Note: This article was created for the printed magazine. These are edited versions of some of the cases reported on the SCL site over recent months which are not covered by articles in this edition. Fuller reports are available on the SCL website.
The European Court of Human Rights has ruled that, on the particular facts, the monitoring of an employee’s electronic communications amounted to a breach of his right to private life and correspondence
The case of Barbulescu v. Romania (application no. 61496/08) concerned the decision of a private company to dismiss an employee after monitoring his electronic communications and accessing their contents, and the alleged failure of the domestic courts to protect his right to respect for his private life and correspondence.
The Grand Chamber of the European Court of Human Rights has held, by eleven votes to six, that there had been a violation of Article 8 (right to respect for private and family life, the home and correspondence) of the ECHR. The Court concluded that the national authorities had not adequately protected Mr Barbulescu’s right to respect for his private life and correspondence. They had consequently failed to strike a fair balance between the interests at stake.
In particular, the national courts had failed to determine whether Mr Barbulescu had received prior notice from his employer of the possibility that his communications might be monitored; nor had they had regard either to the fact that he had not been informed of the nature or the extent of the monitoring, or the degree of intrusion into his private life and correspondence. In addition, the national courts had failed to determine, firstly, the specific reasons justifying the introduction of the monitoring measures; secondly, whether the employer could have used measures entailing less intrusion into Mr Barbulescu’s private life and correspondence; and thirdly, whether the communications might have been accessed without his knowledge.
Intel Avoids Fine
The CJEU has set aside a judgment of the General Court on the Intel fine for breach of competition law. In Case C-413/14 P Intel v EU Commission, the Court referred one element of the Intel case back to the General Court to consider further Intel’s argument that rebates it offered did not have an anti-competitive effect.
The case concerns a fine of €1.06 billion imposed by the EU Commission on Intel for having abused its dominant position on x86 CPUs from October 2002 to December 2007. Intel offered prominent manufacturers of computers ‘loyalty rebates’ which had the effect of stifling competition.
When Intel appealed to the General Court, that court supported the Commission view that loyalty rebates granted by an undertaking in a dominant position were, by their very nature, capable of restricting competition such that an analysis of all the circumstances of the case and, in particular, an as efficient competitor test (‘AEC test’) were not necessary.
The General Court ruling was appealed by Intel to the CJEU. While the CJEU rejects Intel’s arguments alleging that the Commission lacked territorial jurisdiction to penalise the abuse and its allegations of procedural irregularities, it has taken the view that the General Court failed to examine all of Intel’s arguments concerning the capacity of the rebates to restrict competition. In particular, the CJEU notes that, while the Commission emphasised that the rebates at issue were by their very nature capable of restricting competition, it nevertheless carried out an in-depth examination of the circumstances of the case in its decision and the AEC test played an important role in the assessment of whether the rebate scheme was capable of having foreclosure effects on as efficient competitors. The CJEU has held that the General Court was therefore required to examine all of Intel’s arguments concerning that test (such as, inter alia, the errors allegedly committed by the Commission as regards that test), which the General Court failed to do. The General Court’s judgment is set aside as a result of that failure and the General Court must now examine, in the light of the arguments put forward by Intel, whether the rebates at issue are capable of restricting competition.
None of this means that Intel avoids the fine; indeed, it seems likely that it will still be upheld.
High Court Judgment on Limited Liability
The High Court has given judgment on preliminary issues affecting terms of a contract for IT services which sought to limit liability. The judge’s views on the limitation of liability clauses might tempt readers to tighten up their drafting.
In The Royal Devon and Exeter NHS Foundation Trust v ATOS IT Services UK Ltd  EWHC 2197 (TCC) Mrs Justice O’Farrell DBE addressed two preliminary issues in a dispute regarding a contract for the provision of health record scanning, electronic document management and associated services. The contract was worth almost £5m and was to run for five years.
The Royal Devon and Exeter NHS Trust was unhappy with the system performance and, three years into the contract, invoked the dispute resolution process, eventually terminating ATOS’s services and claiming £7.9 million in damages for breach of contract. The Trust claimed damages for wasted expenditure consequent on its acceptance of ATOS's repudiatory breach and claimed that the contractual provision limiting the liability of the parties was unenforceable for ambiguity or uncertainty. ATOS considered that damages for wasted expenditure were expressly or impliedly excluded by the contract, as lost profits, business, anticipated savings, or indirect or consequential loss or damage and that any damages are subject to a valid and enforceable liability. Any liability on the part of ATOS was disputed as was quantum but, for the purpose of determining the preliminary issues, it was assumed that the Trust could make its case in other respects.
The limited liability provision that was at the core of the dispute (clause 8.1.2) provided:
‘(a) the liability of either party under the Contract for any one Default resulting in direct loss of or damage to tangible property of the other party or any series of connected Defaults resulting in or contributing to the loss of or damage to the tangible property of the other party shall not exceed the figure set out in schedule G;
(b) the aggregate liability of either party under the Contract for all Defaults, other than those governed by sub-clause 8.1.2 (a) above, shall not exceed the amount stated in schedule G to be the limit of such liability.’
Schedule G (para 9) provided:
The aggregate liability of the Contractor in accordance with sub-clause 8.1.2 paragraph (a) shall not exceed the sum of two million pounds.
The aggregate liability of the Contractor in accordance with sub-clause 8.1.2 paragraph (b) shall not exceed:
9.2.1 for any claim arising in the first 12 months of the term of the Contract, the Total Contract Price as set out in section 1.1; or
9.2.2 for claims arising after the first 12 months of the Contract, the total Contract Charges paid in the 12 months prior to the date of that claim.
There was a further restriction on liability in clause 8.1.3:
‘(a) Without prejudice to the generality of sub-clause 8.1.1 neither party shall be liable to the other for:
(i) loss of profits, or of business, or of revenue, or of goodwill, or of anticipated savings; and/or
(ii) indirect or consequential loss or damage; and/or
(iii) specific performance of the Contract unless expressly agreed by the parties to be applicable in schedule G.
(b) The provisions of sub-clause 8.1.3(a) shall not be taken as excluding or limiting the Authority's right under the Contract to claim for any of the following which results from a Default by the Contractor provided the Authority has made all reasonable efforts to mitigate such results:
(i) costs and expenses which would not otherwise have been incurred by the Authority including, without limiting the generality of the foregoing, costs relating to the time spent by the Authority's executives and employees in dealing with the consequences of the Default;
(ii) expenditure or charges paid by the Authority which would not otherwise have been incurred or would have ceased or would not have recurred;
(iii) costs, expenses and charges resulting from the loss or corruption of the date or Software owned by or under the control of the Authority, in accordance with sub-clause 13.4.2 provided that the Contractor's liability shall be limited to costs, expenses and charges associated with re-constituting such data or Software and returning it to a fully operational state insofar as it is inherently capable of being re-constituted.
(c) Any liability of the Contractor resulting from a claim under sub-clause 8.1.3(b) shall be subject to limitation in accordance with sub-clause 8.1.2.’
Finding on the first preliminary issue that clause 8.1.3(a) did not block the Trust’s claim, Mrs Justice O’Farrell stated (at -):
‘The Trust's case is that under the Contract ATOS promised to provide a functional EMR system. In reliance on ATOS's promise, the Trust incurred expenditure. In breach of contract ATOS failed to provide a functional EMR system. As a result of ATOS's breach, the expenditure was wasted. The Trust is entitled to recover the wasted expenditure as damages for breach of contract based on a rebuttable presumption that the value of a functional EMR system would be at least equal to such expenditure.
The Trust is not entitled to recover as damages any lost profits that it anticipated it would make using the new system, nor any lost revenue or savings that it planned to generate from use of the system. Those categories of loss are expressly excluded by clause 8.1.3(a).
However, that does not preclude the Trust from recovering damages to compensate for the loss of a functioning EMR system. That was a contractual benefit to which the Trust was entitled and of which it has been deprived by ATOS's alleged breach. The rebuttable presumption that the value of that loss is at least equal to the Trust's expenditure does not transform the claim for loss of the EMR system into a claim for loss of any additional benefits that would flow from use of the EMR system.…
The judge’s attention then turned to the second preliminary issue and the wording of Schedule G, para 9, which she said ‘is not drafted with precision’ but she had to determine ‘whether it can be made to make sense with sufficient clarity and certainty to make it enforceable’. While ‘the words used could give rise to competing interpretations, one of which makes commercial sense and the other does not, it is open to the court to prefer the interpretation that makes commercial sense’. The conclusion the judge reached was that clause 8.1.2(b) and paragraph 9.2 of Schedule G, taken together, provided a valid and enforceable limitation of liability so that there is one aggregate cap on the liability of ATOS for all defaults encompassed by clause 8.1.2(b), namely either the total contract price or the amount paid in the preceding 12 months.
CJEU Declares EU/Canada PNR Agreement Invalid
The Court of Justice of the European Union has declared that the agreement envisaged between the EU and Canada on the transfer of Passenger Name Record data may not be concluded in its current form, stating that several provisions of the draft agreement do not accord with fundamental rights recognised by the EU
The EU and Canada negotiated an agreement on the transfer and processing of Passenger Name Record data (PNR agreement) which was signed in 2014. The Council of the European Union requested the European Parliament’s approval of the agreement, and the European Parliament decided to refer the matter to the Court of Justice in order to ascertain whether the envisaged agreement was compatible with EU law and, in particular, with provisions relating to respect for private life and the protection of personal data.
The answer given by the Court in Opinion 1/15 (26 July 2017) is that the PNR agreement may not be concluded in its current form because several of its provisions are incompatible with the fundamental rights recognised by the EU. The envisaged agreement permits the systematic and continuous transfer of PNR data of all air passengers to a Canadian authority with a view to that data being used and retained, and possibly transferred subsequently to other authorities and to other non-member countries, for the purpose of combating terrorism and forms of serious transnational crime. To that end, the envisaged agreement, amongst other things, provides for a data storage period of five years and lays down requirements in relation to PNR data security and integrity, immediate masking of sensitive data, rights of access to and correction and erasure of data, and for the possibility of administrative and judicial redress.
The Court considered that the agreement should:
· · determine in a clearer and more precise manner certain of the PNR data to be transferred;
· · provide that the models and criteria used for the automated processing of PNR data will be specific, reliable and non-discriminatory;
· · provide that the databases used will be limited to those used by Canada in relation to the fight against terrorism and serious transnational crime;
· · provide that PNR data may be disclosed by the Canadian authorities to the government authorities of a non-EU country only if there is an agreement between the EU and that country equivalent to the envisaged agreement or a decision of the European Commission in that field;
· · provide for a right to individual notification for air passengers in the event of use of PNR data concerning them during their stay in Canada and after their departure from that country, and in the event of disclosure of that data to other authorities or to individuals;
· · guarantee that the oversight of the rules relating to the protection of air passengers with regard to the processing of their PNR data is carried out by an independent supervisory authority.
Tax Data, Privacy and Freedom of Expression
The European Court of Human Rights has ruled that banning the mass publication of personal tax data in Finland did not violate the right to freedom of expression.
Satakunnan Markkinapörssi Oy and Satamedia Oy v Finland (application no. 931/13) concerns two companies which had published the personal tax information of 1.2 million people. The domestic Finnish authorities ruled that such wholesale publication of personal data had been unlawful under data protection laws and barred such mass publications in future. The companies complained to the European Court of Human Rights that the ban had violated their right to freedom of expression. The Court has now held, by a majority of 15 to 2, that there had been no violation of Article 10 (freedom of expression) of the European Convention on Human Rights. The Court held that the ban had interfered with the companies’ freedom of expression. However, it had not violated Article 10 because it had been in accordance with the law, it had pursued the legitimate aim of protecting individuals’ privacy, and it had struck a fair balance between the right to privacy and the right to freedom of expression. In particular, the Court agreed with the conclusion of the domestic courts: the mass collection and wholesale dissemination of taxation data had not contributed to a debate of public interest, and had not been for a solely journalistic purpose.