• At Kemp Little, we are known for our ability to serve the very particular needs of a large but diverse technology client base. Our hands-on industry know-how makes us a good fit with many of the world's biggest technology and digital media businesses, yet means we are equally relevant to companies with a technology bias, in sectors such as professional services, financial services, retail, travel and healthcare.
  • Kemp Little specialises in the technology and digital media sectors and provides a range of legal services that are crucial to fast-moving, innovative businesses.Our blend of sector awareness, technical excellence and responsiveness, means we are regularly ranked as a leading firm by directories such as Legal 500, Chambers and PLC Which Lawyer. Our practice areas cover a wide range of legal issues and advice.
  • Our Commercial Technology team has established itself as one of the strongest in the UK. We are ranked in Legal 500, Chambers & Partners and PLC Which Lawyer, with four of our partners recommended.
  • Our team provides practical and commercial advice founded on years of experience and technical know-how to technology and digital media companies that need to be alert to the rules and regulations of competition law.
  • Our Corporate Practice has a reputation for delivering sound legal advice, backed up with extensive industry experience and credentials, to get the best results from technology and digital media transactions.
  • In the fast-changing world of employment law our clients need practical, commercial and cost-effective advice. They get this from our team of employment law professionals.
  • Our team of leading IP advisors deliver cost-effective, strategic and commercial advice to ensure that your IP assets are protected and leveraged to add real value to your business.
  • Our litigation practice advises on all aspects of dispute resolution, with a particular focus on ownership, exploitation and infringement of intellectual property rights and commercial disputes in the technology sector.
  • We have an industry-leading reputation for our outsourcing expertise. Our professionals deliver credible legal advice to providers and acquirers of IT and business process outsourcing (BPO) services.
  • We work alongside companies, many with disruptive technologies, that seek funding, as well as with the venture capital firms, institutional investors and corporate ventures that want to invest in exciting business opportunities.
  • Our regulatory specialists work alongside Kemp Little’s corporate and commercial professionals to help meet their compliance obligations.
  • With a service that is commercial and responsive to our clients’ needs, you will find our tax advice easy to understand, cost-effective and geared towards maximising your tax benefits.
  • At Kemp Little, we advise clients in diverse sectors where technology is fundamental to the ongoing success of their businesses.They include companies that provide technology as a service and businesses where the use of technology is key to their business model, enabling them to bring their product or service to market.
  • We bring our commercial understanding of digital business models, our legal expertise and our reputation for delivering high quality, cost-effective services to this dynamic sector.
  • Acting for market leaders and market changers within the media industry, we combine in-depth knowledge of the structural technology that underpins content delivery and the impact of digitisation on the rights of producers and consumers.
  • We understand the risks facing this sector and work with our clients to conquer those challenges. Testimony to our success is the continued growth in our team of professionals and the clients we serve.
  • We advise at the forefront of the technological intersection between life sciences and healthcare. We advise leading technology and data analytics providers, healthcare institutions as well as manufacturers of medical devices, pharmaceuticals and biotechnological products.
  • For clients operating in the online sector, our teams are structured to meet their commercial, financing, M&A, competition and regulatory, employment and intellectual property legal needs.
  • Our focus on technology makes us especially well positioned to give advice on the legal aspects of digital marketing. We advise on high-profile, multi-channel, cross-border cases and on highly complex campaigns.
  • The mobile and telecoms sector is fast changing and hugely dependent on technology advances. We help mobile and wireless and fixed telecoms clients to tackle the legal challenges that this evolving sector presents.
  • Whether ERP, Linux or Windows; software or infrastructure as a service in the cloud, in a virtualised environment, or as a mobile or service-oriented architecture, we have the experience to resolve legal issues across the spectrum of commercial computer platforms.
  • Our clients trust us to apply our solutions and know-how to help them make the best use of technology in structuring deals, mitigating key risks to their businesses and in achieving their commercial objectives.
  • We have extensive experience of advising customers and suppliers in the retail sector on technology development, licensing and supply projects, and in advising on all aspects of procurement and online operations.
  • Our legal professionals work alongside social media providers and users in relation to the commercial, privacy, data, advertising, intellectual property, employment and corporate issues that arise in this dynamic sector.
  • Our years of working alongside diverse software clients have given us an in-depth understanding of the dynamics of the software marketplace, market practice and alternative negotiating strategies.
  • Working with direct providers of travel services, including aggregators, facilitators and suppliers of transport and technology, our team has developed a unique specialist knowledge of the sector
  • Your life as an entrepreneur is full of daily challenges as you seek to grow your business. One of the key strengths of our firm is that we understand these challenges.
  • Kemp Little is trusted by some of the world’s leading luxury brands and some of the most innovative e-commerce retailers changing the face of the industry.
  • HR Bytes is an exclusive, comprehensive, online service that will provide you with a wide range of practical, insightful and current employment law information. HR Bytes members get priority booking for events, key insight and a range of employment materials for free.
  • FlightDeck is our portal designed especially with start-up and emerging technology businesses in mind to help you get your business up and running in the right way. We provide a free pack of all the things no-one tells you and things they don’t give away to get you started.

View All

Vampires, Iron Man, spread betting, free bet offers and affiliate marketing - gambling and its advertising is still a key focus area for regulators, and the sanctions can be considerable

There have been a number of recent rulings from the Advertising Standards Authority (ASA) and the Gambling Commission relating to advertising gambling.

Gambling features regularly in the ASA’s reports, suggesting that its advertising continues to be a cause for concern among consumers and so an issue for regulators. The recent ASA rulings and Gambling Commission action discussed in this note illustrate the current focus on social responsibility and in particular protection of children, as well as the ongoing emphasis on ensuring that consumers are treated fairly and the use of all enforcement powers.

Recent ASA rulings

Virgin Games: Virgin Games ran a TV advert involving a vampire called Vladimir who wanted to “live a little”. Looking for new activities to relieve his boredom after being undead for eternity, he had started playing Virgin Games. Members of the public had complained the advert was socially irresponsible by suggesting gambling would make life more thrilling, encouraging people in financial hardship to gamble and portraying gambling as a light-hearted way to pass the time when bored. After considering how and why vampires might typically spend their time, the ASA did not uphold any of the complaints. It considered it was reasonable to depict betting as a leisure activity involving an element of excitement provided it did not encourage irresponsible gambling behaviour; Vladimir spent his days watching television with the curtains closed not because of financial hardship but because he was a vampire who had to avoid daylight; joking with his girlfriend while washing up (“it’s not ketchup …”) indicated his happiness was not dependent on gaming; and the association of gambling with the phrase “live a little” was a pun on Vladimir being undead and consistent with playing Virgin Games for light amusement by betting mindful amounts of money, reinforced by the “Play Responsibly” message at the end of the advert. The ASA’s ruling is available here.

Ladbrokes: The ASA reversed its ruling last August on an advert run by Ladbrokes Betting & Gaming Ltd. An email for Ladbrokescasino included an image of Iron Man and references to the film Iron Man 3. The complaint suggested the advert was irresponsible because it was likely to have particular appeal to children. In its response Ladbrokes said that all its email offers were sent either to registered customers or to consumers who had been validated as being over 18 years of age and so the image would not have been seen by children or young people, and also argued that, based on data from attendance at Comic Con events and Facebook demographics for the Marvel brand, followers of Marvel comics and superheroes were predominantly adults. The UK Code of Non-Broadcast advertising and Direct & Promotional Marketing (the CAP Code, administered by the ASA, requires that gambling ads must not be likely to be of particular appeal to children or young people, especially by reflecting or being associated with youth culture. While recognising that the Iron Man character would appeal to many adults, the ASA considered that comic books and the availability of various related toys meant that Iron Man was likely to have particular appeal to under-18s. However, as Ladbrokes’ email was sent only to registered customers and others who had been validated as being over 18 years of age, the ASA considered that it was extremely unlikely that anybody under 18 would have seen the advert and on this basis it was not irresponsible. The ASA’s ruling is available at here.

FxPro: In contrast the ASA upheld a complaint relating to a TV advert for FxPro, an online broker providing contracts for difference (CFDs), including spread betting, where the audience had not been sufficiently limited. The advert was shown on Bloomberg TV and featured a young adult checking fluctuations in the Euro to GBP currency rate and showing the currency rate to other students. A voice-over said “What can I say, I am a risk seeker. For me, trading is about being in the moment.” and “Surfing that wave for as long as it holds. And when the price changes direction, I go back in and profit on the way down. Some say it’s too risky. For me, it’s a thrill. Fortune favours the brave, right?”. The complaint alleged the advert was irresponsible as it encouraged young adults to trade complex, high risk financial products throughout the day. Bloomberg Media, responding on its own behalf and that of FxPro, said that the advert had been shown on a specialist financial channel which was targeted at a specialist audience and included adverts for products available only to consumers who had passed a vetting process demonstrating relevant financial trading experience and  also referred to the risk warnings in the advert referring to the significant risk involved in trading CFDs. Despite this, the ASA found that the advert would appeal to young adults and students who were likely to be inexperienced in trading CFDs – the main character was a young adult who checked the status of the investment as soon as he woke up and was shown checking it again in a college setting with his friends; in the final scene he appeared to be showing the results to his friends, including a woman he then put his arm around. The ASA also considered that the advert placed undue emphasis on the potential benefits of investing in a complex financial product which involved a significant risk of loss. Accordingly it ruled that the advert was irresponsible, regardless of any pre-vetting of the audience and so breached the UK Code of Broadcast Advertising (the BCAP Code, also administered by the ASA) in relation to social responsibility and must not be broadcast again in its current form. The ASA’s ruling is available here.

The different rulings above – with the complaint against FxPro being upheld while the ruling against Ladbrokes was reversed and the complaint against Virgin Games was not upheld – shows the ASA taking a balanced view overall but also emphasises the continued regulatory focus on this area.

Gambling Commission fines BGO £300,000 for breaches relating to marketing and advertising

Advertising is also a concern for the Gambling Commission (the Commission) which recently fined BGO Entertainment £300,000 for breaches of licence conditions relating to marketing and advertising.

In June 2015 the Commission asked licensed online/mobile operators to provide information relating to their compliance with the revised Licence Conditions and Codes of Practice (the LCCP), including new requirements relating to marketing and advertising. Breach of the LCCP may lead to the Commission reviewing, suspending or revoking an operator’s licence and/or imposing a financial penalty.      

The LCCP (Social responsibility code provision 5.1.7 on marketing of offers) requires that adverts and offers, including freebet offers, are not misleading and comply with the CAP and BCAP Codes and ‘Guidance on the rules for gambling advertisements’. In particular, adverts must state significant limitations and qualifications. These rules apply to all forms of marketing communications, including social media and affiliate marketing, and the LCCP also makes clear (Social Responsibility code provision 1.1.2 on responsibility for third parties) licensees must take responsibility for third parties with whom they contract for the provision of any aspect of the licensee’s business related to the licensed activities, such as marketing affiliates and advertising networks

BGO was one of several remote operators identified as having advertising which did not comply with this LCCP requirement as its adverts did not include significant limitations and qualifications and so were potentially misleading to consumers. The Commission found that BGO failed to take prompt and effective action to address the issues identified, despite repeatedly providing assurances to the Commission that it understood the requirements and had taken action to ensure that they were met.

In May 2016, as part of measures to reassure the Commission, BGO commissioned a Copy Advice Audit of its website from CAP. This audit made several recommendations in relation to the advertisements on BGO’s website but BGO did not initially follow those recommendations. In the Commission’s view adverts on BGO’s own website continued to breach this social responsibility requirement from May until late July 2016 when BGO made the changes recommended in the audit. Even after this the Commission continued to find evidence of ongoing breaches in relation to advertising on the websites of affiliate partners in the period August to October 2016. Accordingly the Commission found that:

  • BGO had failed to act in accordance with the LCCP social responsibility provisions as BGO and its affiliates had published misleading adverts; and
  • by failing to take timely and effective action to address the breaches of the social responsibility code when these were raised by the Commission and by providing inaccurate assurances that the problems had been addressed, BGO had acted in a way which cast doubt on its suitability to carry on the licensed activities.

The Commission issued BGO with a formal warning and imposed a fine of £300,000 for breaches of the social responsibility provisions of the LCCP. Details of the Commission’s decision are available here.

The Commission is currently working with the Competitions & Markets Authority in its investigation of whether gambling operators are treating their customers fairly. The Commission and the ASA have been clear for some time that operators must take responsibility for the actions of their marketing affiliates and advertising networks. At the November 2016 Raising Standards conference, at the ICE Gaming Expo in London in February 2017 and in numerous other speeches, the Commission has consistently been clear that:

  • operators’ duty to treat customers fairly is an important theme for the Commission;
  • advertising and marketing are among the top four areas of consumer concern in relation to the gambling industry and this is a key part of treating customers fairly;
  • it is determined to use all its enforcement powers to drive a culture where operators put consumers first and to create credible deterrents; and
  • there is a likelihood of higher penalties going forward, in particular where the Commission sees systemic and repeated failings.

The Commission’s actions in relation to BGO reflect the Commission’s emphasis on fair treatment of consumers and also on the operators’ responsibility for the actions of their marketing affiliates and the Commission’s determination to use all its powers where it finds breaches of the LCCP. The industry has been warned!

GDPR and the role of the Data Protection Officer

The GDPR, which is due to come into effect on 25 May 2018, will make it mandatory for certain organisations to designate a data protection officer (‘DPO’)[1]. These are controllers and processors of personal data that are –

  • public authorities and bodies (except certain courts);
  • organisations whose core activities consist of regular and systematic monitoring of data subjects on a large scale; and
  • organisations whose core activities consist of processing special categories of data on a large scale.           

Aside from these mandatory categories laid down in the GDPR, a Member State’s law can designate DPOs in other cases, and controllers and processors outside of these categories can also appoint a DPO voluntarily. 

DPOs will play a key role in compliance with the General Data Protection Regulation (‘GDPR’) for many organisations[2] and the Article 29 Working Party has published ‘Guidelines on Data Protection Officers’[3] (‘Guidelines’) and a set of FAQs[4] that set out useful information on the professional qualities, position and tasks expected of DPOs, which we have summarised below -

The DPO must be selected on the basis of professional qualities and, in particular, expertise in national and European data protection law and practices and an in-depth understanding of the GDPR.  A higher level of expertise is required the more sensitive, complex and greater the amount of data that the organisation processes. Knowledge of the business sector and of the controller’s organisation is useful also so that the DPO understands the processing operations, information systems, data security and data protection needs. 

The DPO is expected to have certain personal qualities and knowledge - such as integrity and high professional ethics - to enable them to fulfil their tasks, and to play a key role in fostering a data protection culture within the organisation and helping to implement essential elements of the GDPR. 

The DPO’s contact details must be published and communicated to the relevant supervisory authorities so that data subjects and the supervisory authorities can contact the DPO easily, directly and confidentially. A group of undertakings can designate a single DPO so long as they are easily accessible from each establishment and are a contact point for data subjects, the supervisory authorities and within the organisation, including in the language(s) of the supervisory authorities or data subjects concerned.  As an alternative to appointing a DPO internally, an organisation could enter into a service contract with an external individual or organisation that fulfils the function of the DPO. 

The controller and processor must ensure that the DPO is involved, from the earliest stage possible, in all issues which relate to data protection. The organisation should ensure that the DPO is invited to participate regularly in meetings of senior and middle management, the DPO should be present where decisions with data protection implications are taken, and all relevant information must be given to the DPO in a timely manner in order to allow the DPO to provide adequate advice. The DPO’s opinion must always be given due weight and if an organisation disagrees with the DPO’s opinion, the reasons for not following the DPO’s advice must be documented. The controller must seek the DPO’s advice when carrying out a data protection impact assessment. 

The DPO must be given active support by senior management, the necessary resources (e.g. time, budget, infrastructure and staff) to carry out their tasks, access to personal data, processing operations and other functions within the organisation, and continuous training to stay up to date with developments in data protection. 

The DPO must also have a sufficient degree of autonomy within their organisation.  DPOs must not receive any instructions regarding the exercise of their tasks and they must be able to perform their duties and tasks in an independent manner. DPOs should not be dismissed or penalised (e.g. denied or delayed promotion, prevented from career advancement or denied benefits that other employees receive) by the controller or processor for performing their duties as a DPO. 

If the DPO has other tasks and duties, they must not cause a conflict of interests.  In particular, the DPO cannot also hold a position in the organisation in which they determine the purposes and the means of the processing of personal data (e.g. the role Head of Marketing or Head of IT would be incompatible with the role of DPO).  The structure of the organisation should be considered in each case. 

Failure to appoint a DPO in the 3 mandatory situations listed above is grounds for a fine of the greater of up to €10 million or up to 2% of total worldwide annual turnover[5].  In relation to these and other fines, the regulator will take into account any action taken by the controller or processor to mitigate the damage suffered by data subjects – this could well include being able to show that you have appointed a DPO either mandatorily or voluntarily[6]

[1] Article 37 GDPR. 

[2] See Articles 37 to 39 of the GDPR for the designation, position and tasks of a DPO. 

[3] Article 29 Data Protection Working Party Guidelines on Data Protection Officers (‘DPOs’), adopted on 13 December 2016 http://ec.europa.eu/information_society/newsroom/image/document/2016-51/wp243_en_40855.pdf

[5] Article 83(4)(a) GDPR. 

[6] Article 83(2) GDPR.  

Manifestos: What is the impact for technology businesses?

With the upcoming election on 8th June 2017, we take a look at the party manifestos for the Conservatives, the Labour Party and the Liberal Democrats, and explore how their pledges could impact tech businesses.



Liberal Democrats

Digital charter

  • A new institute of technology for world-leading digital skills developed and run in partnership with the tech industry. After leaving the EU, funds will be repatriated to a British Business Bank.

  • Legal framework to regulate the internet including working towards an international legal framework.

Digital start-ups and creatives

  • “Appoint a Digital Ambassador to liaise with technology companies to promote Britain as an attractive place for investment and provide support for start-ups to scale up to become world-class digital businesses.”

  • “We recognise the serious concern about the ‘value gap’ between producers of creative content and the digital services that profit from its use, and we will work with all sides to review the way that innovators and artists are rewarded for their work in the digital age.”

Start-ups and fast growing businesses

  • A ‘start-up allowance’ will be offered to those starting new businesses, which will support founders with living costs in the initial stages.  Fast growing businesses looking to scale up will be offered mentoring support.

  • “Build on the success of Tech City, Tech North and the Cambridge tech cluster with a network across the UK acting as incubators for technology companies.”

Broadband and mobile coverage

  • Make broadband switching easier and pricing more transparent.

  • Access to high speed broadband for all homes and businesses by 2020.

  • Rollout of 5G technology by 2022 with 95% geographic coverage.


  • “Deliver universal superfast broadband availability by 2022. Labour will improve mobile internet coverage and expand provision of free public wi-fi in city centres and on public transport.”

  • “Improve 4G coverage and invest to ensure all urban areas, as well as major roads and railways, have uninterrupted 5G coverage. On day one we will instruct the National Infrastructure Commission to report on how to roll out Ultrafast 300 Mbps across the next decade.”

Broadband and mobile coverage

  • "A programme of installing hyperfast, fibre-optic broadband across the UK.”

  • “Ensure that every property in the UK is provided, by 2022, with a superfast broadband connection with a download speed of 30Mbps, an upload speed of 6Mbps, and an unlimited usage cap.”

  • “Work with Ofcom to ensure that mobile phone companies provide fast and reliable coverage in rural areas.”


  • "£740 million of digital infrastructure investment"

  • “Smart grids will make the most efficient use of our electricity infrastructure and electric vehicles, and we will use technology to manage our airspace better to reduce noise pollution and improve capacity.”


  • “Ensure libraries are preserved for future generations and updated with wi-fi and computers to meet modern needs.”

Infrastructure and new technologies

  • Support investment in cutting-edge technologies including energy storage, smart grid technology, hydrogen technologies, offshore wind, and tidal power (including giving the go-ahead for the Swansea Bay tidal lagoon), and investing heavily in research and development.


  • Bolster the response to cyber threats on private businesses, public services, critical national infrastructure, and individuals, working with the National Cyber Security Centre.

Surveillance and cybersecurity

  • “Investigatory powers must always be both proportionate and necessary. “

  • “Reintroduce effective judicial oversight over how and when they are used, when the circumstances demand that our collective security outweighs an individual freedom.”

  • “Introduce a cyber-security charter for companies working with the Ministry of Defence.”

Surveillance, encryption and cyberwar

  • “Roll back state surveillance powers by ending the indiscriminate bulk collection of communications data, bulk hacking, and the collection of internet connection records.”

  • “Oppose Conservative attempts to undermine encryption."

  • Inform innocent people if they have been placed under surveillance (if this will not impact an investigation).

  • “Recognise the expansion of warfare into the cybersphere, by investing in our security and intelligence services and acting to counter cyberattacks.”

Personal data and social media

  • Right for information held by social media platforms to be deleted for over 18s.

  • Industry wide levy on social media and tech firms to “counter internet harms”.

  • New online identification system called ‘Verify’ will be rolled-out “so that people can identify themselves on all government online services by 2020, using their own secure data that is not held by government.”

Personal data and online abuse

  • “ensure that tech companies are obliged to take measures that further protect children and tackle online abuse. We will ensure that young people understand and are able to easily remove any content they shared on the internet before they turned 18.

Digital Bill of Rights

  • “Introduce a digital bill of rights that protects people’s powers over their own information, supports individuals over large corporations, and preserves the neutrality of the internet.”

Universities and research funding

  • New institutes of technology in every major city in England to provide STEM training and technical skills.

  • More money invested in research and development – 2.4% GDP rising to 3% over 10 years.


Education, Funding and research

  • Protect the science budget, including the recent £2 billion increase, by continuing to raise it at least in line with inflation.

  •  “Commit to build digital skills in the UK and retain coding on the national curriculum in England.”

  • Double innovation and research spending across the economy.

  • Guarantee to underwrite funding for British partners in EU-funded projects such as Horizon 2020 who would suffer from cancellation of income on Brexit.

Safety online

  • "We will continue to push the internet companies to deliver on their commitments to develop technical tools to identify and remove terrorist propaganda, to help smaller companies build their capabilities and to provide support for civil society organisations to promote alternative and counter-narratives"



Digital receipts

  • "We will oblige all digital companies to provide digital receipts, clearer terms and conditions when selling goods and services online and support new digital proofs of identification”

Ticket touts

  • [In relation to ticket touting], “Labour will enforce anti-bot legislation and implement the recommendations of the Waterson Review to ensure fair opportunities for fans to buy tickets.”



  • Every car will be zero emission by 2050.



  • “Encourage the swift take-up of electric and driverless vehicles”.


  • Corporations tax will be reduced from 20% to 17% by 2020.


  • Labour plans to increase taxation for large corporations (to 26% by 2021) and re-introduce the lower small profits rate of corporation tax for small businesses (being those with profits below £300,000).

  • It will also introduce an excessive pay levy on companies with staff on ‘very high pay’. 


Small business

In addition to the re-introduction of the lower small business corporation tax rate and increased access to lending through the National Investment Bank, Labour offers the following additional small business-focused policies:

  • reforms to business rates, including switching from RPI to CPI indexation and exempting new investment in plant and machinery from valuations;

  • exempting businesses with a turnover of under £85,000 from quarterly reporting requirements; and

  • curtailing late payments by ensuring bidders for government contracts pay their own suppliers within 30 days and developing a system of binding arbitration and pecuniary penalties for persistent late payers across private and public sectors.


  • The Liberal Democrats will reverse a number of tax cuts introduced by the Conservative Party, including the reduction in the corporations tax rate from 20% to 17%. 

  • It also plans to target corporate tax evasion and avoidance, for example by reforming corporations tax in order to benefit the smallest companies by introducing a tax that takes account of a range of economic indicators, including sales and turnover, rather than a profits-based system.  They will run a consultation process in this regard.


National Investment Bank

  • A National Investment Bank will be established with £250 billion of lending power brought in from private capital finance in order to address existing gaps in lending by private banks, particularly to small businesses.

British Business Bank

  • The activities of the British Business Bank will be expanded in order to address the capital requirements for medium-sized businesses.

Mergers and takeovers

  • The Conservatives will look to consult on updates to the rules governing mergers and takeovers.  They note that they will require bidders to be clear about their intentions from the outset of the bid process, will ensure that promises and undertakings made in the course of any bid will be legally enforceable and allow the government to pause any bid in order to allow for further scrutiny.


  • Labour plans to introduce protections for workers and pensioners in the event of a corporate take over.


Executive pay

  • The Conservatives plan to make executive pay packages subject to strict annual votes by shareholders and companies will be required to explain their pay policies, particularly any complex incentive schemes.  The use of share buybacks in this regard will be examined, in order to ensure that performance targets are not artificially met and executive pay inflated.


Board composition

  • Listed companies will be required to ensure employees’ interests are represented at board level, but either nominating a director from the workforce, creating a formal employee advisory council or assigning specific responsibility for employee representation to a designated non-executive director.  Employees will also be given the right, subject to certain restrictions, to request information relating to the future direction of the company.

Directors’ duties

  • Labour plans to amend company law so that directors owe a duty directly not only to shareholders, but to employees, customers, the environment and the wider public.


Foreign ownership

  • Where foreign-owned companies control important infrastructure (such as telecoms, defence and energy), the Conservatives plan to ensure that such ownership does not undermine British security or essential service by strengthening ministerial scrutiny and control.


  • Labour plans to double the size of the co-operative sector in the UK, with support for such businesses offered by the new National Investment Bank and regional development banks.  Labour also wants to introduce a proper legal definition for co-operative ownership.



  • The manifesto reiterates the Prime Minister’s Article 50 pledge, that existing workers’ rights would be protected following Brexit and will also be “built on”. It makes no mention of measures that will be amended or repealed as a result of exiting the EU. At the point of Brexit, the Great Repeal Bill will convert EU law into UK law.


  • Labour will also protect employment rights guaranteed under EU law after Brexit. The party has pledged to scrap the Great Repeal Bill and instead introduce an EU Rights and Protections Bill that will guarantee all existing protections afforded under EU law.


  • The LibDems will guarantee the rights of existing EU nationals in the UK, including that of EU workers.
  • The LibDems will preserve employment rights under EU law after Brexit.
  • The party intends making the final Brexit deal subject to a referendum.

The gig economy

  • Although unparticularised in the manifesto, the Tories have promised to continue with the work followed under the Taylor review, the independent evaluation commissioned last year to review employment practices, focusing on new forms of work, the rise of self-employment, the ‘gig economy’ and the disruption of traditional labour markets. The Conservatives have stated that following the review they will ensure that the interest of employees on traditional contracts, the self-employed and those working in the gig economy are all properly protected.

Zero hours contracts

  • Labour would ban zero hours contracts to ensure that every worker receives a guaranteed number of hours a week.

Zero hours contracts

  • The LibDems would ban zero hour contracts and introduce a right for workers to request a fixed-term contract.
  • They would push to introduce the requirement to make regular work patters contractual after a certain periods of employment.

Employment status

  • Labour will create new definitions for “self-employed”, “worker” and “employee”.

Self-employed people will be presumed employed unless employers can show otherwise.


Employment rights and tribunal fees

  • Labour will broaden the pool of workers entitled to employment rights, giving all workers equal rights from ‘day one’. 
  • Labour will abolish employment tribunal fees and extend the time limit for bringing maternity discrimination claims to 6 months.

Employment rights and tribunal fees

  • The LibDems would create a “good employer” kite mark obtained by paying a living wage and avoiding unpaid internships.
  • The party would abolish employment tribunal fees.

National Living Wage

  • The Tories’ manifesto confirm that the National Living Wage, which applies to workers 25 and over, will continue to increase in line with the target to reach 60% of median earnings by 2020.

National Minimum Wage

  • Labour intends to raise the national minimum wage for all workers over 18 to the level of the national living wage.  The party has also pledged to crack down on employers who refuse to pay NMW.

National Living Wage

  • The LibDems will require larger employers to publish data on workers earning less than the living wage.
  • The party will introduce an independent review into a genuine living wage.

Right to request leave

  • For employees of Company with 250 employees or more, the Conservatives have proposed the introduction of a right to request unpaid leave for training purposes.  Employers would only be under an obligation to consider such requests.
  • A new statutory right to unpaid time off would be made available for family carers. This would allow workers to take between long term leave, while retaining their employment rights and allowing a return to the same job at the end of the period.
  • The right to child bereavement leave would also be introduced but little detail of such a right has been provided.

Families and work

  • Labour has pledged to extend maternity pay to 12 months.
  • Labour intends to increase the provision of free childcare to all two year olds and to issue subsidies in addition to free-hour entitlements to allow all to access free childcare, no matter their working pattern.
  • Labour has also pledged to introduce 4 new bank holidays (St George’s Day, St David’s Day, St Andrew’s Day and St Patrick’s Day).
  • With the help of the Health and Safety Executive, the party will also attempt to introduce mandatory workplace risk assessments for pregnant women.
  • Labour has pledged to increase the rate of paternity pay and double paid paternity leave to four weeks.

Families and work

  • The LibDems will make flexible working, paternity leave and shared parental leave “day one” rights.
  • The party will extend the free childcare provision to all two year olds and to the children of all working families form the end of paid maternity/paternity/shared parental leave.
  • The LibDems would also introduce an additional one month "use it or lose it" period of shared parental leave for fathers, to encourage greater take up among men


Protecting pensions

  • The Pensions Regulator will be given new powers to scrutinise acquisitions and issue punitive fines for those found to have wilfully left a pension scheme under-resourced and, if necessary, powers to disqualify the company directors in question. The introduction of a criminal offence for directors who deliberately or recklessly put at risk the ability of a pension scheme to meet its obligations may also be introduced.

Trade unions

  • Labour will repeal Trade Union law and introduce sectoral collective bargaining.
  • It will give all workers the right to union representation.
  • Guarantee all unions access to the workplace.
  • Launch a public inquiry into blacklisting.
  • Only award public contracts to union recognising employers.
  • Introduce electronic balloting for industrial action.

Public sector

  • The Liberal Democrats will abolish the public sector 1% cap on pay rises and update wages in line with inflation.
  • The party will give greater protection to NHS whistleblowers, end the pay freeze in the NHS and guarantee the rights of all NHS and social care workers from the EU.
  • The LibDems will also introduce name-blind recruitment processes in the public sector and introduce a presumption that every public sector appointment shortlist should include at least one black, Asian or minority ethnic candidate.

Equality Act changes

The Tories have pledged that over the next ten years they will get 1 million more disabled people into work. As such the follow measures have been proposed:

  • The Equality Act will include discrimination protection against those suffering from episodic and fluctuating mental health conditions. 
  • The Tory manifesto also suggests that employers would be provided with incentives to employ “vulnerable” workers such as workers who suffer from a disability, those with mental health problems, rehabilitated criminal offenders, the long-term unemployed and former wards of the care system.

Equality Act changes

  • Labour will amend the Equality Act to make challenges to disability discrimination easier.
  • It will strengthen the Act to ensure that women are better protected against being penalised for having children through unfair redundancy.
  • Better protect transgender people by launching consultation and reform.
  • Audit all proposed legislation with reference to gender and the impact on women in the workplace.



  • The LibDems will push for at least 40% female boards in FTSE 350 companies.
  • The party will introduce Parker Review recommendations by ensuring there is ethnic minority boardroom representation.
  • The LibDems will guarantee the freedom to wear religious or cultural dress.
  • The party will outlaw caste discrimination.
  • It will also extend the law to protect individuals against gender identity and expression discrimination.
  • The LibDems will also build on gender pay gap reporting requirements to include the obligation to monitor and publish data on gender, race and sexual orientation pay gaps and employment levels.

Immigration Skills Charge

  • Companies employing migrant workers would see the Charge rise from £1,000 to £2,000 per year.

Migrant workers

  • Labour will work witjh the trade unions to ensure migrant workers are not exploited and ensure that the Modern Slavery Act is followed and enforced.



Pay and equality

  • Labour will reform pay ratios for public sector employees and abolish the 1% public sector pay gap.
  • The party will introduce an equal pay audit requirement to tackle the ethnicity gap.
  • It will also create an independent body to ensure gender pay gap reporting compliance.
  • Labour will accept the recommendations of the Parker Review to improve ethnic diversity at board level.



  • Labour intends to increase the number of apprenticeships, introducing new targets to make them more accessible, especially to those with disabilities, veterans and women.
  • The party will provide employers with more flexibility on how they use the Apprenticeship Levy.


For further information please read the full versions of the Conservative Party manifesto, the Labour Party manifesto and the Liberal Democrats manifesto or contact a member of the Kemp Little team.

Deferred prosecution agreements

On 10 April 2017, a deferred prosecution agreement (DPA) agreed between the UK Serious Fraud Office (SFO) (the body responsible for the investigation and prosecution of complex fraud and corruption in the UK) and Tesco Stores Limited was approved by the Court. This is the fourth DPA to be entered into since their introduction in February 2014, the third (and largest one to date) being agreed with Rolls-Royce on 17 January 2017.

DPAs originate from the US and are public, judge-approved agreements which involve an organisation admitting wrongdoing and typically agreeing to pay a fine and compensation as well as adhere to terms enhancing compliance procedures and ongoing co-operation. In return, prosecutors agree to suspend (and subsequently discontinue, if the terms of the DPA are complied with) criminal charges against the organisation. They are available to bodies corporate, partnerships and unincorporated associations but not to individuals. A judge must approve a DPA; they must be satisfied that it would be in the interests of justice and that its terms are fair, reasonable and proportionate in all the circumstances, including the seriousness of the offending.

This article takes a look at the DPAs agreed to date and any messages that can be taken home from them.

The wrongdoing

The four DPAs reached to date involve the following wrongdoing:

Tesco: the SFO launched a criminal investigation into accounting practices at Tesco in October 2014 after the company admitted it had overstated profits by £263m by incorrectly booking payments from suppliers over a four-month period. It later revised this overstatement to £326m.

Rolls-Royce: following the SFO investigation, it faced 12 counts of bribery, corruption and fraud, including the making of corrupt payments in India and Russia and failing to prevent bribery in Nigeria and Indonesia, taken collectively, over 24 years.

The second DPA agreement involved conspiracy to corrupt and bribe, as well as failure to prevent bribery in foreign jurisdictions, taken collectively, over a nine-year period.

ICBC Standard Bank: a single, nine-month long fundraising exercise for the government of Tanzania which amounted to failure to prevent bribery.

Self-reporting & co-operation

The first two DPAs involved corporations identifying a corruption issue and self-reporting to the SFO. This led to the theory that a company must self-report to have any chance of obtaining a DPA. However, with Rolls-Royce, the SFO actually uncovered its corruption after former employees posted allegations on social media, proving that self-reporting is not a prerequisite. Having said this, an important factor in this case was that Rolls-Royce co-operated fully with the SFO’s investigation, with Sir Edward, for the SFO, recognising “the extraordinary cooperation of Rolls-Royce”. Such co-operation entailed voluntary disclosure of internal investigations, with limited waiver of privilege over internal investigation memoranda; providing un-reviewed digital material to the SFO and co-operating with independent counsel in the resolution of privilege claims; agreeing to the use of digital methods to identify privilege issues; co-operating with the SFO’s requests in respect of the conduct of the internal investigation, to include timing of and recording of interviews and reporting of findings on a rolling basis; providing all financial data sought and fully co-operating with the assessments which had to be undertaken. In fact, the judge approving the DPA noted “the company could not have done more to expose its own misconduct, limited neither by time, jurisdiction or area of business”.   

The message: full co-operation with the SFO from an early stage will significantly improve the outcome for companies (even without a self-report) but self-reporting is still a key feature of the profile of a case suitable for resolution by DPA.

Multi-agency outcomes

The SFO liaised with the Department of Justice in the US and the Brazilian Ministério Público Federal to ensure a co-ordinated global resolution of the criminal conduct in the Rolls-Royce matter. It liaised with the FCA on the Tesco matter with the FCA choosing not to impose any financial penalty on Tesco for the civil offence of market abuse in respect of their false accounting and instead requiring Tesco to establish a compensation scheme to compensate certain net purchasers of Tesco plc ordinary shares and listed bonds during a set time period.

The message: these co-ordinated responses between national and international enforcement agencies show the SFO are willing to join up with other agencies and agree joint resolutions (where possible). This is of commercial value to an organisation under investigation as it will ensure they are not effectively punished twice for the same conduct and can provide comfort that an agreement reached in the UK will not lead to further investigations in other jurisdictions but it should also serve as a warning that the SFO is willing to share intelligence and evidence to uncover criminality and hold organisations to account.

Investigation into Individuals

Whilst the DPA suspends criminal proceedings against an organisation, it does not curtail prosecution by the SFO of the individuals responsible for the bribery, fraud or corruption in question. In fact, the SFO are said to still be investigating and considering prosecution of individuals in respect of three of the four DPAs agreed to date, with three former Tesco executives accused of fraud in relation to the accounting scandal to go on trial in September. 

Change of culture

Another key consideration in the judge’s decision to approve the DPA in the Rolls-Royce matter was that it is now a “dramatically changed organisation” as the senior management were no longer at the company. The changes at Board and management level were very important with the judge suggesting that the outcome might have been different if any of the current senior management had been implicated or been in a position where they should have been aware of the offending culture and practices. Further, the first two DPAs reached, agreed to implement anti-bribery and corruption compliance programmes showing they were committed to instigating changes and being compliant.

The message: change the Board and implement a new compliance regime to ensure similar issues do not occur again.   


A company should expect a fine, compensation, the costs of any investigation, and the costs of having to put in place monitoring procedures. This has ranged from £129 million in the case of Tesco and £497.25 million plus interest and the SFO’s costs of £13m in the Rolls-Royce case.   

These are significant financial penalties but represent a large discount on the penalty the organisations could have been awarded if they had gone to trail and been sentenced.  The DPA guidelines provide for a discount of one third, but a further discount of 16.7% was approved by Sir Leveson in the Rolls-Royce matter making a DPA an attractive option, especially given the SFO’s Joint Head of Bribery and Corruption words that “it is only right that those who do not cooperate receive the most punitive sanction available under the Sentencing Council’s Guidelines if they are convicted after trial”.

The future of DPAs

Whilst DPAs should not be regarded as the default response to allegations of corporate criminal wrongdoing, the SFO’s Joint Head of Bribery and Corruption described the disposal of corporate criminal risk through DPAs as “the new normal” which will become “increasingly common”. We will have to wait and see. 

Free advice between friends: exercise caution

In Lejonvarn v Burgess and another, the Court of Appeal upheld the first instance decision that a person who provided services to her friends, free of charge, did so on a “professional basis” and therefore assumed a duty of care in tort to exercise reasonable skill and care to them when providing such services.

The facts

Mrs Lejonvarn was an architect and good friend and former neighbour of Mr and Mrs Burgess. The Burgesses wished to landscape their garden and Mrs Lejonvarn offered to project manage the garden project, free of charge, with the intent to provide subsequent design work at a later stage for a fee. The parties never concluded a contract for the services but work began. A dispute subsequently arose between the parties as the project overran, the costs escalated and the Burgesses were unhappy with the quality of the work. The Burgesses claimed against Mrs Lejonvarn for the increased costs of completing the works (£265,000), alleging that even though there was no written contract, she had assumed a duty of care and had not fulfilled that duty.

The decision

At first instance, the court agreed that Mrs Lejonvarn had assumed a duty of care to the Burgesses in the tort of negligence to exercise reasonable skill and care when providing her project management services and was liable for damages. The formality which the parties approached the work, and the history of the Mr and Mrs Burgess relying upon Mrs Lejonvarn’s architectural skills on a number of previous occasions were important factors in the court’s decision. “This was a significant project…, and was being approached in a professional way. This was not a piece of brief ad hoc advice of the type occasionally proffered by professional people in a less formal context. Instead, the services were provided over a relatively lengthy period of time and involved considerable input and commitment on both sides. They also involved significant commercial expenditure on the part of the Burgesses. It would be wrong to categorise this as akin to a favour given without legal responsibility.”  

Mrs Lejonvarn appealed against the decision but the Court of Appeal unanimously agreed with the first instance judge. Key points from the Court of Appeal were that:

  • Mrs Lejonvarn had “assumed responsibility” for overseeing the project – she was not providing her services on an ad hoc basis but over a length of time and involving significant expense;
  • the fact that the parties had not concluded a formal contract, nor the fact that Mrs Lejonvarn was providing the services free of charge (at this stage of the project) did not prevent the conclusion that the relationship was a professional one - it was sufficient that the scope of the services for which Mrs Lejonvarn assumed responsibility were clear and identifiable;
  • Mrs Lejonvarn was under a duty to exercise reasonable skill and care in providing her professional services as an architect

The implications

This case does not suggest you should refuse a friend’s request for advice in a social context. The case distinguished between a piece of ad hoc advice volunteered by professional people in a social context and a professional relationship.  Whilst the parties were friends; Mrs Lejonvarn was providing her services in a professional context, with an expectation of future paid work and the Burgesses were relying on her performing her services properly.

Having said this, it would be sensible to exercise caution when offering friends your professional advice or providing services free of charge to current or prospective clients as this case does show that providing the advice or service for free, outside of a business context, will not necessarily mean that you will not incur potential liability. Whilst each case will turn on its own facts, it is a useful reminder to professionals to be careful if they are using their professional expertise and the person they are assisting, is relying on the expertise.

Upcoming changes to persons with significant control reporting requirements for companies

The requirements for limited companies in the UK to maintain and report information about the individuals or corporate entities who ultimately control them or otherwise exercise significant influence over their affairs (known as persons with significant control or “PSCs”), introduced in April 2016, are set to change.

The upcoming changes, to take effect from 26 June 2017, flow from the implementation by the UK of the EU Fourth Money Laundering Directive, which further develops the UK’s measures to help prevent money laundering and terrorist financing.

From 26 June, limited companies will no longer report their PSC information to Companies House annually via the confirmation statement (CS01). Instead, they will need to report to Companies House as and when there is a change to their PSC information, including:

  • when a person or corporate entity becomes or ceases to be a PSC, RLE (“relevant legal entity” – effectively the corporate equivalent of a PSC) or other registrable person in relation to the Company – for example where they acquire or dispose of shares in the company taking their ownership of the company above or below 25%;
  • when a PSC or RLE of the Company changes their details, such as their residential address (for a PSC) or registered office address (for a RLE); and
  • when the nature of control a PSC or RLE has in relation to the Company changes, for example where they acquire or dispose of shares in the company taking their ownership of the company above or below certain share ownership thresholds.

Any such changes will need to be reported to Companies House using a new suite of forms (PSC01 to PSC09). Limited companies will have 14 days to update their PSC register to reflect the relevant change and another 14 days to notify Companies House by filing the relevant form.

The changes to these requirements will also apply to limited liability partnerships.

Wood v Capita Insurance Services Ltd [2017] UKSC 24

In September 2015, we wrote an article on the Court of Appeal’s decision in Wood v Sureterm Direct Ltd & Capita Insurance Services Ltd [2015] EWCA Civ 839. To recap, the appellant (“Capita”) purchased the entire issued share capital of Sureterm Direct Ltd (“Sureterm”) from the respondent (“Wood”) and others (together, the “Sellers”). Sureterm was a specialist insurance broker, primarily operating in the classic cars market. In the sale and purchase agreement (“SPA”), the Sellers indemnified Capita against:

all actions, proceedings, losses, claims, damages, costs, charges, expenses and liabilities suffered or incurred, and all fines, compensation or remedial action or payments imposed on or required to be made by [Sureterm] following and arising out of claims or complaints registered with the FSA, the Financial Services Ombudsman or any other Authority against [Sureterm], the Sellers or any Relevant Person and which relate to the period prior to the Completion Date pertaining to any mis-selling or suspected mis-selling of any insurance or insurance related product or service."

The SPA also contained various warranties relating to Sureterm’s compliance with regulatory obligations. However, Capita had a period of two years from completion to bring a claim under the warranties, but had not done so.

Shortly after completion, some of Sureterm’s employees raised concerns about the company’s sales processes. In particular, it transpired that after customers had received quotes on comparison sites, the company was increasing its own arrangement fees when neither the underwriting premium nor the risk profile had changed significantly. An internal review carried out by Sureterm revealed that telephone operators had misled customers and, to comply with regulatory obligations, the company informed the then Financial Services Authority (“FSA”). The FSA, Capita and Sureterm agreed to conduct a remediation scheme to compensate the customers who were affected by the mis-selling. Capita brought a claim under the indemnity against the Sellers for around £2.4 million, which included the compensation, interest and costs of the remediation scheme.

The Court of Appeal, overturning the High Court, decided that the indemnity did not cover Capita’s losses as they did not result from “claims or complaints registered with the FSA […]”. Rather, the losses resulted from information which Sureterm and Capita had provided to the FSA following the internal review. The Court of Appeal also placed emphasis on the fact that Capita had other remedies available to it under the SPA for the mis-selling (in the form of a warranty claim) and on the structure of the drafting of the indemnity.

The Supreme Court dismissed Capita’s appeal, upholding the Court of Appeal decision. The Court commented that “textualism and contextualism are not conflicting paradigms in a battle for exclusive occupation of the field of contractual interpretation”; both can be used as “tools to ascertain the objective meaning of the language which the parties have chosen to express their agreement”. The Court agreed that the structure of the clause suggested that the indemnity was only intended to cover losses resulting from “claims or complaints registered with the FSA […]”. Most significantly to Lord Hodge (who gave the lead judgement), the wording “following and arising out of claims or complaints registered with the FSA […]” would serve no purpose by restricting the source of loss and damage if it only applied to “all fines, compensation or remedial action [...]” and did not also operate to restrict the wording at the beginning of the clause (“all actions, proceedings, losses, claims, damages […]”). After analysing the drafting, in line with the approach discussed earlier in the judgement, the court turned to the commercial context and practical consequences of the rival interpretations. Lord Hodge commented, at paragraph 40 of the judgement, that:

the general purpose of clause 7.11 to indemnify Capita and its group against losses occasioned by mis-selling is clear. Had clause 7.11 stood on its own, the requirement of a claim or complaint by a customer and the exclusion of loss caused by regulatory action which was otherwise unprompted might have appeared anomalous”.

However, the Sellers had also given Capita wide-ranging warranties, which probably covered the relevant loss. Capita had two years to bring a warranty claim, which was not an unreasonable time period to examine Sureterm’s sales practices and uncover any regulatory breaches (Capita had sent the findings of its internal review to the FSA within 20 months). On this basis, it was not the Court’s job to improve Capita’s bargain just because it had failed to bring a warranty claim within the requisite time period.

The case highlights the considerable leeway available to the Court in interpreting a commercial contract. It’s clear that the textualist and contextualist approaches seen in recent cases are not to be viewed as mutually exclusive, but rather as tools to be chosen by the Court depending on the circumstances of the case. In this case, although the court placed much emphasis on the drafting of the indemnity, significant weight was also given to the fact that Capita would have also had a warranty claim had they brought it on time. Lord Hodge’s comment at paragraph 40 (excerpted above) suggests that the Court’s decision might have been different had this not been the case. As always, the decision is a reminder that indemnities will often be narrowly construed and should be considered carefully by lawyers, both in relation to the wording of the clause and in the wider context of the agreement as a whole.

BEIS Committee recommendations on executive pay

The House of Commons Business, Energy and Industrial Strategy Committee (the Committee) has recently published their third report on corporate governance. The report deals with several topics on corporate governance including directors' duties, directors' remuneration and board composition.  The Committee sets out the factors, such as globalisation, scarcity of talent, lack of shareholder engagement, remuneration committees not able or willing to challenge excessive pay awards, weak board and executive greed, that have contributed to increasing rates of executive pay.  The report also contains a number of specific recommendations. This article summarises the report's recommendation on executive pay.

  1. Bonuses: The Committee believes that there is a place for bonuses as part of remuneration package, provided that they are used to incentivise performance, rather than provide an additional reward for routine achievement, and that such bonuses do not represent an unjustifiably high proportion of the package as a whole. Therefore, the Committee recommends that companies make it their policy to align bonuses with broader corporate responsibilities and company objectives and take steps to ensure that they are genuinely stretching.
  1. Long-term incentive plans (LTIPs):  LTIPs have traditionally been complex which has made the process of negotiating pay awards difficult for remuneration committees. The Committee highlights the concern that LTIPs have been used to avoid publishing a headline figure for salary which would be widely thought unacceptable. The Committee, therefore, recommends that LTIPs should be phased out as soon as possible and that no new LTIPs should be agreed from the start of 2018 and existing agreements should not be renewed. The Committee has further considered the advantages of deferred stock options and recommends that the Financial Reporting Council (FRC) consults with stakeholders with a view to amending the UK Corporate Governance Code (the Code) to establish deferred stock rather than LTIPs as best practice in terms of incentivising long-term decision making.
  1. Shareholder engagement on pay: The overall pay levels for executives have been ratcheted up to levels so high that it is impossible to observe a credible link between pay and performance. The Committee notes that deeper engagement with shareholders alone may not be a powerful driver of pay restraint and that the most straightforward measure is to make the shareholder vote on executive pay binding rather than advisory. Therefore, the Committee recommends that the FRC revise the Code to include a requirement for a binding vote on executive pay awards the following year in the event of there being a vote against such a vote over 25 per cent of votes cast. The Committee also adds that this requirement should be included in legislation at the next opportunity,
  1. Remuneration Committees: The Committee considers that employee representation on remuneration committees would represent a powerful signal on company culture and commitment to fair pay, and that such an option should be included in the Code. The Committee also notes that the lack of strong leadership in the remuneration committee has contributed to the rise in executive pay.  Therefore, the Committee recommends that any Chair of a remuneration committee should normally have served on the committee for at least one year previously. To further incentivise strong engagement, the Committee recommends that the Chair of a remuneration committee be expected to resign if their proposals do not receive the backing of 75 per cent of voting shareholders.
  1. Reporting on pay and people policy: The Committee recognises that reporting on pay is too complex, unclear and unhelpful for the purposes of wider comparison.  Greater clarity is required to improve compatibility and accountability, and in turn to build trust. Also, the Committee recommends that companies should set out clearly their people policy, including the rationale for the employment model used, their overall approach to investing in and rewarding employees at all levels throughout the company, as well as reporting clearly on remunerations levels on a consistent basis. The Committee further recommends that the FRC should consult with relevant bodies to work up guidance on implementing this recommendation for inclusion in the Code.
  1. Publication of pay ratios:  The Committee recommends that: (i) the FRC should work with other relevant shareholders on the details and amends the Code to require the publication of pay ratios between the CEO and both senior executives and all UK employees; and (ii) the Government should require that equivalent pay ratios should be published by public sector and third sector bodies above a specified size.

In conclusion, the Committee agrees with the wider view that executive pay is causing damage to the generally good reputation of British business. However, in a global and market based economy in which UK companies compete for the best talent, the Committee does not believe that it would be helpful for Government to intervene directly.  Instead, the Committee has set out the above recommendations in its report which it believes is required to make any progress in rebuilding public trust in this matter.

What is fairness in an algorithmic world?

On 1 March 2017, the Information Commissioner’s Office (ICO) released its updated paper on big data, artificial intelligence, machine learning and data protection (2017 Paper). The aim of the paper is to explore the data protection implications of these technologies and the debate around how artificial intelligence and big data will potentially impact on individuals, and through this they are hoping to set the agenda for the development of market practices.

The ICO recognises the potential benefits of big data, artificial intelligence and machine learning, but emphasises that they should not be at the expense of data protection, and that people should be treated fairly and decisions about them should be accurate and free from bias. The ICO discusses criticism of the traditional “notice and choice” model of data protection, whereby information as to data and purposes is given and consent obtained before processing commences. This is much harder to reconcile with the key features of big data analytics: the use of algorithms, the opacity of processing, the use of new types of data (in particular derived rather than submitted data) and the reversed workflow of big data analytics, which promotes the collection of data first and then identifying new purposes for using the data later. The 2017 Paper attempts to navigate a path through the tensions between these features and data protection legislation.

The paper is lengthy and cites many academic and industry articles, but for the purposes of this short article we will pick up on the key challenges posed to the fairness requirements, and consider how businesses can take steps to address some of these concerns.


Fairness is enshrined in the First Principle of the Data Protection Act 1998 (DP Act) and repeated in Article 5(1)(a) of the General Data Protection Regulation (GDPR). The ICO examines fairness with respect to the effects of the processing on the individuals, their expectations as to how their data will be used and the transparency of the processing.


One of the key advantages of algorithmic processing of large data sets is that it can identify correlations between seemingly unrelated data points. This can generate efficiencies and new insights. However, depending on the purpose, the effects can potentially be unfair. The ICO cites instances where individuals have been tarred by association, for example people’s credit limits being lowered based on an analysis of the poor repayment histories of other people who shopped at the same shops as them. However, the ICO considers the same type of processing may be beneficial at a social level in the insurance industry, to divide people into different risk groupings, even if that means some individuals end up with higher insurance premiums – provided this is in fact a more accurate assessment of the risk.

However, care should be taken, as we have heard of instances that would not seem to meet “fair and lawful processing”. Towards the end of last year, a paper was presented on AI, robotics, privacy and DP at the 38th International Privacy Conference which highlighted biases that had been seen in the use of artificial intelligence, e.g. a study by Carnegie Mellon University found that an ad-targeting algorithm was discriminatory, with searches returning higher paid jobs for men compared with women visiting job sites.

Transparency: The 2017 Paper identifies the difficulties experienced with the care.data project as an example of a situation where opacity about the processing of personal data led to a lack of public trust. The complexity of big data analytics, the fact that in many situations it is not apparent that data is being collected (e.g. mobile phone location) or how it is being processed all make it difficult for individuals to perceive and assess the processing of their data. This is particularly important where it is unclear how the processing of certain data leads to a particular decision being taken about the individual, for example where social media data is used in credit-scoring.

In more traditional uses of data, a business would first define its purposes and then collect and process the data. In the big data model, the data is collected first, processed to reveal correlations and then a purpose is identified. As the original data controller may have generated insights in a completely unrelated business, it may seek to sell its data set or provide its insights as a service. In each case, it would need to ensure that it complies with the DP Act (and in the future, the GDPR), including that such processing of personal data is transparent (e.g. by serving fair processing notices).

Expectations: In terms of individuals’ expectations, the ICO takes quite an ambivalent approach, acknowledging that many people simply provide data because it is the price of using Internet services. The 2017 Paper includes statistics from a number of studies demonstrating varying levels of concern for data privacy among respondents, but in a number of studies the ICO identifies the themes of “a feeling of resignation despite a general lack of trust, combined with a willingness for data to be used for socially useful purposes”. This isn’t addressed directly in the 2017 Paper, but perhaps reveals a fundamental challenge for data protection legislation – that individuals judge data processing primarily on its outcomes, as these are understandable and capable of assessment by the lay person. Interpreting a lengthy privacy notice, the relevant security standards and various potential disclosures takes a great deal of effort to be translated into real effects and outcomes for the individual. But this then raises the question, how do we as a society assess and police fair outcomes?

Algorithmic transparency: In response, the ICO promotes the concepts of algorithmic accountability and transparency to ensure that artificial intelligence and algorithms developed by machine learning systems work as originally intended and do not produce discriminatory, erroneous or unjustified results. One approach is algorithmic auditing, which first requires developers to incorporate processes into the algorithms to enable an audit, and then for independent third party auditors to carry out regular audits. The ICO compares this to a financial audit which is carried out in confidence to protect proprietary information, but then used to provide public assurance.

An alternative would be for the algorithm to contain the functionality to report on its own development. Through natural language generation, the algorithm could produce output text that explains why particular input cases were classified in a certain way. This could be useful in debugging and also as part of a product offering, with the ICO citing products that use visualisation methods to enable users to see why recommendations had been made for them and to review them to create more accurate recommendations.

Similarly, if users are given access to their profiles, they can review and correct them. This data correction effort by the user would have a dual benefit of demonstrating satisfaction of the GDPR accuracy principle (and aiding transparency) and also has the advantage of improving the algorithm with more accurate data and corrective input from a human.

The ICO cites the Big Data Ethics Initiative and other public and private sector organisations that have established ethical principles in relation to the processing of personal data, and views such principles as helpful in addressing the key issues of fairness and transparency, particularly if backed up by an ethics board with the powers to enforce them. Examples of these principles include the simple litmus test: “would you want the data of a member of your family to be used in this way?”

Ultimately, the ICO considers that “developing ethical principles and frameworks for big data is a job for data controllers rather than data protection authorities” (paragraph 181). We have seen these sorts of ethical frameworks being deployed in the healthcare sector where there is mass-processing of sensitive health data, but we expect similar principles to be adopted across other industries as the market develops.


The ICO acknowledges that the focus on accountability will not by itself resolve the data protection issues with big data and algorithmic processing, but it believes it will be a key part of future developments. The ICO emphasises that transparency remains an important aspect, and recommends adopting a more “layered” approach to provide information at an appropriate level of detail, depending on when the purposes of collecting and processing emerge and to reflect the sophistication of the reader (for example, regulators should be given a greater level of detail).

Implicit in the 2017 Paper is the acknowledgement that the data protection legislative framework, including the GDPR, may not be sufficient to obviate the potential misuse of personal data through big data and algorithmic processing. Although the technology and techniques are not themselves new, the inversion of the process through processing data first and defining purposes afterwards and the mantra of “correlation is king” pose challenges to the current regulatory framework and the requirement of fairness. The ICO believes the best way forwards is for industry to establish common standards and oversight processes, including ethical principles. However, fairness is inherently a political concept involved with weighing competing societal interests. As famously put by Lawrence Lessig, “code is law”, so this may be an area in which government may come to regulate in the future.

Putting the IC's guidance in to practice

The ICO recommends a number of steps that businesses can take to address concerns with data processing in a big data and artificial intelligence context:

  • Anonymisation: in a big data context, truly anonymised data can be difficult as enough data about an individual when viewed together may be sufficient to identify that individual. However, organisations that are able to use pseudonymous or anonymous data wherever possible will be in a far safer position
  • Privacy notices: taking an innovative approach to privacy notices will most importantly help them be noticed and read by users, especially if provided in a meaningful format at appropriate stages. Such innovations may include increased use of icons, just-in-time notifications and layered privacy notices 
  • Privacy impact assessments: these should be embedded into big data processing activities to identify privacy risks as projects develop, with input from a range of key stakeholders (including the potential data subjects)
  • Privacy by Design: as required by the GDPR, Privacy by Design is a key consideration for big data projects, and data security, data minimisation and data segregation should be considered at the outset of any big data project
  • Transparency and accountability: the changes introduced by the GDPR shift the focus onto data governance. Whether this involves a set of big data principles, an ethics board, auditable algorithms or any other measures, organisations will need to establish clear governance processes and oversight over data processing to ensure accountability and champion transparency.

This article first appeared in Privacy Laws and Business.

FCA sets out plans for fintech

The Financial Conduct Authority has set out its plans to encourage competition and support innovation in fintech in its Business Plan for 2017/18.

In addition to continuing to support fintech through Project Innovate and the regulatory sandbox, the FCA is also planning several activities over the coming financial year.

Regtech innovation: The FCA is keen to promote new technologies that increase regulatory compliance and reduce costs. These regtech technologies include solutions that help firms with regulatory reporting, increase access to financial services, and improve real-time monitoring and surveillance.

Automated advice services: The FCA will continue to offer support, through its Advice Unit, to firms planning to offer robo-advice to the mass market. The FCA plans to publish guidance to help firms develop effective and compliant robo-advice services.

International ties and regional hubs: The FCA will continue to build relationships with fintech regulators in other states, as well as working more closely with regional fintech clusters.

New bank start-ups: The FCA will continue to support firms that are new to the banking sector, through its New Bank Start-Up Unit

The FCA recognises the positive potential of fintech in a number of areas, such as the use of distributed ledger technology to storing customer data for the purposes of anti-money laundering compliance and the use of application programming interfaces (APIs) to allow third parties to access customers' bank account data in accordance with the Second Payment Services Directive (PSD2).

However the FCA also warns that, if not managed well, fintech can lead to additional risk in the financial system. In particular it has emphasised the need to ensure good governance of firms’ IT systems and proper implementation of change management projects, especially when dealing with legacy systems. Further, the FCA has announced a number of measures to address the increased threat of cyber-attacks and fraud.

  • Page 5 of 25