In this month's legal update we'll cover:
- Data Protection:
EU negotiations during the transition period: how will businesses be impacted?
The Government has advised that it is aiming for ‘a future relationship based on friendly cooperation between sovereign equals for the benefit of all our peoples’ and ‘there is complete certainty that at the end of 2020 the process of transition to that relationship will be complete and that the UK will have recovered in full its economic and political independence’.
The government now has the task of seeing if it can agree a deeper trading relationship such as the free trade agreement the EU has with Canada. Or whether the relationship will be based on the Withdrawal Agreement deal agreed in October 2019. Either way the UK will be leaving the single market and the customs union at the end of 2020.
Any agreement reached will not be able to allow the EU any regulatory or immigration control, or supremacy for the CJEU over the UK’s laws.
In some areas, comprehensive free trade agreements will be required such as an agreement on fisheries, trade in live animals, animal products, seeds and other plant materials, cooperation on internal security, and technical agreements relating to aviation or civil nuclear cooperation.
Smooth border crossing arrangements and immigration will need to be discussed and arrangements put in place for family reunion, asylum and illegal immigration. The UK will develop independent policies in immigration, competition and subsidy policy, the environment, social policy, procurement, and data protection. Cooperation on foreign affairs will be necessary but will not always be required to involve a joint institutional framework.
The UK is aiming to reach agreement on provisions which are at least as good as those in the EU’s recent trade agreements, such as those with Canada or Japan.
European Parliament Resolution on proposed EU negotiating mandate
In response to the draft negotiating directives proposed by the European Commission (EC) on 3 February 2020, the European Parliament (EP) adopted a non-legislative Resolution on 12 February 2020, on the mandate for negotiating a new partnership with the UK.
The Resolution specifically refers to the European Parliament’s focus on a detailed agreement particularly the three main pillars: the economy, foreign affairs and specific sectors.
The EU has again emphasised that the integrity of the Single Market and the customs union must be maintained and so the UK will not have the same benefits as EU countries in these areas. Competition with the EU must have a ‘level playing field’ with not necessarily the same rules, but if not the same, equivalent rules on social, environmental, tax, state aid, consumer protection and climate issues.
If the UK is to retain the benefit of quota-free, tariff-free trade relations, the EU wants the UK to agree to update many rules relating to data protection, employment standards and environmental protection, in order to ensure "dynamic alignment" of EU-UK laws.
There will not be an EU-UK free trade deal unless there is an agreement in place by June 2020 on fisheries. Once the EU27 agree to the negotiating directives, which is expected to happen at the end of this month, the process of further negotiation can move forward.
IR35 – What are the changes from 6 April 2020?
We are awaiting the response to the review of the IR35 legislation by the end of this month, so that we are clear as to what the final form of the legislation will be.
As per the Autumn Budget, from 6 April 2020 the off-payroll working rules will be extended to large and medium-sized companies in the private sector. This means that companies in the private sector with over 50 employees are likely to be subject to IR35 (although the exact number of employees to qualify as a small business has not yet been confirmed) and will be subject to largely the same provisions as those introduced in the public sector relating to IR35 in 2017.
Personal Service Companies (or ‘PSC’s’) will no longer have to determine the status of payments made after 6 April 2020 (regardless of when the work was carried out by the contractor), that responsibility and the accounting for tax and national insurance contributions will shift instead to the end user client or 'fee-payer'. In order to best prepare for this change, medium and large businesses should seek advice or otherwise assess whether the new rules under IR35 apply to their independent contractors and review their contracts and pay arrangements as soon as possible.
Businesses should be aware that these changes could result in an increase in operating costs, directly if your business is the ‘fee payer’ and indirectly if organisations affected by increases in their tax and NICs further down the supply chain look to pass on these costs.
ACAS advice to employers in respect of Coronavirus
ACAS has this month published advice discussing how to best support staff who do not want to come into work because of concerns about spreading or contracting Coronavirus, as well as steps employers can take to protect their staff if the virus spreads more widely in the UK.
Whilst there is no legal obligation for an employer to pay a healthy worker who has been advised by the NHS to self-isolate, it would be good practice for an employer to treat self-quarantine as sick leave to reduce the risk of a worker feeling financially or otherwise compelled to attend work, potentially spreading the Coronavirus to other staff members and the wider public.
Financial Reporting Council (FRC) advice on Coronavirus risk disclosures in end of year reports
The FRC has set out advice this month on Coronavirus risk disclosures in year-end reports. Those companies operating in, dependent on supply chains in, or with close trade associations with China are likely to be financially impacted by Coronavirus and if there is a pandemic other companies may also need to look at their disclosures in their year-end accounts more carefully.
Companies should consider whether the impact on their business is sufficient to report on principal risks and uncertainties together with any mitigating steps that can be taken to minimise the impact. As the situation will be constantly changing, depending on how far the virus spreads, disclosures will likely change over time and companies should provide up-to-date and meaningful disclosure.
The FRC also refer to the carrying value of assets and liabilities in its advice, noting that additional impairment tests may be required and that companies will need to assess whether leases have become onerous. Later reporters may require more of an adjustment than those businesses that reported in December.
Cyber security and importance of secure systems under Data Protection legislation
DSG Retail Limited (DSG) notified the ICO in June 2018 that a cyber attacker installed malware on 5,390 point of sale terminals at Currys PC World and Dixons Travel stores between 24 July 2017 and 25 April 2018 affecting at least 14 million customers. Following this, the ICO fined DSG £500,000 last month for a serious contravention of the seventh data protection principle, relating to data security.
DSG did not have appropriate technical and organisational measures in place to secure the system for making payments. This allowed about 5.6 million payment card details used in transactions and the personal data of approximately 14 million customers, including full names, contact numbers, postcodes, email addresses and failed credit checks to fall into the wrong hands.
The ICO's investigation found systematic failures in the way in which DSG safeguarded personal data, which related to basic, commonplace security measures. Vulnerabilities included inadequate software patching, absence of a local firewall, as well as lack of network segregation and routine security testing. The ICO also took into account that DSG's outdated POS system did not support Point-to-Point encryption, which is an effective control endorsed by the Payment Card Industry Data Security Standard (PCI-DSS). This control prevents the plain-text access of payment card data at the point of swipe or pin entry.
If you would like advice on your business’ obligations in respect of data protection, helpful guidance has been published by the National Cyber Security Centre or alternatively contact our specialist data protection solicitors for more specific advice.
Hotel group fined for discrimination based on where customers lived
Meliá Hotels International were fined nearly EUR 6.7million earlier this month for entering into contracts with tour operators to restrict sales of hotel rooms.
The operators could only sell hotel rooms to and respond to direct requests from consumers resident in specified countries stated in the contract, and not freely to customers in all EEA countries.
Meliá, therefore, discriminated against customers based on their nationality or country of residence in breach of Article 101 of the Treaty on the Functioning of the EU.
This is a reminder of the need for businesses to operate fairly across the EU and to not unfairly restrict consumers dependent on where they are based in the EU.
New migration points-based system and how this could affect businesses post-Brexit
Following the publication of a report by the Migration Advisory Committee (MAC) on points-based visa systems and salary thresholds, on 19 February the government set out details of the new UK points-based immigration system that will replace the current arrangements, after free movement in the EU comes to an end.
The main points to note for employers looking to recruit within and outside of the EU from 1 January 2021 are that:
- There will be a more global system which does not give EU citizens a priority over non-EU citizens, all applicants will be treated equally regardless of where there are from.
- EU citizens will have a more streamlined application process than non-EU citizens who will still need to provide their biometrics (including a digital photo and fingerprints) at visa application centres in their country of application. EU citizens will be able to upload a photo of their face using their smartphone only.
- A low skilled or temporary work route is not planned to be part of the new system, which will affect some areas such as farming, catering and hospitality which often recruit cheap labour from Europe. But the government is instead attempting to encourage employers to invest more widely in staff retention, technology and automation.
- A minimum of 70 points will be required by migrants to qualify for a UK visa. This will include 50 points of compulsory criteria including the job being at an appropriate skill level, the job to have been offered by the employer with a sponsor licence, with a salary of at least £20,480 and market rate for the job offered. And the applicant must be able to speak English to a good level.
- The skills threshold for roles that can be filled by migrant workers will be reduced to include ‘medium skilled occupations’ and not just A -level equivalent or higher qualifications.
- There is no current cap planned for the number of migrants entering the UK under the skilled worker route.
*Please note that this update does not constitute formal legal advice and should not be relied upon as such. Always ask a solicitor if you are unsure of how the law relates to your business*