Author: Tom

On 13 November, the Information Commissioner’s Office (ICO) approved and published a new sector-owned code of conduct – the Association of British Investigators Limited (ABI) UK GDPR Code of Conduct for Investigative and Litigation Support Services (Code).

What is the Code?

The Code seeks to address key challenges faced by investigators and enable code members to demonstrate compliance with specific areas of data protection law in the provision of investigative and litigation support services.

It aims to provide sector-specific guidance and to increase accountability in handling personal data. As such, by complying with the Code, you are complying with data protection laws in the UK.

The Code includes advice, guidance, and practical examples in relation to:

• the roles and responsibilities of investigators;
• how to conduct Data Protection Impact Assessments;
• identification of the lawful basis for processing personal data;
• Legitimate Interests Assessments including for invisible processing such as covert surveillance, tracking devices, background checks and social media monitoring; and
• consent to share when tracing and locating individuals in certain cases.

How does the Code help your private investigation or litigation service?

• Public confidence: Verified adherence to the Code is intended to give confidence to users and subjects of investigative and litigation support services. It demonstrates that Code members comply with key aspects of data protection law and operate to a high standard in key areas.
• Reduce risk and enforcement action: Showing compliance with the Code reduces the risks of enforcement action from the ICO. This means you are less likely to receive fines, reprimands or other regulatory action in the event of a breach of data protection laws.
• Due diligence carried out by users: Users of investigation and litigation services (particularly other businesses who are controllers) should be carrying out diligence on service providers. Your prospective clients may check whether you adhere to the Code when they are carrying out due diligence prior to instructing you.

Can I sign up to the Code? If so, how?

Investigators and litigation services can voluntarily sign up for the Code and Code membership is managed by an independent ICO approved and UKAS accredited monitoring body. Code members must satisfy the monitoring body with the requirements explained in Appendix I to the Code. Such requirements include:

• Administrative evidence: Such as registration with the ICO, basic DBS disclosure, two references, finance checks and CV.
• Training: Satisfactory completion and maintenance of data protection training to the level comparable to the ABI UK GDPR compliance workshop, or training to an equivalent standard on the areas covered by the Code – including data protection impact assessments, lawful bases and more.
• Roles and responsibilities: Evidence that the Code member has documented and communicated to its client the roles and responsibilities in respect of the data processing undertaken in the delivery of Code services. This could be evidenced for example by providing a copy of the client engagement letter and/or contract.
• Case extracts: Samples of Data Protection Impact Assessments, lawful bases relied on, Legitimate Interest Assessments. In particular for children and the Code notes that Code members must not maintain a register of criminal convictions.
• Complaints: Evidence of any complaints received by the Code member from individuals in relation to data protection and the steps the Code member took to respond to the complaint and where relevant, evidence that in relation to monitoring body investigations of alleged breaches of the Code, the Code member has communicated with the monitoring body in accordance with the Code and the cooperation criteria in this Code.

The Code builds on the existing standards and criteria required for ABI membership however, Code members are not required to be ABI members and Code membership is available to any sector agency that meets the Code member criteria as at Appendix I to the Code, whether affiliated to the ABI or not.

What to do next?

We can assist you with your data protection compliance programme ahead of signing up to the Code. The following checklist describes the compliance steps that we suggest to cover:

• Registration with the ICO: As a data controller you are obliged to pay a fee to the ICO depending on your size.
• Records of processing activity: This document explains what data you process, how, who it is shared with and why. This is a legal requirement under GDPR (in most cases) but in any case will be a necessary exercise in order to satisfy the other requirements below.
• Privacy policies: Such as website privacy policy, employees privacy policy, recruitment privacy policy, privacy policy for users and third parties subject to the services – this is to comply with transparency requirements.
• Cookie audit: Policy and mechanism cookie banner – this is the consent mechanism that allows you to drop cookies. A good cookie banner will be tailored to your needs and allow users to decide what type of cookies they want. This is a requirement under the electronic marketing rules.
• Assessments: Such as Data Protection Impact Assessments, Legitimate Interests Assessments and Transfer Risk Assessments – this is to demonstrate your compliance and prove accountability.
• Supplier onboarding checklist and procedure and template data sharing clauses: To ensure you have carried out due diligence on any third parties you choose to use to help fulfil your services.
• Data protection rights procedure: This document sets out how to manage DSARs and other requests in relation to an individual’s data. Dealing with these requests is a legal requirement, getting it wrong can lead to fines and to reputational damage.
• Security incident management policy: This document sets out what each team needs to do in the event of a data breach. Dealing with these requests is a legal requirement, getting it wrong can lead to fines and to reputational damage.
• Regular privacy training: We can provide introductory or further training sessions depending on what your staff have already received. In order to comply with your security obligations you must train people to ensure that human error is avoided to the extent possible and that they understand what the GDPR requirements are.
• Data handling policy: This policy contains an explanation on why data protection is important and how you and your staff and comply with data protections laws on a day to day basis.
• BYOD and acceptable use policy: This policy would contain rules on how employees are allowed to use their personal devices including acceptable use practices.
• Data security policy: This policy documents how you keep data safe from an organisational and technical perspective.
• Data retention policy: This document explains how long you keep each type of data.

If you would like more information, please feel free to reach out to one of our dedicated data protection lawyers, or if you would like keep up to date on the latest in data protection, please subscribe to our newsletter, The Data Download here.

Further details about the Code can be found here.

After more than one year since trial, the long-awaited decision on whether a particular type of rowing machine is capable of copyright protection in England & Wales as a work of artistic craftsmanship came out earlier this week. The decision has been hotly awaited because there are relatively few cases that consider precisely what constitutes a work of artistic craftsmanship, and is thus of potential wide application.

Impact

The rowing machine in question was not a work of artistic craftsmanship, and therefore not capable of copyright protection.

The decision means that it will be harder for designers of 3D works, which are not sculptures, to rely on copyright as a form of protection in England & Wales, as opposed to seeking such protection in the EU, where the bar for copyright to subsist is lower.

Designers can of course continue to rely on design rights, whether registered or unregistered, which remain unaffected by this decision.

Background and decision

The decision considered the interplay between the legal tests for subsistence of copyright under EU law and under English law. Whilst the product met the requirement of originality under EU law, that was not determinative for copyright to subsist under English law. It mattered that the statutory test under English law also had to be met: section 4(1)(c) Copyright Designs & Patents Act 1988 as interpreted through a series of common law cases (including a New Zealand judgment). In summary, this requires the author of the work in question to be an “artist craftsman“, who produces “something which has aesthetic appeal” and such work “must have some artistic quality” and the author must have a desire “to produce something of beauty which would have an artistic justification for its own existence“.

Whilst the rowing machine in question had aesthetic appeal and its author was a craftsman, the judge held after reviewing the evidence that its author did not have the character of an “artist craftsman” (paragraph 188) nor was the rowing machine the result of a mind with a desire to produce something of beauty which would have an artistic justification for its own existence (paragraph 182). Thus the English law statutory test was not met.

Comment

This judgment is consistent with the English courts recognising the tension between EU law and English law with regards to what works are capable of attracting copyright. Importantly, this judgment does go further than previous judgments in its recognition that it is not possible for the English courts of first instance to reconcile EU law on subsistence of copyright (which has no requirement of any aesthetic effect for copyright to subsist in a work) with the requirements of the English law statutory test summarised above for copyright to subsist in a work of artistic craftsmanship. It therefore appears there is now judicial confirmation that Parliament would need to amend the legislation, to say otherwise.

Copyright would confer a generous term of protection of generally 70 years plus life of the designer. Whereas unregistered design rights generally only last up to a maximum of 10 years where the design is marketed/sold, and up to 25 years if a design is registered. Increasingly in recent years there have been attempts to secure copyright in 3D works that are not sculptures, partly because of the far more generous term of protection, and as a result of recent EU decisions. These attempts have rarely ever succeeded in the UK, so very few cases are litigated, as designers instead rely on their unregistered or registered rights in their 3D works.

Although much turned in this case on the facts (and the underlying claimant’s intent at the time of designing their rowing machine, which was to produce something commercially successful), the bar for copyright in England & Wales to subsist in a work of artistic craftsmanship appears to have been set higher, as the designer’s rationale for making a 3D work on the basis of it being commercially successful, rather than it purely being a work of beauty, appeared to have played a key factor in the judge’s decision.

It will be interesting to see whether the decision is appealed. Meanwhile, this judgment will be a useful tool for both legal practitioners and rightsholders on the thorny issue of whether copyright can subsist in something as a work of artistic craftsmanship under English law.

A link to the judgment (WaterRower v Liking [2024] EWHC 2806 (IPEC)) can be found here.

It has been a week of landmark intellectual property judgments, given the Supreme Court’s ruling in trade mark case Sky v Skykick. More detail on that decision, can be found in the article here.

After many years of proceedings, the long-waited trade mark case Sky v SkyKick has finally reached a decision at the Supreme Court today. The Judgment contains clear direction on when a trade mark has been registered in bad faith.

Impact

Owners of UK registered trade marks with broad specifications are now increasingly vulnerable to their marks being subject to invalidity attacks on the basis of bad faith, particularly where there is no intention to use such a broad specification. Trade mark owners should liaise with their trade mark advisers to review their portfolio and filing strategy, and how the decision may impact any ongoing or potential disputes.

Where we are already handling UK trade marks on your behalf, we will be reviewing whether your UK trade mark registrations need to be reviewed and whether the results of this case will affect any disputes you are currently involved with.

Background

• Sky brought actions against SkyKick for infringing its trade marks across a range of goods and services, and SkyKick in return challenged the validity of Sky’s trade marks.
• SkyKick argued that Sky had applied for its trade marks in “bad faith” and that they were thus invalid. Skykick had alleged that Sky’s trade mark applications were far too broad and separate from its core business and that Sky had no genuine intention to use the marks for the claimed goods and services. One of these terms was “computer software”.
• In the High Court, the Judge found that Sky had acted in bad faith and its trade marks were partially invalid, but SkyKick’s services had infringed Sky’s trade marks.
• Sky appealed the decision on bad faith, and Skykick cross appealed the decision on infringement.
• The Court of Appeal found that Sky had not acted in bad faith when registering its trade marks, and SkyKick’s appeal on infringement was dismissed.
• Skykick appealed to the Supreme Court the bad faith decision made by the Court of Appeal.
• A key issue considered by the Supreme Court was the basis for a finding that an application to register a trade mark had been made in bad faith.

Decision

• The Supreme Court affirmed the Court of Appeal’s finding on infringement.
• The Supreme Court reversed the Court of Appeal’s finding on bad faith and held that the High Court was entitled to find that the SKY marks were applied for in bad faith to the extent that it did.
• An application to register a mark in respect of a broad category of goods or services may be made partly in bad faith in so far as the broad description includes distinct sub-categories of goods or services in relation to which the applicant never had any intention to use the mark. It would be anomalous for traders who use broad terminology to describe the goods and services for which they seek protection to find themselves in a more favourable position than those who use appropriate sub-categories to describe the same goods and services.
• An applicant does not have to have a commercial strategy to use a mark for every possible species of goods or services falling within the specification. Nor is it an objection that the applicant has applied for a wide range of goods and services using class headings or other general terms.

Labour’s first Budget hopes to raise UK taxes by £40 billion. Highlights are as follows:

Income Tax

• No increase. Threshold freeze will end from April 2028.

National Insurance Contributions (NICs)

• No change to employee NICs. Threshold freeze will end from April 2028
• Employer NICs will increase to 15% from 6 April 2025, and the contribution threshold will decrease from £9,100 to £5,000.

Capital Gains Tax

• Basic rate (currently 10%) increased to 18%; higher rate of 20% to 24% from 30 October 2024.
• Rates for Business Asset Disposal Relief (formerly Entrepreneurs’ Relief) and Investors’ Relief will rise from 10% to 14% from 6 April 2025, and 18% from 6 April 2026.

Corporation Tax

• No major changes announced.

Inheritance Tax (IHT)

• IHT thresholds frozen until 2030 (previously 2028). No change to headline rate of IHT (40%).
• From 6 April 2026, assets qualifying for Agricultural Property Relief and Business Property Relief will attract relief at 100% up to a value of £1 million only, and at 50% over £1 million.
• Most pensions will be included in a person’s estate for IHT purposes from 6 April 2027.

Taxation of Non-UK Domiciled Individuals

• Domicile to be abolished as a tax concept, and a residence-based tax regime to replace it. This will impact personal and trust taxation.

Stamp Duty Land Tax (SDLT)

• Surcharge for second home purchases to increase from 3% to 5% from midnight on 30 October 2024.
• SDLT on enveloped dwellings to increase from 15% to 17%.

Private Schools

• Standard rate VAT at 20% to apply to private school fees from 1 January 2025.
• Business rates relief to be abolished from April 2025.

We have all, at one time or another, walked away from an argument and all too late thought of the crushing blow we should have delivered; a comeback there would have been no coming back from. If only we had said it at the time, we would have flicked our hair at our adversary (reduced to a gibbering wreck), turned on our heel, and spent the day bathing in our victory at the War of the Words.

Most of us think of that most lethal rebuttal while still seething slightly from the heat of the argument: later in the shower, having dinner or getting ready for bed. It will probably never graduate from the recesses of our mind and actually be articulated.

But some want to see that their revenge is served truly ice cold. What better way, then, than to leave that parting shot in your Will? It is a stroke of genius, surely; not only will your enemy have no right of reply, but the whole world (Wills are public documents in England and Wales) will bear witness to you having had the final word.

In eighteenth century France, the Marquis d’Aligre became a pioneer of the testamentary takedown. His Will read: ‘to my wife I leave her lover, and the knowledge that I was not the fool she thought me; to my son I leave the pleasure of earning a living. For twenty years he thought the pleasure was mine.’  Ouch.

Napoleon Bonaparte followed suit shortly thereafter. Although he had only good words to say of his wife ‘I retain her to my last moment, the most tender sentiments’, he was less complimentary of the English whom he anticipated would be responsible should he die: ‘I die prematurely, assassinated by the English oligarchy and its assassin. The English nation will not be slow in avenging me.’ Ultimately it was of course the hepatitis, and not the English, which saw to his demise.

The earliest example I have found in English law is from 1825, some four years after Napoleon’s death. In the case of Curtis v Curtis [1825] 162 ER 393, Mr Curtis left a Will in which he flouted his wife and bequeathed his entire Estate to his sister instead. In the Will itself he justified disinheriting his wife as being ‘a consequence of [her] cruel and murderous conduct, in this illness, as well as in past instances.’ On an application made by Mrs Curtis, the Court agreed to ‘strike out that extraneous part [of the Will], so injurious to her character—for which there was said to be not the slightest foundation.’

In Re the Estate of Robert White [1914] P 153, Mr White demonstrated similar antipathy towards his own wife: ‘he stated in his Will that he left nothing whatsoever to his wife (naming her and giving the name and address of her father), for reasons which he proceeded to give and which, while reflecting in no way on her chastity, were said to be scandalous and defamatory and would be painful to her and derogatory to her character if included in the probate.’ Mrs White’s counsel, acting for her in the application to have the words removed from the Will, was so offended by the words written by Mr White in his Will, he refused to read them in open Court.

In the Scottish case of B’s Executor v Keeper of the Registers and Deeds of Scotland [1935] SC 745, one (anonymous) testatrix left one farthing each to several of her relatives ‘as a reward for their mean scheming for years.’ She doubled down on one particular relative whom she called ‘that dangerous, intriguing female, that arch schemer! She wanted to compel me to buy her old hats at a £1 each.’

Why should a scorned testator limit themselves to levelling posthumous indiscretions at family members? In Re the Estate of Robert Myles Howard [1916] P 47, Mr Howard was a soldier serving in World War I when he wrote a letter (which would ultimately constitute his Will, the formalities for creating a Will being relaxed in the case of serving members of the armed forces) to his wife’s father. In the letter, he apparently expressed his love for his wife and left her various of his possessions. When probated, however, the Will was only reproduced in part, the military authorities having ‘expressed the view that it was undesirable to publish the whole of the letter.’ It is unknown precisely what Mr Howard wrote in his letter which caused the military authorities to object so vehemently, but whatever it was the presiding Bagrave Deane J. concluded that it should be ‘ignored’ and that ‘the ordinary practice cannot be allowed to prevail over the exigencies of the public service in time of war.’

The above are some of the more interesting examples I have been able to source. For the reasons I explain in more detail below, the public will never become privy to the majority of offensive, libellous or even blasphemous statements contained in Wills.

A testator is well within their rights to elaborate in their Will on why they have structured their legacy in such a way. ‘I leave £10,000 to my son, so that he may have an income of his own’ would probably be just fine. It is settled law, however, that a testator may not ‘use his Will as a vehicle for slander’ (Re Hall’s Estate [1943] 2 All ER 159).  ‘I leave £10,000 to my son, because I’m sick of him mooching off his girlfriend’ would be less fine.

On the appropriate application having been made, the Court will exclude the offending words from the copy of the Will which enters the public domain. In fact, if there is no doubt about the words being defamatory or blasphemous, the Registrar may actually refuse to probate the Will until the application has been made to have those words removed.

No one has ever sued an Executor for offensive or libellous words contained in a Will. In fact, they are prohibited from doing so at law. Notwithstanding the general rule about rights of action surviving death, and subsisting instead in a person’s Executors (whether for the benefit, or to the detriment, of the Estate), the rule specifically precludes defamation claims (s. 1 (1) Law Reform (Miscellaneous Provisions) Act 1934). Defamation claims therefore die with the deceased.

However tempting it may be, therefore, to tell your spouse, neighbour or former boss what you really thought of them (or their desire for you to buy their used headgear at a premium) in your Will, your words are unlikely to ever see the light of day. Instead, your Executors will be burdened with making a costly and time-consuming application to the Court to have the words expunged.

I will stop short of telling you to get it off your chest now, while you can. But I will say speak now, or forever hold your peace.

Yesterday the government published the draft Employment Rights Bill, just ahead of Labour’s first 100 days in power. Many extensive reforms were anticipated, but the Bill contains watered-down versions of the changes that were expected, and kicks their implementation into the long grass by requiring consultations on the finer details. Some proposed reforms are not integrated into the Bill at all, such as a statutory ‘right to switch off’ outside of normal working hours, which will now be implemented through a Code of Practice. Some changes still require extensive consultation, such as a single ‘worker’ status.

The most drastic of the changes outlined in the new legislation is the right that will be granted to workers to claim unfair dismissal from their first day of working with an employer – currently, only those who have completed two years of service with their employer can claim unfair dismissal. However, employers will still be able to impose probationary periods, which the government has indicated could be nine months long, and it’s not clear what a fair process for dismissal will look like. The Government has said these reforms to unfair dismissal will not come into effect until Autumn 2026, which is in stark contrast to initial Labour party communications suggesting that these rights may be effective immediately.

A further measure is the extension to all workers, regardless of level of earnings, of the right to receive Statutory Sick Pay (which the employer must pay) from their first day of illness. Until now, only those earning above £123 per week are entitled to receive Statutory Sick Pay, and only once they have been ill for three consecutive days. As there is presently no suggestion that the level of SSP (currently £116.75) will be increased, this reform will not represent a significant cost increase for most employers, but nor will it improve the position of employees in any material way.

Another change, effective once the Bill comes into force, is a right to take paternity and parental leave with no minimum period of service with an employer required, although there will be no equivalent change for maternity leave as had been speculated. At present, individuals must be employed for six months to be entitled to paternity leave and pay from their employer, and one year for parental leave. A right to flexible working will also become the default position for all, once the Bill is passed, unless the employer can prove the request is unreasonable.

The Bill sets out an employer’s duty to take “all reasonable steps” to prevent sexual harassment of staff. This widens the prevention duty provisions, already scheduled to come into force on 26 October, which place a duty on the employer to take “reasonable steps” to prevent sexual harassment of staff in the course of their employment. The Bill also states that an employer is deemed to have permitted a third party to have harassed a staff member if it failed to take all reasonable steps to prevent the third party from doing so. This is a high bar for employers to meet.

Of course it is possible that not all of these provisions will survive the passage of the Bill through its various approval stages. The Bill is only at the second reading stage in the House of Commons, and must still pass through the House of Lords and receive Royal Assent before it is passed and the changes become effective. The government has said it expects that the majority of reforms will not take effect until 2026.

Do reach out to a member of the Employment team if you wish to discuss any of these changes further.

The Information Commissioner’s Office (ICO) is the UK’s data protection regulator and it announced on 09 October that from 11 of October, it will be piloting changes to the way it provides support to businesses.

One of the first changes includes removing the ability for organisations to make inbound calls the ICO phone line for advice and clarity. The ICO states that “Instead of first calling [their] phone line, businesses can access a wide and growing range of online resources to get the certainty they need on any data protection concerns. [The ICO’s] expert advisers will still be on hand to provide businesses with additional support via the live chat facility and outbound calls.”

Heading Test

This comes after the ICO’s Data Protection Practitioners’ Conference held on 08 October and before the new UK Labour Government’s introduction of the Digital Information and Smart Data (DISD) Bill – which includes an aim to strengthen the ICO’s powers and target reform to some data laws. The DISD Bill aims to transform the ICO into a more modern regulatory structure, with a CEO, board and chair with new, stronger powers. This will be accompanied by targeted reforms to some data laws that will maintain high standards of protection but where there is currently a lack of clarity impeding the safe development and deployment of some new technologies. It will also promote standards for digital identities around privacy, security and inclusion.

The removal of the ability to call the ICO phone line for advice may impact an organisations ability to understand the ICO’s expectations when complying with data protection laws especially where the ICO’s online guidance is not always clear.

If you would like to keep up to date on the latest in data protection, please get in touch to subscribe to our newsletter, The Data Download.

Link to the ICO’s statement: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/10/changes-to-our-services-for-businesses/