Employee Monitoring
The European Court of Human Rights has ruled that,
on the particular facts, the monitoring of an employee’s electronic
communications amounted to a breach of his right to private life and
correspondence
The case of Barbulescu v. Romania (application
no. 61496/08) concerned the decision of a private company to dismiss an
employee after monitoring his electronic communications and accessing their
contents, and the alleged failure of the domestic courts to protect his right
to respect for his private life and correspondence.
The Grand Chamber of the European Court of Human
Rights has held, by eleven votes to six, that there had been a violation of
Article 8 (right to respect for private and family life, the home and
correspondence) of the ECHR. The Court concluded that the national authorities
had not adequately protected Mr Barbulescu’s right to respect for his private
life and correspondence. They had consequently failed to strike a fair balance
between the interests at stake.
In particular, the national courts had failed to
determine whether Mr Barbulescu had received prior notice from his employer of
the possibility that his communications might be monitored; nor had they had
regard either to the fact that he had not been informed of the nature or the
extent of the monitoring, or the degree of intrusion into his private life and
correspondence. In addition, the national courts had failed to determine,
firstly, the specific reasons justifying the introduction of the monitoring
measures; secondly, whether the employer could have used measures entailing
less intrusion into Mr Barbulescu’s private life and correspondence; and
thirdly, whether the communications might have been accessed without his
knowledge.
Intel Avoids Fine
The CJEU has set aside a
judgment of the General Court on the Intel fine for breach of competition law. In Case
C-413/14 P Intel v EU Commission, the
Court referred one element of the Intel case back to the General Court to
consider further Intel’s argument that rebates it offered did not have an
anti-competitive effect.
The case concerns a fine of €1.06 billion imposed
by the EU Commission on Intel for having abused its dominant position on x86
CPUs from October 2002 to December 2007. Intel offered prominent manufacturers
of computers ‘loyalty rebates’ which had the effect of stifling competition.
When Intel appealed to the General Court, that
court supported the Commission view that loyalty rebates granted by an
undertaking in a dominant position were, by their very nature, capable of
restricting competition such that an analysis of all the circumstances of the
case and, in particular, an as efficient competitor test (‘AEC test’) were not
necessary.
The General Court ruling was appealed by Intel to
the CJEU. While the CJEU rejects Intel’s arguments alleging that the Commission
lacked territorial jurisdiction to penalise the abuse and its allegations of
procedural irregularities, it has taken the view that the General Court failed
to examine all of Intel’s arguments concerning the capacity of the rebates to
restrict competition. In particular, the CJEU notes that, while the Commission
emphasised that the rebates at issue were by their very nature capable of
restricting competition, it nevertheless carried out an in-depth examination of
the circumstances of the case in its decision and the AEC test played an
important role in the assessment of whether the rebate scheme was capable of
having foreclosure effects on as efficient competitors. The CJEU has held that
the General Court was therefore required to examine all of Intel’s arguments
concerning that test (such as, inter alia, the errors allegedly committed by
the Commission as regards that test), which the General Court failed to do. The
General Court’s judgment is set aside as a result of that failure and the
General Court must now examine, in the light of the arguments put forward by
Intel, whether the rebates at issue are capable of restricting competition.
None of this means that Intel avoids the fine;
indeed, it seems likely that it will still be upheld.
High Court Judgment on Limited Liability
The High Court has given judgment on preliminary
issues affecting terms of a contract for IT services which sought to limit
liability. The judge’s views on the limitation of liability clauses might tempt
readers to tighten up their drafting.
In The Royal
Devon and Exeter NHS Foundation Trust v ATOS IT Services UK Ltd [2017] EWHC 2197
(TCC) Mrs Justice O’Farrell DBE addressed two preliminary issues in a
dispute regarding a contract for the provision of health record
scanning, electronic document management and associated services. The contract
was worth almost £5m and was to run for five years.
The Royal Devon and Exeter NHS Trust was unhappy
with the system performance and, three years into the contract, invoked the
dispute resolution process, eventually terminating ATOS’s services and claiming
£7.9 million in damages for breach of contract. The Trust claimed damages for wasted expenditure consequent on its acceptance of
ATOS’s repudiatory breach and claimed that the contractual provision limiting the liability
of the parties was unenforceable for ambiguity or uncertainty. ATOS considered that damages for wasted expenditure were expressly
or impliedly excluded by the contract, as lost profits, business, anticipated
savings, or indirect or consequential loss or damage and that any damages are
subject to a valid and enforceable liability. Any liability on the part of
ATOS was disputed as was quantum but, for the purpose of determining the
preliminary issues, it was assumed that the Trust could make its case in other
respects.
The limited liability provision that was at the
core of the dispute (clause 8.1.2) provided:
‘(a) the liability of either party under the
Contract for any one Default resulting in direct loss of or damage to tangible
property of the other party or any series of connected Defaults resulting in or
contributing to the loss of or damage to the tangible property of the other
party shall not exceed the figure set out in schedule G;
(b) the aggregate liability of either party under
the Contract for all Defaults, other than those governed by sub-clause 8.1.2
(a) above, shall not exceed the amount stated in schedule G to be the limit of
such liability.’
Schedule G (para 9) provided:
Paragraph 9.1
The aggregate liability of the Contractor in
accordance with sub-clause 8.1.2 paragraph (a) shall not exceed the sum of two
million pounds.
Paragraph 9.2
The aggregate liability of the Contractor in
accordance with sub-clause 8.1.2 paragraph (b) shall not exceed:
9.2.1 for any claim arising in the first 12 months
of the term of the Contract, the Total Contract Price as set out in section
1.1; or
9.2.2 for claims arising after the first 12 months
of the Contract, the total Contract Charges paid in the 12 months prior to the
date of that claim.
There was a further restriction on liability in
clause 8.1.3:
‘(a) Without prejudice to the generality of
sub-clause 8.1.1 neither party shall be liable to the other for:
(i) loss of profits, or of business, or of
revenue, or of goodwill, or of anticipated savings; and/or
(ii) indirect or consequential loss or damage;
and/or
(iii) specific performance of the Contract unless
expressly agreed by the parties to be applicable in schedule G.
(b) The provisions of sub-clause 8.1.3(a) shall
not be taken as excluding or limiting the Authority’s right under the Contract
to claim for any of the following which results from a Default by the
Contractor provided the Authority has made all reasonable efforts to mitigate
such results:
(i) costs and expenses which would not otherwise
have been incurred by the Authority including, without limiting the generality
of the foregoing, costs relating to the time spent by the Authority’s
executives and employees in dealing with the consequences of the Default;
(ii) expenditure or charges paid by the Authority
which would not otherwise have been incurred or would have ceased or would not
have recurred;
(iii) costs, expenses and charges resulting from
the loss or corruption of the date or Software owned by or under the control of
the Authority, in accordance with sub-clause 13.4.2 provided that the
Contractor’s liability shall be limited to costs, expenses and charges
associated with re-constituting such data or Software and returning it to a
fully operational state insofar as it is inherently capable of being
re-constituted.
(c) Any liability of the Contractor resulting from
a claim under sub-clause 8.1.3(b) shall be subject to limitation in accordance
with sub-clause 8.1.2.’
Finding on the first preliminary issue that clause
8.1.3(a) did not block the Trust’s claim, Mrs Justice O’Farrell stated (at
[59]-[69]):
The judge’s attention then turned to the second
preliminary issue and the wording of Schedule G, para 9, which she said ‘is not drafted with precision’ but she had to determine ‘whether it
can be made to make sense with sufficient clarity and certainty to make it
enforceable’. While ‘the words used could give rise to
competing interpretations, one of which makes commercial sense and the other
does not, it is open to the court to prefer the interpretation that makes
commercial sense’. The conclusion the judge reached was that clause
8.1.2(b) and paragraph 9.2 of Schedule G, taken together, provided a valid and
enforceable limitation of liability so that there is one aggregate cap on the
liability of ATOS for all defaults encompassed by clause 8.1.2(b), namely
either the total contract price or the amount paid in the preceding 12 months.
CJEU Declares EU/Canada PNR Agreement Invalid
The Court of Justice of the European Union has
declared that the agreement envisaged between the EU and Canada on the transfer
of Passenger Name Record data may not be concluded in its current form, stating
that several provisions of the draft agreement do not accord with fundamental
rights recognised by the EU
Background
The EU and Canada negotiated an agreement on the
transfer and processing of Passenger Name Record data (PNR agreement) which was
signed in 2014. The Council of the European Union requested the European
Parliament’s approval of the agreement, and the European Parliament decided to
refer the matter to the Court of Justice in order to ascertain whether the
envisaged agreement was compatible with EU law and, in particular, with
provisions relating to respect for private life and the protection of personal
data.
Opinion
The answer given by the Court in Opinion
1/15 (26 July 2017) is that the PNR agreement may not be concluded in its
current form because several of its provisions are incompatible with the
fundamental rights recognised by the EU. The envisaged agreement permits the
systematic and continuous transfer of PNR data of all air passengers to a
Canadian authority with a view to that data being used and retained, and
possibly transferred subsequently to other authorities and to other non-member
countries, for the purpose of combating terrorism and forms of serious
transnational crime. To that end, the envisaged agreement, amongst other
things, provides for a data storage period of five years and lays down
requirements in relation to PNR data security and integrity, immediate masking
of sensitive data, rights of access to and correction and erasure of data, and
for the possibility of administrative and judicial redress.
The Court considered that the agreement should:
·
·
determine in a clearer and more precise manner certain of the PNR data to be
transferred;
·
·
provide that the models and criteria used for the automated processing of PNR
data will be specific, reliable and non-discriminatory;
·
·
provide that the databases used will be limited to those used by Canada in
relation to the fight against terrorism and serious transnational crime;
·
·
provide that PNR data may be disclosed by the Canadian authorities to the
government authorities of a non-EU country only if there is an agreement
between the EU and that country equivalent to the envisaged agreement or a decision
of the European Commission in that field;
·
·
provide for a right to individual notification for air passengers in the event
of use of PNR data concerning them during their stay in Canada and after their
departure from that country, and in the event of disclosure of that data to
other authorities or to individuals;
·
·
guarantee that the oversight of the rules relating to the protection of air
passengers with regard to the processing of their PNR data is carried out by an
independent supervisory authority.
Tax Data, Privacy and Freedom of Expression
The European Court of Human Rights has ruled that
banning the mass publication of personal tax data in Finland did not violate
the right to freedom of expression.
Satakunnan Markkinapörssi Oy and Satamedia
Oy v Finland (application no. 931/13) concerns two companies which
had published the personal tax information of 1.2 million people. The domestic
Finnish authorities ruled that such wholesale publication of personal data had
been unlawful under data protection laws and barred such mass publications in
future. The companies complained to the European Court of Human Rights that the
ban had violated their right to freedom of expression. The Court has now held,
by a majority of 15 to 2, that there had been no violation of Article 10
(freedom of expression) of the European Convention on Human Rights. The Court
held that the ban had interfered with the companies’ freedom of expression.
However, it had not violated Article 10 because it had been in accordance with
the law, it had pursued the legitimate aim of protecting individuals’ privacy,
and it had struck a fair balance between the right to privacy and the right to
freedom of expression. In particular, the Court agreed with the conclusion of
the domestic courts: the mass collection and wholesale dissemination of
taxation data had not contributed to a debate of public interest, and had not
been for a solely journalistic purpose.
