Category Archives: Uncategorized

WHY CHOICE OF LAW IS IMPORTANT IN CROSS BORDER CONTRACTS

Global business means global contracts.  Each of the parties are resident or domiciled in different countries.  As laws and legal language differs from country to country contracts need to reflect language that accommodates and clarifies provisions that might not be familiar in that foreign jurisdiction.  In addition, the cost of litigating in a foreign jurisdiction can exceed all expectations and thus is difficult to quantify.

The choice of law can be dictated by the contract itself, yet the choice of law can also be different than the place chosen for resolution of the dispute.  Thus, a foreign court could be in the position of, for example, an English court interpreting U.S. law.  In this example, parties before an English court are permitted to present experts to assist the court in interpreting U.S. law.  This can become a battle of the experts. 

Where a standard form is used, which is meant to provide a uniform interpretation providing some certainty, however, foreign courts are not necessarily familiar with such universal interpretation and may alter the operation and effect of the underlying agreement.

Contracts provide certainty in business.  Such potential alteration eliminates this certainty and creates risk that is difficult to quantify.  With regard to specific provisions, U.S. courts generally takes a broad view and interpretation of contract provisions and are willing to imply provisions, for example, good faith.  Yet courts in other jurisdictions are not willing to imply what is not spelled out by specific language.  Interpretations also varying with regard to specific legal concepts.  “Gross negligence” is a well-recognized legal concept in U.S. law, however, in England for example, there is no concept of gross negligence, rather this concept is replaced by a notion of serious error or conduct falling significantly short of expectations. 

Whenever possible, check with a lawyer in the foreign jurisdiction to ensure the differences are fully understood and clarified wherever possible.  If possible carefully draft provisions keeping in mind a foreign court may be interpreting the terms should a dispute arise.

EU-US Privacy Shield: Legal Certainty for US Companies

A new data privacy protection agreement has been tentatively reached between the U.S. and the EU. This new agreement to be called the “EU-US Privacy Shield” replaces the 15 year old EU-US Safe Harbor Program that US companies have relied on to ensure legal certainty when personal data from the EU to the US.  The EU-US Safe Harbor was struck down late last year as not providing sufficient protection of personal information.

One of the most difficult obstacles to overcome in reaching this new agreement was the scope of access and transfer by U.S. government intelligence agencies. This new agreement should replace current uncertainty with clearer limitations and robust oversight and enforcement powers given to the Federal Trade Commission.  US companies will be subjected to vigorous obligations on data processing guaranteeing individual rights.   The new agreement also provides new redress options to any citizen who believes their personal information has been misused.

The EU-US Privacy Shield must now be approved by the European Union’s 28 member states. There will be both detractors and advocates, but it is nevertheless expected to pass muster.  Details of the new agreement should be drafted over the next two weeks and if approved it would be effective from early April.

NON-DISCLOSURE AND CONFIDENTIALITY AGREEMENTS: THE IMPORTANCE OF REMEDIES

Non-disclosure, confidentiality, and/or proprietary information agreements are one of the most frequently used agreements in business today.  Businesses entering into a new relationship or extending the scope of an ongoing relationship with clients, vendors or customers will often require a formal agreement between the parties outlining the use and further disclosure of confidential information.

Confidential information can include a myriad of information from intellectual property, source code, financial information, trade secrets, employee names and/or salary data, client names, methodologies or any information which is not publicly available.  These agreements are widely required prior to the disclosure of such information by a disclosing party, and can be one-sided or mutual.   The term usually extends for some period of years beyond the end of the relationship.

Customary provisions include:

  1. the purpose of the disclosure of confidential information;
  2. the type of information being disclosed;
  3. restrictions regarding onward disclosures;
  4. permitted use of information disclosed;
  5. restatement of ownership and whether disclosure grants a license;
  6. standard of care;
  7. disclaimer as to the accuracy;
  8. term and termination;
  9. return or destruction of confidential information in tangible form; and deletion if disclosure was in intangible form;
  10. consequences for breach;
  11. general clauses regarding assignment, choice of law etc.

Among the most controversial provisions is what happens in the event of a breach.  What happens when, for example, confidential information is made public or misused by a receiving company?  First, here’s an example of a typical provision regarding breach:

  ” A breach of any of the promises or agreements contained herein will result in  irreparable and continuing damage to Discloser for which there will be no adequate remedy at law, and Discloser shall be entitled to injunctive relief and/or a decree for specific performance, and such other relief as may be proper (including monetary damages if appropriate).”[1]

The purpose of injunctive relief and/or specific performance is to halt further disclosures or misuse of confidential information.  Monetary damages, on the other hand, go to the heart of the harm, the purpose of which is to compensate the disclosing company for the loss suffered by any prohibited disclosure.  There are two types of monetary damages, direct and indirect.  Direct damages are reasonable and ordinary damages that may be expected from a breach; while indirect damages compensates for the unexpected damages, including lost profits, lost use, reduction in value of the confidential information, loss of goodwill or customer business.  The indirect or consequential damages represents a much higher value damage since they are difficult to predict and, more importantly, to quantify.

Disclosing parties want to keep indirect damage provisions in the non-disclosure agreement and receiving parties want them out.  Best practice would be to define “direct damages” to include some of the types of damages that a disclosing party might expect from a prohibited disclosure or misuse.  This way some indirect damages might be re-characterized as direct damages.  The more closely damages can be quantified the more likely an agreement will be reached.  In addition, a receiving party may insist on a shorter term by which it is bound to hold the information confidential, or waive the need for a bond if seeking injunctive relief.

In the current business climate, non-disclosure agreements are frequently used, but standard versions no longer adequately protect both parties, each use should be reviewed and tweaked to suit the purpose.  As this is one of the most important agreements used every day by many businesses it deserves a bit more attention to the detail.

 

[1] This is a very general example, and the language will vary depending on the parties, the information disclosed and a number of other factors.

How changes to UK Consumer Law affects ecommerce businesses?

Effective earlier this year, the UK Consumer Contract Regulations came into force replacing the prior law on distance selling. Ecommerce businesses selling to UK customers will now need to review and update their sales process, terms and conditions of sales and refund policies to comply with the new regulations.

The Regulations were designed to implement the specific provisions of the EU Consumer Rights Directive (Directive 2011./83/EU). The directive applies to all consumer contracts for goods and services, including most particularly, online sales. The new regulations set out the information that must be provided to customers before the goods or services are purchased:

1. A specific description of the goods or services and the length of time any commitment on the part of the customer will last.

2. The total price of the goods or services, or manner in which the price will be calculated.

3. The cost of delivery and if the customer returns items, who will be responsible for the price of any return shipment.

4. Order cancellation details. Pursuant to the new rules the customer has no less than 14 days following receipt of the goods in which to cancel, this is an increase from prior law which mandated only 7 days.. There are exceptions to the 14 day right to cancel, including CDs, DVDs, or software if the wrapping seal is broken, the goods are perishable, tailor-made or personalized.

5. Information about the seller of the goods or services must be provided, including geographical location address and telephone number.

6. If the product is digital content, then the seller must provide information on the compatibility of the content with hardware and other software.

Sellers will no longer be able to charge a customer for an item that is selected for the customer as a pre-ticked box, rather the customer must actively tick the box. Finally, premium rate telephone numbers for help lines or other customer contact during the sales and return periods are no longer permitted.

Bottom line is that ecommerce companies selling to UK customers should review and revise, if necessary the terms and conditions of sale to ensure compliance with the new regulations. Failure to comply may result in contracts being unenforceable and criminal penalties may be imposed. Please let us know if you need any assistance or would like to discuss these new regulations to ensure your compliance.

Data Privacy and Security: The Demise of the EU-U.S. Safe Harbor

The lack of a cohesive body of data privacy and security laws in the U.S. created problems with transfers of personal information from EU citizens held by U.S. companies. Thus the EU-U.S. Safe Harbor was created and is administered by the U.S. Department of Commerce.  Under the Safe Harbor, U.S. companies could self-certify their compliance with minimum standards of data privacy and security such that the EU deemed such companies efforts as adequate to meet EU data privacy and security principles (set out in both Directives and regulations).  Late in 2015, the European Court of Justice issued a judgment declaring the Safe Harbor agreement as invalid.  This decision is cause for concern as U.S. companies may discover that they are no longer in compliance with EU data privacy and security principles, even though they have self-certified under the Safe Harbor.  Nevertheless, the Department of Commerce continues to allow U.S. companies to register and self-certify in the Safe Harbor program as a new solution is being sought to address tighter controls to meet more stringent data privacy and security principles.

In the meantime, companies of all sizes should be reviewing their current practices and reviewing the practices of any third party services providers being used, including cloud services. Be ready to take action.  Approximately one third of all data transfers of personal information is between the U.S. and the EU.  The EU General Data Protection Regulations (GDPR) set to become law in 2018 sets in place more rigorous regulations for consent to collect personal data, requests for removal of personal information from servers, and stepped up enforcement for complaints.  The object of the GDPR is to ensure strict levels of security without impeding market growth for businesses. Fines for failure to comply with the new Regulations may result in fines of up to 4% of a company’s global revenue.

Although the GDPR isn’t scheduled to take effect for some time, moving to best practices and implementing changes that will ensure future compliance is necessary. Don’t wait until the Regulations become effective, the invalidation of the Safe Harbor can, and likely will, trigger law suits against U.S. companies regardless of whether they have self-certified under the Safe Harbor.

Don’t be left behind and leave your company exposed.