience to resolve legal issues across the spectrum of commercial computer platforms.
  • Our clients trust us to apply our solutions and know-how to help them make the best use of technology in structuring deals, mitigating key risks to their businesses and in achieving their commercial objectives.
  • We have extensive experience of advising customers and suppliers in the retail sector on technology development, licensing and supply projects, and in advising on all aspects of procurement and online operations.
  • Our legal professionals work alongside social media providers and users in relation to the commercial, privacy, data, advertising, intellectual property, employment and corporate issues that arise in this dynamic sector.
  • Our years of working alongside diverse software clients have given us an in-depth understanding of the dynamics of the software marketplace, market practice and alternative negotiating strategies.
  • Working with direct providers of travel services, including aggregators, facilitators and suppliers of transport and technology, our team has developed a unique specialist knowledge of the sector
  • Your life as an entrepreneur is full of daily challenges as you seek to grow your business. One of the key strengths of our firm is that we understand these challenges.
  • Kemp Little is trusted by some of the world’s leading luxury brands and some of the most innovative e-commerce retailers changing the face of the industry.
  • HR Bytes is an exclusive, comprehensive, online service that will provide you with a wide range of practical, insightful and current employment law information. HR Bytes members get priority booking for events, key insight and a range of employment materials for free.
  • FlightDeck is our portal designed especially with start-up and emerging technology businesses in mind to help you get your business up and running in the right way. We provide a free pack of all the things no-one tells you and things they don’t give away to get you started.

View All

Playing catch up - gender pay gap reporting

Amy Douthwaite & Marian Bloodworth consider the implications of the gender pay gap reporting rules.

  • Calculating the threshold number of employees and working out who is in scope is not as simple as it might first appear.
  • The internal and external implications of gender pay gap reporting should not be underestimated.

The Equality Act 2010 (Gender Pay Gap Information) Regulations 2017 (the Regulations) came into force on 6 April 2017, requiring larger employers to produce an annual report on their gender pay gap.

The first report must be published by 4 April 2018 on data as at the snapshot date of 5 April 2017 and annually thereafter. There are many legal and practical issues for employers to consider.

The basic obligation

Employers with 250 or more employees as at 5 April must report the following metrics:

  • the difference in mean hourly pay of male and female employees;
  • the difference in median hourly pay of male and female employees;
  • the difference in mean bonus pay for the previous 12 months of male and female employees;
  • the difference in median bonus pay in the previous 12 months of male and female employees;
  • the proportions of male and female employees paid a bonus in the previous 12 months; and
  • the number of male and female employees in each quartile.

The Regulations set out detailed instructions on how to carry out the calculations for each of the metrics. While the basic obligation appears simple enough, there are a number of challenging areas within the Regulations as they are not as clear as they could be.

Who counts for the 250 threshold?

The first question is whether the employer is caught by the 250 employee threshold. While the Regulations themselves do not define ‘employee’, the Explanatory Notes provide that ‘employment’ has the meaning set out in s 83 of the Equality Act 2010. Therefore, employers should include in their threshold calculations any person employed under a contract of employment, a contract of apprenticeship, or a contract personally to do work.

Depending on the organisation’s structure and engagement methods, this could prove more complex than employers anticipate, including in relation to partners, overseas employees, non-executive directors, consultants and casual workers.

In terms of the inclusion of partners, the Regulations include a definition of ‘relevant employee’ to determine who should be reported on, which expressly excludes partners and LLP members, meaning they will not have to be reported on. However, they are not expressly excluded for the purposes of calculating the ‘employee’ numbers for the threshold. Therefore, if a partner falls within the definition of ‘employment’ within the Equality Act 2010 they should be included in the threshold calculation.

In terms of overseas employees, the ACAS guidance (Guidance) suggests that generally when an employer based in Great Britain has an employee based overseas, that employee will be classed as an ‘employee’ for the Regulations if they would be able to bring a claim in the employment tribunal under the Equality Act 2010. This will involve an analysis of the tests in Lawson v Serco [2006] IRLR 289 and Ravat Halliburton [2012] IRLR 315. Equally there is no clarity as to how overseas secondees to the UK, or UK employees of businesses with overseas headquarters should be treated.

Who should be reported on?

Not every person included for the 250 employee threshold purposes will need to be included in the report, for example, partners (as outlined above).

In addition, the Regulations provide that if the employer does not have the data relating to an employee working under a contract personally to do work (such as a consultant) and it is not reasonably practicable to obtain the data, then it does not have to be included.

However, employers should be wary about relying on this exclusion, as in many cases this data will be relatively easy for the employer to obtain, for instance by asking the consultant or budget holder within the business for the data. In addition, while this might provide a plausible reason to not include the data in the first report, this is likely to be less acceptable for future years as the Guidance specifically states that employers should try to ensure that they have access to the relevant data.

Getting the data right

Employers need to ensure that they have access to and can obtain all of the required data. This may not be entirely straightforward for some employers, for instance if they operate multiple payrolls, have different payment mechanisms, or keep payment information in different locations.

They should also consider whether the method of extracting or compiling the data actually creates potentially problematic documents. For instance, if it is easiest to compile the data according to business area, this may highlight a particular issue with the gender pay gap or even equal pay issues within that business area. This then may put the onus on the employer to tackle that issue. It would also be helpful information for an employee bringing a claim within that business area. Therefore, it is not just the final report that may create legal risk, but also documents created as part of the process.

Risk of getting it wrong

Employers should obviously be trying to ensure that the data reported is correct and in compliance with the Regulations. However, given the perceived lack of teeth which the Regulations have in terms of enforcement, some employers may take the view that where there are grey areas or the obligations are unclear, a proportionate approach would be to adopt a logical and consistent methodology and accept the risk that it could be incomplete or not entirely in compliance.

The content of the report & sign-off

Once employers are comfortable with their data, the next question will be how the data should be presented. It is anticipated that most employers will have a gender pay gap. Employers therefore should carefully consider putting some context around the data. There are a number of messages that the employer may want to consider, for instance:

  • Does a feature of the calculations skew the data in some way? For instance is annual bonus paid in the ‘relevant period’ and therefore double counted to a certain extent by being included in ‘hourly pay’ and bonus metrics? This will involve a careful analysis of the calculations and the data in order to determine whether this is the case and why.
  • Are there senior (and otherwise well paid) individuals who were not ‘relevant full pay employees’ at the snapshot date (because they were on leave) and so were not reported on?
  • Is the pay gap common to the sector as a whole? How do the employer’s metrics compare to others in the sector?
  • Has the employer taken any steps already to reduce the gender pay gap? Has it introduced any initiatives to promote women within the organisation to get to the higher paying roles, has it introduced any recruitment initiatives which may help address the gender pay gap?
  • What steps is the employer going to take to reduce the gender pay gap further?
  • Is the employer involved in any sector initiatives to help encourage women into the sector or develop those already working in the sector?

While it is anticipated that employers will have a gender pay gap in the first year and for a number of years to come, there will be an expectation that the gap will narrow each year, particularly where the employer has identified steps it is taking or will take to improve the gap within the narrative of the report. Therefore, employers should carefully consider what they are prepared to commit to in the report given the risk of further negative attention if steps are promised and then not followed through.

“It is anticipated that most employers will have a gender pay gap”

The report has to be signed-off by a senior person within the organisation (a director for companies). The person, or team responsible for ensuring compliance with the Regulations should therefore consider early on who this is likely to be and their preferred approach to the obligations. Some will want to adopt a minimal ‘compliance only’ approach, whereas others will want to use the obligations as an opportunity to push forward the diversity agenda at the organisation.

Publishing the report - when & where

Once the report has been drafted the employer should consider tactics for publishing the report. When to publish the report is a key question as this could significantly affect how much external attention the report receives. Employers may decide to delay publishing until close to the deadline in the hope that their report will be one of many published at that point. Alternatively, employers may consider other strategic publishing times, for instance at a time when there are other high profile news issues.

The report has to be submitted to a designated government website and also published in a manner accessible to all its employees and the public on the employer’s website. Therefore, there is some leeway in where to publish it and it does not necessarily have to be displayed on the employer’s landing page on their website.

Most employers will have given careful thought to how the report will be perceived externally and the external communications accompanying it. However, how the report is perceived by the employer’s own staff will be important as the report could raise a lot of questions, and may spark pay grievances or even claims for sex discrimination or equal pay. Therefore, the scope, content and timing of internal communications should not be overlooked. Clarifying the distinction between equal pay and gender pay issues will be particularly important, including making clear that data showing a gender pay gap does not necessarily show an ‘equal pay’ issue.

How might the data be used?

In addition to the data potentially sparking grievances and claims regarding pay, inevitably any employee or former employee bringing a sex discrimination claim will seek to use the gender pay gap data as evidence of ingrained discrimination within an organisation. The only way to mitigate this risk will be to publish carefully worded narrative with the data, and to refer to a clear commitment to address it going forward.

Any other data that is generated while preparing the report could become disclosable in employment tribunal claims if it is relevant to the particular claim. Therefore, employers should be careful when producing and commenting on the data internally. Involving legal advisers in order to protect the data and analysis with privilege should therefore be considered.

Think ahead

While the obligations for employers to produce the gender pay gap report seems, on the face of it, straightforward and clear, the internal and external implications should not be underestimated. Employers should therefore be thinking ahead and planning their approach to their obligations under the regulations as they may be able to mitigate some of the risks associated with their obligations and be better prepared to deal with any risks that materialise.

This article first appeared in New Law Journal www.newlawjournal.co.uk


The future of data protection law and enforcement in light of Brexit

In the summer, the government expressed its thoughts about the UK’s future data protection law. Nicola Fulford and Gemma Lockyer look at the derogations from the GDPR.

On 23 June 2016, the United Kingdom voted to leave the European Union and whilst that leaves us in a period of uncertainty in many respects, we have received some guidance as to where the UK’s data protection law and strategy is going. On 7 August 2017 the Department for Digital, Culture, Media and Sport published their statement of intent for the planned reforms that will form the new Data Protection Bill (Statement of Intent). The Data Protection Bill will bring  the EU General Data Protection Regulation (GDPR) and the Data Protection Law Enforcement Directive (DPLED) into our domestic law as the government seeks to ensure that the UK maintains high standards of data protection, even after leaving the EU.

The GDPR will apply from 25 May 2018 and much has been written on the new rights of individuals and the new obligations on data controllers and processors that this will bring. The GDPR allows Member States to implement certain derogations at national level and the Statement of Intent sets out the UK government’s intentions in this regard. We have discussed the key derogations set out in the Statement of Intent below and also the views of the ICO on their international strategy looking ahead to 2021.

Key derogations giving consent to process data and protecting children online: In order for controllers to rely on consent when processing personal data, the person giving consent needs to have a certain level of understanding of what they are consenting to. Article 8 of the GDPR introduces specific protections for children by limiting their ability to consent to data processing without parental authorisation and requires that reasonable efforts be expended to verify that a parent or guardian has given the appropriate consent. The GDPR sets the minimum age for consent at 16 but also allows member states to set a lower age, provided this is no lower than 13, at which a child can consent in their own name to data processing. In the United States, the age of consent is set at 13 by the Children’s’ Online Privacy Protection Act and the Federal Trade Commissions’ subsequent COPPA Rule and so with varying standards between EU member states, as well as the difference between EU standards and the United States, there will be challenges for companies offering international services.

The safety of children online is one of the government’s current priorities. The government intends to establish a Digital Charter that has the aim of making online environments safer for children and young people. Despite this, the UK has decided to set the age limit at the lower end and allow a child aged 13 years or older to consent to the processing of their personal data. Carrying out age verification checks at the age of 18 is more straight-forward, with the possibility of credit checks, checking driving records and the electoral register. However, it is not possible to carry out checks of this nature on young children and so websites will need to find a new way to work with users to verify age. Whilst setting an age limit which is consistent with the United States may ease some tensions or international service providers, it will likely to prove difficult for data controllers to demonstrate they have the necessary consents from someone of an approved age.

Processing criminal conviction and offence data: Information relating to criminal convictions and offences is highly sensitive and the GDPR permits only bodies vested with official authority to process personal data of this nature. Currently, under English law, organisations are able to process personal data on criminal convictions and offences in certain specified circumstances, the examples given in the Statement of Intent include when carrying out employment checks and underwriting driving insurance policies. Employers are currently entitled to seek and be provided with varying levels of information on a prospective employee’s criminal record. The Data Protection Bill will preserve this right for organisations not vested with official authority to process personal data of this nature. There is a public policy reason for allowing employers to continue to process data of this nature to ensure that vulnerable members of society are not put at risk and the wrong people are not placed in positions of power that are at risk of abuse.

Automated individual decision-making: The GDPR introduces a new right for an individual not to be the subject of an automated decision, including profiling, which has a legal or other significant effect on the individual. This right does not apply when the automated decision is necessary for entering into or performing a contract with the data subject; authorised by Member State law if the law lays down suitable measures to safeguard the data subject’s right and freedoms and legitimate interests; or is based on the explicit consent of the data subject.

The Data Protection Bill will legislate for an exemption to the right to ensure that processing by automated means is possible where there are legitimate grounds. The examples given in the Statement of Intent are the automatic refusal of an online credit application or e-recruiting practices that do not involve any human intervention; on the basis that these business processes would become impossibly burdensome if businesses are unable to rely on computer processing powers and each decision has to reviewed by a human. However, we know that machine learning tools do not always get it right. If the data set that informs the learning contains unconscious bias then the machine is likely to generate biased answers (e.g. assuming that female CVs are more suitable for nursing roles because Google image results for “nurse” show predominately females). This derogation has the potential to seriously undermine a data subject’s right under the GDPR not to be subjected to a decision based solely on automated processing. Communicating how human intervention has been involved will be important to ensure that there are safeguards in place where a decision might have been reached which is fundamentally wrong but allowing a computer to carry out the  “first pass” could be an effective use of resources.

Freedom of expression in the media: Section 32 of the Data Protection Act 1998 provides an exemption for organisations to comply with the data protection principles (except the seventh data protection principle – the requirement to keep personal data secure) where the personal data are processed for special purposes. This includes if the processing is undertaken with a view to publication, that publication is in the public interest and compliance with the principles is incompatible with the special purpose. Through this exemption, the legislation has sought to reconcile data protection law and freedom of expression. It is intended that the exemption in section 32 will be broadly replicated in the Data Protection Bill although the enforcement powers of the ICO to  enforce the exemption is expected to be strengthened.

Research: The GDPR requires organisations to comply with certain rights belonging to data subjects, including the right for data to be rectified without delay, the right to restrict further processing, right of access and the right to erasure. The GDPR also allows the UK to legislate to allow scientific or historical research organisations, organisations that gather statistics or organisations performing archiving functions in the public interest to be exempted from these obligations. The intention is to allow for research organisations and archiving services not to have to respond to subject access requests when this would seriously impair or prevent them from fulfilling their purposes. Provided that appropriate organisational safeguard are in place to keep the data secure, research organisations will also not have to comply with an individual’s rights to rectify, restrict further processing and, object to processing where this would seriously impede their ability to complete their work. The examples given in the Statement of Intent to justify the exemption include the necessity to archive inaccurate data so that it is possible to audit a decisionmaking process that led to an unfavourable outcome or where statistical data may be compromised if an individuals’ personal data is later removed from the statistical pool.

The ICO’s international strategy

The Rt Hon Matt Hancock MP stated in the ministerial foreword to the Statement of Intent that under the Data Protection Bill “enforcement will be enhanced, and the Information Commissioner given the right powers to ensure consumers are appropriately safeguarded”. In the Information Commissioner’s Office’s International Strategy for 2017 – 2021, four challenges are highlighted which the ICO will face in the changing digital global environment.

1. To operate as an effective and influential data protection authority at european level while the UK remains a member of the EU and when the UK has left the EU, or during any transitional period: The ICO intends to maintain its relationship with its EU partners, including the European Data Protection Board and the Article 29 Working Party because, as well as overseeing enforcement of the GDPR, the European Data Protection Board will also issue guidance, making it influential in setting the direction for data protection and privacy standards. The ICO will advise the UK government on the data protection implications of leaving the EU and will seek to maintain a strong working relationship with individual EU Data Protection Authorities to ensure that UK organisations are able to continue to transfer data internationally to facilitate business growth.

2. Maximising the ICo’s relevance and delivery against its objectives in an increasingly globalised world with rapid growth of online technologies: The ICO intends to continue to engage with leading international privacy networks and explore relationships with networks that the ICO has not engaged with previously. The ICO intends to share information and knowledge with other independent bodies responsible for enforcing and promoting freedom of information laws. This will allow the UK to take international best practices and choose the best tools, which are most applicable to UK interests and apply them to ensure that the UK is taking the best from the widest pool of experiences.

3. Ensuring that UK data protection law and practice is a benchmark for high global standards: The ICO wants to ensure that the UK retains a high standard of data protection law to provide effective safeguards for the public. The ICO intends to collaborate with the international community to support work to turn the GDPR’s accountability principles into a robust but flexible global solution. Continuing to take part in the international conversation around data protection will allow the ICO to maintain its status internationally as a leading player in the data protection landscape.

4. Addressing the uncertainty of the legal protections for international data flows to and from the EU, and beyond, including adequacy: International data transfers are an important part of the digital economy. The ICO will seek to ensure that there are effective safeguards for these data transfers in the uncertainty that flows from Brexit. The ICO has stated that it intends to explore a “global data protection gateway” which will allow the UK to interoperate with different legal systems that protect international flows of personal data and will support work to develop new mechanisms to enable international transfers, such as codes of conduct and certification under the GDPR.

Impact of Brexit and conclusions

There are questions around the process under which UK organisations will be able to transfer data internationally (both to the EU and elsewhere) and so including a requirement for organisations to revisit and put in place any necessary mechanisms to facilitate the transfer of data in contracts which will continue following Brexit should be considered best practice. UK companies who operate in Europe will also have to consider their lead supervisory authority following Brexit.

The ICO’s strategy suggests that it will continue to take a tough stance on data protection in the coming years. It is clear that the ICO wants to ensure that the UK has a strong reputation for protecting the rights and freedoms of data subjects, potentially with a view to obtaining a European Commission finding of adequacy, which will cover international data transfers post Brexit. However, we may find there are some tensions with the UK government as the proposed derogations appear to unpick some of the protections offered by

GDPR (e.g. the lower age of consent by children to processing and the increased opportunities to use automated decision-making). It will also be interesting to see how the proposed Data Protection Bill and European Union (Withdrawal) Bill will interact, especially given the time taken to get this far with the Statement of Intent and the looming 2018 and 2019 deadlines.

This article was first published in PL&B UK Report, September 2017, www.privacylaws.com.


Maintaining standards

The advertising of gambling continues to be in the spotlight. Recently there have been a number of rulings from both the UK Advertising Standards Authority and the Gambling Commission as the thorny issue of advertising gambling continues to cause concern for regulators.

Earlier this year, BGO Entertainment was hit with a hefty penalty from the Gambling Commission, the body that regulates commercial gambling in Great Britain in partnership with licensing authorities.

BGO was fined £300,000 for misleading advertisements about promotions that failed to comply with Licence Conditions and Codes of Practice social responsibility requirements. Among other things, the LCCP require that adverts and offers, including “free bet” offers, do not mislead customers and clearly state significant limitations and qualifications.

This responsibility doesn’t stop there − the LCCP requirements extend to all areas of marketing including social media and make operators responsible for third parties contracted to provide any aspect of the operator’s regulated business, which includes marketing afiliates and advertising networks.

None of this is new. The free−bets provision was introduced in 2015 and specific social media requirements were introduced into the IGRG Code for Socially Responsible Gambling in February, 2016, (although the code of the Committees of Advertising Practice − the “CAP code” − already applied to social media). But what has perhaps changed is the Gambling Commission’s approach to enforcement.

At its Raising Standards conference last November, the commission gave a clear indication that marketing was a focus area, there was particular concern about the behaviour of some afiliates, and the commission was ready to take action. The commission repeated this message at ICE Totally Gaming at ExCeL in London in February and, on July 5, following consultation, published its revised enforcement strategy.

This makes clear there is no longer a bias in favour of settlement, so making licence reviews more likely, and introduces higher penalties for non−compliance particularly where there are repeated failings.

The BGO action was the first example of this approach, with the fine relating to nine advertisements on its own website and 14 on afiliates’ websites. BGO’s breaches of the social responsibility code − and its repeated failure to take timely and effective action to address these issues when raised by the commission − cast doubt on BGO’s suitability to carry on its licensed activities.

Hot on the heels of the BGO fine, a second illustration of the commission’s new approach is Lottoland’s £150,000 fine in June for its own, and its afiliates’, actions. The LCCP requires operators to comply with the CAP and (for broadcast advertising) BCAP codes of practice administered by the ASA.

In February, the ASA upheld a complaint against a Lottoland radio ad on the grounds that it failed to make clear to players that they were betting on the outcome of lotteries, rather than participating in a lottery, and the Gambling Commission found the same issue occurred in Lottoland’s third−party marketing, website and social media promotions. In Great Britain, lotteries differ from other gambling products as part of the proceeds must go to good causes, so the distinction is particularly important.

Marketing materials must not be likely to be of particular appeal to under−18s, especially by reflecting or being associated with youth culture. In particular, operators must not include a child or a young person (under 18) in marketing communications, and anyone who is − or seems to be − under 25 years old must not be featured gambling or play a significant role in the marketing material (with a limited exception for 18 to 24 year olds who are the subject of the bet − such as young sports players).

Use of comic−book characters and superheroes can be problematic unless the audience for such advertisements is strictly controlled. In August, 2016, the ASA found an email advertisement for Ladbrokes casino featuring Iron Man to be socially irresponsible but recently reversed this ruling on appeal on the basis the recipients of the email had all been validated as being over 18.

Additionally, under a new condition introduced in October, 2016, gambling operators must ensure that they do not advertise on websites “providing unauthorised access to copyright content”. Again, operators are responsible for their afiliates: they must take all reasonable steps to ensure that their marketing and media agencies do not place their advertisements on such websites, and must reserve the right to terminate the appointment if an agency does so.

All operators in the gambling industry looking to avoid the attention of the regulator are expected to take heed of all advertisingƒ marketing rules set out by the authorities and to learn from the experiences of others such as BGO and Lottoland.

The gambling industry is extremely competitive and with operators looking for any possible advantage, there’s perhaps a natural temptation for operators and their marketing agencies to push the boundaries. But operators also have a social responsibility and the commission is clearly keen that operators put the consumer first, and take the initiative in relation to social responsibility rather than merely complying with the strict regulatory requirements.

With competition intense, one thing that definitely won‘t help operators is falling foul of the rules around advertising, so this is an area that requires close attention.

This article first appeared in niNTERGAMINGi Magazine. You can view the original article here.

Weighing vs voting - distributed ledgers as governance devices

“In the short run, the market is a voting machine but in the long run, it is a weighing machine.” – Benjamin Graham

The ‘forking’ of Ethereum in the summer of 2016 and Bitcoin in the summer of 2017, has given us two interesting examples of the role that a consensus based system can have in resolving disputes and acting as a governance system in a quasi-legal manner.

The ‘classic’ approach to governance in negotiated contracts involves an increasing series of escalations and decision-making committees, compelled to meet, take into account certain information, and come to a decision. Those committees are bound by rules agreed in advance about the state of play. Typically, there are states of appeal, but ultimately, a single body will make a decision to resolve the dispute. The parties will have agreed if this is a private entity, such as an arbitrator, or a public servant such as a judge – but the end result is a single (or very low number of) minds voting on the right decision based on the pre-agreed rules. Typical hallmarks of this system are a private disagreement, confidential disclosures and arguments, cost-pressure to resolve the dispute speedily and amicably, and a sometimes public outcome, but which contains a small fraction of the relevant information.

This is quite straightforward to picture in a contract setting: for example, a dispute over the timeliness of an outsourced service, the supplier arguing that it was not given the necessary materials or instructions, the customer saying the supplier should have had or known these things.  The first few committees cannot agree, but narrow the issues, the matter is then escalated to the account managers, who may agree the issue, or take the matter to arbitration or the court system for a third party to vote on.

The picture is muddied when we consider a far softer governance framework. The global domain name unique identifier system is run by ICANN, a non-profit organisation which was established effectively to implement U.S. Department of Commerce policy. ICANN has by-laws and committees, but was dogged for many years with ambiguity about the exact scope of its remit and authority.  From 2010 onwards, pressure increased to move ICANN out of its contract and oversight from the Department of Commerce and into the ‘global multistakeholder community’. This process has been complicated and political, but, for this article, the key feature is that it required both a groundswell movement of support and lobbying, along with the consent of particular parties (such as Congress and the Department of Commerce). The end result, a ‘multistakeholder model’ still comes to decisions. It aims to do so through a ‘bottom-up’, decentralised, inclusive, process, but it still makes a binary decision – yes or no, A or B, etc..

Compare this with ethereum and bitcoin. Sweeping governance issues arose during the DAO controversy leading to the ethereum fork, and during the block size debate which led to the bitcoin fork. In each case, a public and violent debate ensued, containing everything from principled positions, to pragmatic solutions, to nasty name-calling. The decentralised, anonymous nature of these platforms, with less chance of recurring transactions with any one counterparty, make this hearty and vitriolic debate more likely than in a private governance model.  

The next part however is more interesting: in effect a decision does not have to be made. The ‘classic’ governance described above requires a private agreement, or a decision to be voted on by pre-agreed categories of people using a pre-agreed system.  With a distributed ledger system, anyone can put forward a solution, anyone (with a few trivial formalities) can vote on their preferred answer, and multiple ‘solutions’ to the dispute can be accepted and form the go-forward system. Take the bitcoin fork, into classic bitcoin and bitcoin cash.  A dispute about block size could not be resolved with a unanimous consensus. Two prevailing views formed about the optimal block size, and the proponents of each formed a packaged ‘brand’ for their proposal. The fork eventually came, and each group moved to their preferred system.  Miners and traders each vote with the electricity or their money by mining or purchasing one fork over another.  This voting however is on-going, open to all, and can be done in a non-attributable way, over and over again. This makes the ‘voting’ quite different to the ‘voting’ in the previous examples. There is never a final and conclusive answer, never a holistic decision made, just a quantitative indicator of how aligned each view is with the rest of the market, and how much consensus there is for each view.  It is in fact more akin to a prediction market, or a stock market – but for an idea, not an asset per se.

It will be interesting to see how this model plays out, and what other applications this form of ‘messy’ governance may have – particularly in systems which seek a ground-up consensus, and want to operate in a global manner while anticipating a changing world order.  

They can't win your raffle unless they buy a ticket... or can they?

The story of Dunstan Low, who successfully raffled his £845,000 Lancashire mansion by selling 500,000 raffle tickets,[i] is another example of the re-appearance of the earlier trend for homeowners who have lost faith in the traditional method of selling their homes to raffle them instead. On the face of it, this looks a great idea. If you charge £2 a ticket and your property is valued at £500,000, then you need only sell 250,000 tickets to recover the full value, plus some extra tickets to cover your costs. In theory, you shouldn’t be short of entrants to your raffle either, as the odds aren’t bad and the prize a chunky one.

In practice, it’s not quite that easy. Several house sale raffles and competitions have failed to achieve sufficient ticket sales and had to refund entry fees or pay a smaller cash prize instead. Potential entrants may ask why the house hasn’t sold by the traditional route, and be wary of acquiring a property without the usual investigation of problems and associated costs.

Anyone thinking of raffling their house should also be aware that the Gambling Act 2005[ii] makes it a criminal offence to run a lottery without a licence – and licences are only available to charities (and local authorities) as raffles can only be run to raise funds for good causes. There are some limited exemptions for things like raffles to raise money for charities and workplace sweepstakes, but these won’t apply to house sale raffles (even if you give part of the profits to charity). Whilst the law in this area is complex and advice should always be taken, there are two ways to differentiate your scheme from an illegal lottery. Firstly by requiring entrants to use skill, judgment or knowledge so that the winner isn’t chosen by chance, or secondly by giving entrants the option of participating for free.

Questions will only satisfy this “skill test” if they require sufficient skill, judgment or knowledge to prevent a significant proportion of entrants answering correctly (or entering at all). Of course, those who get the answer wrong must not be entered into the draw. If there’s any doubt whether the questions are sufficiently challenging, you would be wise to offer an alternative free entry route too – even though this seems counter-intuitive when you’re trying to raise money.

The free entry route can be ordinary (first or second class) post (but not special delivery), or telephone at ordinary rates (but not using a premium number), or any other method which doesn’t involve any additional expense reflecting the chance to enter the raffle and is as convenient to the entrant as the paid route. The free route can’t be “hidden away”, and of course free entries must have the same chance of winning. The Gambling Commission offers useful guidance, on both the skill test and free entry routes, on its website[iii] as well as a recent update on house sales[iv].

For more information regarding raffles and skill competitions please see our article “Healthy competition: your legal how-to guide for the sporting Summer” and do take legal advice if you are considering running a raffle, whether to fund-raise for charity or to sell your house. If you fail to negotiate the legal pitfalls correctly, you may have to close the scheme and refund all the ticket sales – and could be fined (or even imprisoned) for committing a criminal offence.

Commercial Agents: Diamonds are not forever

So said Popplewell J in the opening line of his judgment in the recent case of W Nagel (a firm) and Pluczenik Diamond Company NV[1].  The judgment is an important one for companies involved in the sale and purchase of commodities, in that it appears to be the first case to consider the scope of the exemption under the Commercial Agents (Council Directive) Regulations 1993 (Regulations) for commercial agents who operate on commodity exchanges.  However, some aspects of the judgment are of broader application to agency relationships, and will be of interest to all businesses that appoint or operate as agents in the UK.   


The case involved a claim by Willie Nagel (WN), a diamond broker, against his client, Pluczenik Diamond Company (one of the world’s leading diamantaires), for termination of an agency relationship involving the purchase by Pluczenik of rough diamonds from De Beers.

WN was appointed by Pluczenik as its broker in the 1960s, and continued to act as Pluczenik’s agent in relation to the purchase of rough diamonds at De Beers ‘sights’ (one of the main channels by which De Beers sold rough diamonds into the wholesale market) in the UK up until 2013.  In 2013 De Beers moved its global sight from London to Botswana, prompting Pluczenik to terminate its relationship with WN.

WN claimed that he was a ‘commercial agent’ under the Regulations, and therefore entitled, under Regulation 17, to compensation on termination of the agency relationship.  Pluczenik disputed the claim on the grounds that the Regulations did not apply. 

Did the Regulations apply?

Regulation 2(1) defines a commercial agent as “a self-employed intermediary who has continuing authority to negotiate the sale or purchase of goods on behalf of another person (the "principal"), or to negotiate and conclude the sale or purchase of goods on behalf of and in the name of that principal …."

Pluczenik claimed that the Regulations did not apply on two grounds: first, it argued that WN did not have authority to negotiate on its behalf and did not, therefore, satisfy the requirements of Regulation 2(1), and second, it relied on an exemption in Regulation 2(2)(b) which provides that the Regulations do not apply to “commercial agents when they operate on commodity exchanges or in the commodity market”.

Authority to negotiate

On the first of these two grounds, the Court found that, because the purpose of the Regulations is to give agents a share of the goodwill they generate in a principal’s business, the key question in determining whether a person is a commercial agent under the Regulations is whether the scope of his retainer includes the development of goodwill in the principal’s business.  This is a more relevant consideration than whether an agent actually participates in discussions on price or commercial terms.

In the Court’s view, WN had developed strong relationships with senior executives at De Beers, and had used these relationships to promote Pluczenik’s interests, fostering a relationship of trust and confidence between Pluczenik and De Beers, which contributed to the success of Pluczenik’s business.  WN therefore had authority to negotiate within the meaning of Regulation 2(1).

Interestingly, and somewhat surprisingly, the Court also considered that administrative functions such as invoicing, payment, packaging and transport helped maintain Pluczenik’s goodwill with De Beers, and that this was also relevant to the decision that WN was a commercial agent within the meaning of Regulation 2(1).  This potentially has implications for businesses that appoint third parties to provide logistics and shipping services.

Commodities exemption

In determining whether there is a sale on a commodity exchange or commodity market (so that Regulation 2(2)(b) applies), the Court’s view was that the focus should be on the manner and place of sale as well as the nature of the goods sold. 

In the Court’s view, the concept of a commodity sale generally (though not always) focusses on generic goods in bulk, which are indistinguishable in origin or features from other goods of the same type, and that “where generic goods are bought by description, that is a pointer towards their being bought as commodities, but the opportunity to inspect [the goods before purchase] is not fatal to their being so”.

The court held that sales of diamonds in boxes at the De Beers sights were sales on the commodity market on the grounds that: (i) it was a wholesale market in a single class of unprocessed minerals, (ii) the boxes were sold by category and description and at a fixed price, and contained a standardised selection of stones by category, (iii) the boxes were largely traded unopened and sight unseen, and (iv) the proportion of the world’s rough diamonds sold at De Beers sights (while varying over time) was always a very substantial proportion. 

On that basis, WN was not protected by the Regulations.

The Court specifically rejected the argument by Pluczenik that, in order to be a commodity, the goods in question had to be the subject of futures and options trading.

Secondary Activities

The Court also considered, briefly, the application of Regulation 2(3), which excludes from the Regulations agents whose activities are ‘secondary’.  This part of the judgment, although brief, is noteworthy in that it is one of the few cases in which an English Court has considered this exclusion.

The Court concluded that, if an activity which the agent is engaged to perform falls within the Regulations, but is secondary to another activity which the agent is engaged to perform which falls outside the Regulations, then the agent should not be regarded as a commercial agent. 

This is a useful, albeit brief, judicial clarification of what is an unclear and convoluted part of the Regulations.

How much notice of termination must be given?

Although the Court did not need to consider the issue (as it concluded that Pluczenik had no grounds to terminate the agency relationship), it nevertheless gave its views on the key factors to be taken into account in determining what constitutes ‘reasonable notice of termination’ of an agency agreement where the Regulations do not apply[2] and no notice period is specified in the agency agreement. 

These factors include: (i) custom and practice in the relevant market, (ii) the length (and formality) of the relationship, (iii) the agent’s ability to make adjustments for loss of the agency, (iv) the notice period required had the Regulations applied, and (v) the nature of the agent’s obligations. 

Weighing up each of these factors in the present case, the court concluded that a minimum of 3 months notice (or two ‘sights’ if longer) was reasonable in the circumstances.


Finally, the Court considered how an agent’s compensation for wrongful termination of an agency relationship should be calculated where the Regulations do not apply.  The Court concluded that damages are to be calculated in the same manner as a claim for compensation under Regulation 17[3] (even if the Regulations do not apply) with the important exception that any costs saved by the agent as a result of the termination of the agency should be taken into account when assessing a claim for damages under common law.


As noted above, although this case is of particular relevance to businesses operating on commodity exchanges and in the commodities market, it is of broader application to other businesses which use or operate as agencies.

Businesses operating on commodity exchanges and in the commodities market should review their existing agreements with brokers and agents to assess whether the Regulations are likely to apply.  Where they are likely to apply, businesses should consider taking steps to minimise their financial exposure on termination of these arrangements, including consideration as to whether it is better to agree with their agents that, where the Regulations apply, any payments on termination will be calculated on an ‘indemnity’ basis (where payments are capped at 1 year), rather than on a ‘compensation’ basis (where no cap applies).  Companies should bear in mind that, where an agreement is silent on which of the two alternatives apply, the uncapped compensation alternative applies by default.

In light of the Court’s view that purely administrative functions such as invoicing, packaging and transport can contribute to the goodwill between a principal and his customers, businesses who outsource any of these functions to third parties should likewise review their agreements with those third parties to assess the likelihood of the Regulations applying (particularly where the third party also contributes to goodwill in other ways) and the need to take steps (as outlined in the preceding paragraph) to minimise their financial exposure on termination.

Where an agent’s activities include activities that fall within the Regulations, and those activities are secondary in nature to other activities which are not caught by the Regulations, agents and principals should consider whether it is in their interests to include both sets of activity in the same agreement.  (The judgment in this case would appear to suggest that it is in a principal’s interest to cover both activities in the same agreement.)

The decision is also a reminder of the importance of ensuring that the key terms of an agency relationship, particularly one that is not governed by the Regulations, are agreed between the parties and properly documented.  These include termination notice periods, the grounds upon which the agreement can be terminated, and the basis of calculation of commission payments, including the extent to which an agent is entitled to commission on sales or purchases that are concluded after termination of the relationship where the agent has played a role, pre-termination, in those sales or purchases.

For further information on this article or agency or distribution agreements generally, please contact Paul O’Hare.


[2] Where the Regulations apply, an agent is entitled to one month’s notice per year of the agency agreement, up to a maximum of three months.

[3] According to the House of Lords decision in Lonsdale v Howard & Hallam Ltd [2007] 1 WLR 2055, compensation under Regulation 17 should be calculated by reference to what a hypothetical purchaser would pay for the agent’s business (assuming the agency had continued and not been terminated).

Nesta announces Open Up Challenge participants as CMA deadlines edge closer

Nesta, the innovation foundation, has announced the twenty organisations selected to participate in the Open Up Challenge.  The total prize pot is worth £5m and shall be shared amongst those participants offering the best solutions to SMEs seeking access to financial services and products, by harnessing the power of open banking APIs.

Participants are given exclusive access to the Open Up Data Sandbox containing anonymised transaction data relating to SME’s bank accounts.  This allows the participants to develop their platforms in anticipation of the government and CMA-backed scheme to standardise open banking APIs through which intermediaries will be able to access live SME transaction data in order to provide tailored services, such as credit scoring, financial intelligence and recommended lending products.

The Challenge is divided into two stages, the first of which culminates in the selection of up to 10 of the 20 participating teams, who will share in a £1m prize pot, to be chosen in December 2017.  The second stage continues through 2018, with prizes awarded in April and in September, with a further £2.5m available.

How does this timeline fit in with the open banking rules published by the CMA this year, requiring major banks in Great Britain and Northern Ireland to collect and make available a series of open and closed datasets?

CMA’s retail banking market investigation

In February 2017, the CMA instructed major retail banks in the Great Britain and Northern Ireland to make available reference information relating to certain standardised business and consumer products, and customer transaction data.

This followed a market investigation, which was carried out, between 2014 and 2016, following which the CMA published its report in November 2016. The terms of reference for the investigation included the consumer market for personal current accounts (including overdrafts) and the SME market for business current accounts, overdrafts, deposit accounts and lending products. The market investigation considered whether any feature, or combination of features, of the relevant markets prevents, restricts or distorts competition and, if so, what action should be taken.

The CMA’s report identified three types of lending products that suffer adverse effects on competition (AECs), as follows: (i) business current accounts; (ii) SME lending; and (iii) personal current accounts.

The Open Up Challenge represents part of the CMA’s response to the first and second of these AECs, that response being to facilitate the Challenge in order to stimulate directly innovations which would counter the lack of competition in business current accounts and SME lending. Such innovations are likely to include services which use the open banking APIs (see points 1 and 3 below) to allow for easier comparison between banking services through data aggregation and analysis – an activity which will be regulated and facilitated under the new PSD2 payment service category of “account information service provider” or “AISP”.

CMA open banking deadlines

The scope of the CMA rules are broader than SME lending, as they also cover consumer banking, but many of the rules are relevant to the Challenge since they are designed to help innovators such as the Challenge participants to reduce or eliminate AECs in relation to key banking services.  The main rules (affecting both business and consumer banking services) are set out below, and require banks to

1.release specified reference and product information, without charge or restriction (and which will be accessible via open banking APIs), no later than 31 March 2017, including:

 (a) reference information, including:

    (i)            branch locations and opening times;

    (ii)           ATM locations;

 (b) product information relating to personal current accounts and business current accounts and SME lending products, including:

   (i)            product prices (including credit interest);

   (ii)           fees and charges, including interest rates;

   (iii)          features and benefits;

   (iv)          the monthly maximum charge;

   (v)           terms and conditions;

   (vi)          customer eligibility criteria.

2.  specify the maximum monthly charge that could accrue on a personal current account from 2 August 2017.

3. publish rates for SME lending products (the APR for unsecured loans up to £25,000 and the EAR unsecured standard tariff business overdrafts up to £25,000) by 2 August 2017.

4. make transaction data from business current accounts and personal current accounts continuously available from the date PSD2 comes into force, being 13 January 2018.

5. collect feedback from their customers as to whether customers would recommend their banking products to others, no later than 15 January 2018.  Banks must release this data, as “service quality indicators”, from 15 August 2018.

6. automatically, and free of charge, provide transaction data relating to business current accounts and personal current accounts which are closed by the customer (covering the last 5 years’ of transactions) from 2 February 2018.

7. standardise business current account opening in terms of the information required from applicants (such as identification requirements) from 2 February 2018.

8. enrol personal current account holders into an alerts programme under which consumers are notified that they have exceeded or will exceed a pre-agreed credit limit, from 2 March 2018.

9.  offer a tool on the bank’s website enabling SMEs to obtain indicative price quotations and their eligibility for unsecured business loans and/or unsecured standard tariff business overdrafts, each up to £25,000, from 2 February 2018.  The same tool should be accessible to a minimum number of third party intermediary service providers by 2 May 2018.

Please note that these obligations apply to certain types of banks and credit products with a number of applicable exceptions.

Businesses seeking to exploit these rules should move quickly to ensure they are best placed to make the most of the opportunities they present. Banks, on the other hand, should already be working behind the scenes to ensure compliance with the deadlines set out above – some of which have already passed, and others will require significant preparation.

Equally, those seeking to take advantage of the open banking APIs to provide “account information services” from 13 January 2018 need to be registered to do so with the FCA – the application process for registration opens on 13 October 2017.

More information

For more information on the launch of the Open Up Challenge and Kemp Little’s role as its legal advisor, please click here.

For more information from Nesta on the Open Up Challenge, please click here and here.

Gambling Advertising: The Gambling Commission's revised enforcement strategy

The spotlight continues to fall on gambling advertising. All operators must comply with licence conditions and codes of practice which require them to make clear any conditions which apply to promotions and to comply with the Advertising Standards Authority’s CAP and BCAP codes of practice. Recent rulings by both the Gambling Commission and the Advertising Standards Agency (ASA) have made clear that compliance is an issue for both gambling operators and their affiliates and marketing agencies.

In May, BGO Entertainment was fined £300,000 for adverts which were found to be potentially misleading as they failed to make clear the conditions surrounding promotions. The fine related not only to adverts on BGO’s own website, but also to adverts which had appeared on its affiliates’ websites. BGO’s failure to take effective action to address these breaches of its licence raised doubts about its suitability to carry out its licensed gambling activities.

In February, the ASA upheld a compliant about a Lottoland radio advert which failed to make clear to players that they were betting on the outcome of lotteries, rather than participating in a lottery. In June the Gambling Commission also fined Lottoland £150,000 for failing to make this distinction clear in its third party marketing, website and social media promotions. The distinction is important because part of the proceeds of a lottery must go to good causes.

These advertising rules aren’t new – but the Gambling Commission’s approach to enforcement perhaps is. In its “Raising Standards” conference in November 2016, the Commission stressed that advertising was a focus area, operators are responsible for their affiliates’ actions, and the Commission was ready to take action, and it repeated this message at the ICE gambling expo in February.

On 5 July the Gambling Commission published its revised enforcement strategy which confirms the approach we are already seeing in practice. Three key points are:

  • The Commission will use all its enforcement powers – there is no longer a bias towards settlement, so licence reviews are more likely.
  • Consumers must be treated fairly, and advertising is a key part of this.
  • Penalties are likely to be higher, particularly for repeated failures.

The ASA published a short guide to key CAP Code requirements for gambling adverts on 21 July, and guidance on the Gambling Commission requirements is also available on the Commission’s website. It’s not only the Gambling Commission and the ASA who are interested – the Information Commissioner’s Office is concerned to ensure that marketing by operators and their advertisers complies with privacy rules. A key area for concern is whether recipients of marketing material have given the necessary consent - and requirements for consent are going to get tighter when the EU General Data Protection Regulation comes into effect in May 2018.

It is also critical that advertising meets social responsibility obligations. Gambling adverts must not be sent to under 18s (under 16s for lottery adverts), or to anyone who has self-excluded. Targeting an advert may be critical to its compliance. In May, a Ladbrokes advert using an image of Iron Man and referring to the film Iron Man 3 was found not to be irresponsible because, although the Iron Man character was likely to appeal to under-18s, the offer was sent only to people who had been validated as being over 18.

The recent decisions and enforcement strategy make clear that affiliate breaches of advertising or privacy rules may result in an operator being fined and, potentially, even losing its gambling operating licence. Gambling operators, and their affiliates, are expected to learn from the experiences of others. Operators will want to prevent their affiliates putting them in breach, and a right to compensation for loss incurred if they do. Affiliates will similarly want to know that the operator’s marketing material will not cause the affiliate a problem. Both parties will need a mechanism for ensuring that marketing lists are checked against self-exclusion lists and other targeting criteria. 

Lessons learned from the ICO's annual report- It is all in the numbers


The ICO released its annual report recently, which includes figures on its enforcement activities during the previous year.  So what do the figures tell us? 

Unsolicited direct marketing has been a focus for the ICO for a number of years and last year the total fines issued for breaches of PECR (the law governing direct electronic marketing) surpassed total fines issued for breaches of data protection law.  The figures show that ICO enforcement resources are being used to try to change unsolicited marketing behaviours.  The ICO issued 23 fines for breaches of direct marketing law totalling £1,923,000 (compared with 16 fines totalling £1,624,500 for breaches of the data protection principles).  The key takeaways from this is to make sure you have records of valid marketing consents, document how you meet the soft opt-in criteria (where soft opt-in is being relied upon), listen to and respond quickly to any complaints and opt-out requests.

A draft ePrivacy Regulation governing direct marketing was published in January 2017 and the proposal is for the new law to apply from 25 May 2018 (the same time as the GDPR).  This timeline is looking increasingly impossible but businesses should be aware that changes to direct marketing law is in the pipeline, which is likely to involve the higher GDPR standards of consent for direct marketing and GDPR-level fines for non-compliance.

Although fines often grab headlines, the ICO has a number of other enforcement powers, which can result in significant costs, reputational damage and operational disruption when deployed against controllers.  Last year, 52 controllers signed undertakings committing their organisation to a particular course of action.  Undertakings are not a statutory regulatory power, but the ICO has been using undertakings alongside or instead of fines to improve compliance. Undertakings are usually signed by a senior person in an organisation and can include a commitment to undertake an audit and/or complete a data protection impact assessment.  There are often quite short deadlines for compliance with undertakings (typically one – three months) and the ICO follows up to check the undertaking has been adhered to.  The ICO has also been increasing its criminal enforcement (criminal cases resulting in prosecutions were up 50% in the last year).  The ICO secured 21 convictions, 6 of which were for not registering with the ICO.  This tells us that even though controllers will no longer need to register/notify with the ICO once the GDPR starts to apply, the ICO is still enforcing the law in this area (perhaps as an easy stick to use against non-compliant controllers).  

Sector focus: HealthTech deal activity in 2017 so far

Despite political and economic uncertainty in both the US and Europe, deal activity in the HealthTech sector remained relatively strong in the first quarter of 2017. According to HealthTech Heartbeat, a quarterly market update prepared by Results International, 51 M&A transactions were recorded in the quarter with a combined disclosed deal value of approximately $11.5 billion. This shows a slight dip when compared with the same period last year, which recorded 67 deals with a combined value of approximately $15 billion.  

Private fundraising activity in Q1 was also healthy. Beauhurst, an investment data platform containing information on UK fast-growth companies, shows 48 fundraisings in the medical technology space with a combined value of £159 million (compared with 26 fundraisings with a combined value of £75.4 million in the same period last year). Activity in Q2 remained buoyant: during this period Beauhurst shows £112.9 million raised by UK fast growth companies across 47 deals.

Key high-profile deals of the year so far include:

  • McKesson’s acquisition of CoverMyMeds for $1.1 billion (Jan 17) – McKesson, a US listed healthcare company, acquired CoverMyMeds, a provider of electronic prior authorisation solutions for prescription medications. The acquisition will increase McKesson’s technology offerings to doctors, pharmaceutical manufacturers and insurers. 
  • EQT Ventures and Octopus Ventures lead $10.5 million venture investment into MyTomorrows (Jan 17) – EQT Ventures and Octopus Ventures, alongside existing backers Balderton Capital and Sofinnova Partners, invested in the Netherlands based start-up which provides patients and doctors with information on, and access to, drugs which are in development or which have been approved by regulators in other countries.
  • Philips acquisition of a minority stake in Onelife Health in a low 7-digit Series A funding round (Feb 17) – Philips, a Dutch technology company listed in Amsterdam and New York, acquired a minority interest in German start-up Onelife Health. The partnership will initially focus on Onelife’s Femisphere App, which helps expectant mothers track key biological markers, behaviours and other variables throughout their pregnancy and identify potential risks or complications. The app automatically detects changes in data to provide feedback and advice. It also supports communication and information sharing between patients and medical professionals.
  • Cambridge Innovation Capital leads $10 million Series B investment into Congenica (Feb 17) – Existing investors Cambridge Innovation Capital and Amadeus Capital Partners invested alongside Parkwalk Advisors. Congenica is a leading provider of clinical genome analysis technology based in Cambridge, UK, which has developed the Sapientia technology platform. Sapientia enables clinicians and researchers to analyse genome-scale DNA data to facilitate clinical decision making and research.
  • Invest Northern Ireland, Innovate UK, Angel CoFund and Techstart NI invest $1.3 million in BrainWaveBank seed round (Mar 17) – BrainWaveBank, based in Northern Ireland, allows individuals to measure and track their cognitive health at home using a wireless headset. The platform uses machine learning and brain-reading technologies to build a record of cognitive health over time, providing insights and advice on how individual lifestyle factors affect performance.
  • Roche’s acquisition of Austrian diabetes platform MySugr for up to $100 million (Jul 17) – Roche, a Swiss listed healthcare company and existing investor, acquired mySugr, a digital diabetes management platform for up to $100 million. While the exact sales price was undisclosed, TechCrunch comment that this could well have been amongst the biggest HealthTech exits in Europe to date. MySugr helps diabetics track blood sugar, mediations and activity levels.


In addition, the main technology giants are becoming increasingly invested in HealthTech. Google’s subsidiary Verily (formerly Google Life Sciences), an entity focussed on life sciences and HealthTech, accepted an $800 million investment from Singaporean investment firm Temasek at the beginning of the year. Apple is reportedly working on turning the iPhone into a central bank for all medical information, increasing the potential for apps to be developed to use the data. Amazon’s Echo, a voice-activated computer that answers to the name Alexa, is continuing to accumulate healthcare skills (including being able to recite instructions on how to resuscitate someone having a heart attack). As the shift to digital continues, it feels as if the disruption of the health care sector by technology is only just beginning. It’s clear that HealthTech is an exciting sector to watch as the year continues.

  • Page 3 of 25