The Article 29 (A29) Working Party has recently published their opinion paper on the rise of facial recognition technology and the concerns that this brings for the protection of personal data online. This note looks at the issues of online privacy and the concerns for data privacy as facial recognition software becomes more widely available.
The A29 Working Party is the European body which comprises leading representatives from each data protection supervisory authority in the EU (in the UK, this is the Information Commissioner’s Office); its opinions are therefore particularly influential, if not binding.
Last year Pitmans published a briefing explaining the issues of privacy at the time Facebook changed their ‘tagging’ service for photographs to incorporate facial recognition technology. For further information, click here.
Since then, the availability and application of the technology has grown exponentially; as its accuracy and deployment expands, this technology could be used for the most routine events in every day life – but also by advertising companies, collecting market information based on attendance monitoring and profiling to tailor targeted advertising messages.
The A29 Working Party has identified facial recognition technology as being used for authentication or verification for devices or online services. However, the application of this technology may be naturally extended from the online to the offline world. From a defence and security perspective, retinal scans and other biometric data access are already in use at a number of airports and conditional access facilities; in addition, full facial recognition systems are reportedly already used by security agencies to identify known criminals at sporting and live events by using the technology to identify particular faces amongst the crowd (e.g. known hooligans at a football match or members of the public at the London Olympics).
Similarly, access to live events, venues and concerts has become more sophisticated than merely paper tickets – organisers continue to explore ways in which they may combat the growing grey market in second hand ticket sales which diverts income, and brand value, away from events and the artists. Methods include tickets containing photographs, bar codes or employing near field communication (NFC) technology. Fully automated facial recognition technology is a natural technological progression for those industries where secure access is an essential requirement.
But such applications raise data privacy concerns and consequently companies controlling or processing the data may be in breach of data privacy laws, unless such measures and new technologies are balanced against an individual’s right to privacy. While the A29 Working Party’s opinion on facial recognition focuses on online and mobile, the principles apply equally to anyone collecting and using data for facial recognition services.
The A29 Working Party consider that where a digital image contains an individual’s face, which is clearly visible and allows identification of the individual then such an image would be considered personal data. Therefore, where a reference template is created from an individual’s image, this template will also be personal data if it contains a set of distinctive features of an individual’s face which can be linked to the specific individual and stored for later use. The only instance where a template is likely not to be considered personal data, would be where it was not associated with an individual’s record, profile or original image – but clearly this would limit the application of the technology. Importantly, the template and corresponding profile (or personal details) of the data subject in question do not need to be held by the same entity – it may still constitute personal data where a data controller has the means to access the corresponding information needed to identify that individual (even where held by a third party supplier).
Directive 95/46/EC states the conditions by which the processing of personal data must comply. Article 6 states that images and templates must be relevant, and not excessive, for the purposes of facial recognition processing. As the images constitute biometric data, the processing of the personal data may only be performed if the informed consent of the individual is obtained prior to commencing processing or if another exception is satisfied under the Directive (e.g. for legitimate purposes pursued by the data controller – such as security for the venue in the light of perceived terrorist threats – provided it does not prejudice the rights of the individual concerned). The A29 Working Party note that some elements of processing may be necessary before consent is obtained, i.e. to verify existing records, but this should only be for the strictly limited purpose, and the information deleted immediately.
The digital images or templates stored must be used only for the specified purpose for which the have been provided – and for which consent has been sought or where another relevant exemption applies (as, for instance, in the case of the legitimate use exemption described above). The greater the sensitivity of the personal data concerned the more likely explicit consent will be required.
The A29 Working Party considers that technical controls should be implemented to ensure that third parties do not gain access to the data and use it in an unauthorised manner. As trials of cashless technology grow for events, it may be that this technology is used by individuals to purchase items using credit stored against their profile, for instance drinks or merchandise. Controllers should be aware of the parameters of consent and that data stored against a user’s profile, including data used for, or available from, facial recognition data, can be valuable information for advertising or marketing agencies profiling consumers.
Similarly, controllers and processors will need to guard against security breaches which may result in unauthorised access to the data. The A29 Working Party advises that technical measures such as encryption will need to be used for data storage and data transit. One method suggested by the A29 Working Party is for biometric encryption techniques themselves to be used so that the cryptographic key is directly bound to biometric data and is only re-created where correct live biometric sample is presented on verification.
To reduce such concerns the Working Party recommends minimising the data so that the images or templates stored do not contain more data than necessary to perform the specified purpose. Similarly, templates should not be transferable between facial recognition systems. Organisations developing or deploying such technology should also carry out Privacy Impact Assessments (PIA) and follow development methodologies based on Privacy by Design (PbD).
The everyday use of facial recognition software in society to improve security checks for employees, visitors or customers may soon become common place when using even the simplest of access control systems.
Data controllers and data processors should be aware of the law in this area as the technology becomes more prevalent. But consequently it appears the law may also need to keep abreast of various ways in which the software can be exploited to monitor and profile individuals using a range of services and ensure adequate protection for data subjects as the technology advances.
For further information please contact Philip James or a member of Pitmans’ Data Privacy & Information Law team.
Philip James
Partner, Digital Media, Technology and Data
T: 0207 634 4655
E: pjames@pitmans.com
Those in the hotel business will have been following with interest the latest developments in the referral of TripAdvisor’s UK advertising to the Advertising Standards Authority and the consequential requirement that they remove the word “trust” and “trusted” from their site in connection with hotel reviews posted in an unregulated way by members of the public (see here for example).
The Issue
Just as the issue has been enjoying attention in the national press, we have been conscious of increasing levels of concern among hotelier clients in relation to internet reviews of their businesses. Such concerns are by no means confined to any single provider of such services. These concerns encompass a perception both that their businesses are being damaged by negative reviews being placed online, and that their competitors are perhaps less scrupulous about the sources for comments on the same websites, intended to bolster business.
With a move away from travel agent bookings, and towards the undoubted benefits of being able to compare a wide variety of packages and destinations over the internet, these are concerns which, if not addressed, will become all the more pressing. They have undoubtedly been accentuated by the traditional January rush to make bookings for the summer holidays, and the fact that in the current economic climate, consumers are becoming ever more eager to ensure that their discretionary spending is being applied to experiences in which they can have confidence.
With those points in mind, a single adverse review can have a significant impact on a business’ revenue and goodwill, if it attracts attention and consequently prominence in whatever online forum it is published. The question for an affected business in those circumstances is what can be done about it.
It is perhaps unsurprising that TripAdvisor should have come in for special scrutiny in this regard. It is one of the world’s biggest travel resources featuring over 40 million reviews of hotels and restaurants a month worldwide and for many travellers the website has proved invaluable when they are choosing a hotel. By assessing the reviews placed with them TripAdvisor scores each hotel and restaurant on a percentage basis with a business’ rating changing on an on-going basis subject to the quality of the reviews that are posted online by the consumer.
Equally, the implications of the ASA’s ruling will be felt across an industry where individual feedback and recommendations have fast become the currency of choice for promotional purposes. The ruling in essence refused to rule out the possibility of such review systems being mis-used by unscrupulous competitors or vindictive private individuals, notwithstanding the relatively sophisticated systems of checks and moderation which TripAdvisor has in place. As such, any site which follows the same model, and in particular those where reviews remain permanently on a site unless withdrawn by the reviewer or proactively removed by the site owner, is by implication tarred with the same scepticism about the authenticity of its content.
“Negative” reviews
There are now many reported incidents where guests have posted negative reviews on comparison websites, and the establishments concerned have considered the review to be untrue or misleading. This is proving to be a particular concern as it is not necessary for the reviewer to have attended the hotel or the restaurant concerned to write a review, such that a review can be written by a disgruntled member or ex-member of staff, or a competing business looking to seek a competitive advantage.
It is also apparent that there is a small but growing band of so called “self appointed” reviewers that regularly contribute to these sites, notwithstanding that they have no formal training or understanding of the hospitality business and the standards required by the industry. The reviews provided by these amateur inspectors appear to be particularly damaging for the independent hotelier and restaurateur.
“Positive” reviews
Any service provider knows that generating spontaneous positive feedback is rather harder than the negative type. There is, as such, a natural self-selection on such sites in favour of negative feedback. While it cannot be condoned, it is therefore perhaps nevertheless unsurprising (particularly with the added pressures caused by the present economic environment) that some businesses have gone to the lengths of posting positive reviews on to comparison websites with the intention of raising their rating. We are aware of at least one example where five positive reviews were posted on to such a website with regard to one hotel, each review containing the same spelling mistakes and thus, in the view of our client, likely to have been posted by the same individual.
What can be done?
It is important to bear in mind that any reputable comparison site will almost certainly contain terms of use and a code of conduct which users must sign up to (probably on a “click through” basis) before they are able to post content. Demonstrable breaches of those codes of conduct have always been treated seriously, and in light of recent adverse publicity about reliability, it is to be expected that the sites will be making event greater efforts to ensure that genuine complaints are responded to efficiently and effectively.
Equally, of course, it is important to bear in mind that such allegations will need to be carefully considered, and capable of being proved to a relatively high standard, since the consequence for a hotel which is accused of posting fake “positive” reviews can be extremely detrimental. Those consequences might in turn lead to proceedings being issued against the site, which in turn may look to the party who made the original complaint, in order to substantiate their allegations. The prospect of such spiralling litigation deters many small businesses from embarking on such a high stakes course, and suggests that a more pragmatic approach is often required.
A Practical Approach
For small businesses a negative online review may prove personally upsetting and frustrating, even if it is genuinely true, after all of the hard work and effort that is put into running a business. It is inevitable that the distress and frustration will be all the greater where the review is untrue. Nevertheless, short of refusing to engage with the world of online comparisons (which for many is seen as a way to change the travel industry for the better, and in particular to bring small businesses to the attention of a worldwide audience), one approach is to engage with the reviews with a view to making them work for you.
Where a negative review or a number of reviews are posted that are factually wrong and can be shown to have caused the business an actual loss of trade, the incident/s highlighted in the reviews should be investigated and as much evidence as possible gathered to identify the reviewer/s. In the first instance the business should use its right to post a direct response to the negative review on the website as this may assist in negating the review. If a review or reviews are considered particularly damaging the site operator should then be approached in a constructive manner and asked that the review is removed. As much information should be provided to the site operator as possible to show that the review contained false information or was misleading. Our experience suggests that adopting a collaborative approach with the provider, rather than “shooting the messenger”, often yields the best results.
If at this stage the site operator is not cooperative in removing the offending review, a decision will need to be taken. In the majority of cases, embarking on further disputes will simply result in an additional drain on management time and the business’ resources, which might more effectively be devoted to positive publicity aimed at counter-acting the negative reviews.
In some cases, however, the harm will be so serious, and the risks to the business so severe, that action must be taken. As a preliminary step, the identity of the end user (i.e. the writer of the review) needs to be substantiated so that legal action against them may be considered. It may prove difficult to progress this matter if the site operator is not prepared to provide the end user’s identity or, once the user’s identity is confirmed, it is established that the user is not based in the UK.
The site operator can be asked to inform the user that legal action is being considered against them, if the operator is not prepared or is unable to divulge the end users identity and ask that the review is removed. Equally, it can be possible to obtain a court order for relatively detailed information about a user’s registration details, and even the IP address from which contributions were posted, where there is compelling evidence of genuine harm having been suffered.
However, pursuing a claim (whether in defamation or by some other route) via the UK Courts is not straightforward and should not be undertaken lightly. The legal costs for such an action could be substantial and there is no guarantee that the damages awarded by the Court, if a claim was successful would cover the costs incurred. That being so, it is always prudent to take informed, practical, advice at an early stage, so that a decision can be made that best suits the needs of the business in question, and is appropriate to the level of the harm that has been done.
David Loosemore
Solicitor, Hospitality Sector
T: +44 (0) 118 957 0240
E: dloosemore@pitmans.com
Will Richmond-Coggan
Director, Defamation/Social Media Law
T: +44 (0) 118 957 0369
E: wrcoggan@pitmans.com
Hoteliers Welcome TripAdvisor Rebuke
February 3rd, 2012
http://www.telegraph.co.uk/travel/travelnews/9053615/Hoteliers-welcome-TripAdvisor-rebuke.html
It speaks volumes that the co-founder of TripAdvisor Steve Kaufer has responded to the ASA ruling by stating in the Daily Telegraph that “The Ruling has little impact on our site and won’t change how we operate”.
Hoteliers concerned with the TripAdvisor website will have little comfort from reading Steve Kaufer’s comments and the relatively small changes to the TripAdvisor website required by the ASA Ruling. Whilst many seasoned travellers will appreciate the pitfalls of the review system provided by TripAdvisor, there is still a proportion of the millions of user of this popular website who could be unknowingly misled by false reviews. False reviews that until now TripAdvisor has appeared unwilling to remove at the request of the businesses concerned.
David Loosemore
Solicitor
T: +44 (0) 118 957 0240
E: dloosemore@pitmans.com
Don’t be under insured this Christmas!
November 28th, 2011
Once again ‘the season to be merry’ is almost upon us and it’s time to plan the party!
However whether you are a business simply planning to entertain clients and contacts or, for example, an organisation planning a music festival or major event for the public next year the principle is the same – don’t forget to check your insurance cover!
The laws that impose duties upon organisers of events, especially from a liability perspective, are surprisingly wide. However, fortunately there is a wide range of insurance cover available and there needs to be as the implications if things go wrong can have a devastating effect upon businesses and those who run them. The critical consideration is to ensure that all potential risks are covered as far as possible.
By way of illustration if a member of the public attending your event were suffer serious injury or die in an accident caused by a failure of your employees or agents to safely erect temporary steps then the consequences could be far reaching. The same would apply if one of your employees suffered serious injury or died due to inadequate supervision or safety precautions taken during their work.
Following a serious accident the law enforcement agencies, which includes not only the Police but The Health & Safety Executive and the Environmental Health Officers of the local Authorities, would immediately commence investigations and could issue a prohibition notice closing the event if they suspected there was a likelihood of reoccurrence.
Further, if they suspected that there were breaches of Health & Safety law then criminal prosecutions could follow against the organisers of the event and/or against the directors or senior officers if their gross negligence caused the incident.
Successful prosecutions could lead to unlimited fines for the business and imprisonment for the individuals concerned together with very bad publicity which could have a devastating effect on the business.
In the event of a death then there would also have to be an Inquest at which the business may have to explain their actions.
In either event there would no doubt be a civil claim for damages either by the injured individual or, following a fatality, by the Estate on behalf of any dependents.
In addition to needing insurance cover for liability risks there are a multitude of other prospective risks and related insurance coverage that should be considered by organisers and it is appropriate now to review some of the more common:
Property: cover for premises against damage, office contents, musical instruments, hired-in equipment, marquees, audio & visual equipment and plant, merchandise stock, CDs, and promotional materials.
Business Interruption: should there be fire, flood, power or a telecommunications failure, then BI insurance offers protection from income streams during physical and technological disruptions.
Employers’, Public and Product Liabilities: Employers liability insurance is of course compulsory and it should cover not only your own full time employees but part time contractors, volunteers and freelancers. Audiences will be covered by public liability insurance and food/drink and merchandise by product liability cover.
Financial: misappropriation, loss of cash, box office receipts, fees, subsistence expenses and merchandise.
Legal Expenses: provides cover for legal advice and representations of your company in health & safety issues, employment disputes, contract disputes and can provides an advisory service. This is often included in a ‘combined risk’ policy.
Professional Indemnity: provides cover against claims of negligence, breach of duty or mismanagement.
Cancellation Insurance
Cancellation cover replaces lost revenue and reimburses expenditure incurred from an event which is necessarily and unavoidably postponed, abandoned, cancelled, curtailed or relocated in circumstances beyond your control. For artist managers, it can also protect commission income streams for high-earning performers.
Cyber Liability Insurance
Your current insurance coverage may not protect against the special risks that accompany your activities into the online space. Cyber Liability cover can provide protection against the new risks that come with this continually developing technology.
Directors liability
Increasing regulation is placing greater pressure on company directors & officers to perform meticulously. If a shareholder, employee or any other 3rd party thinks a director or officer has failed to exercise ‘due care’ in the running of a business claims can be made against them personally.
Safety planning for an event is outside the scope of this article but don’t forget:
Risk assessments for members of the public attending the event and employees working on it should always be carried out by a person deemed ‘competent’ under the requisite Regulations.
Being able to point to the existence of a risk management plan can be invaluable in the event of an unexpected incident. The plan may be a simple document incorporating a communication plan should an incident occur.
Conclusion
Don’t forget that your risk exposure starts as soon as you sign a contract with the venue to host the event. Consider all of your risks when in the planning stage and the contractual liabilities that you will be liable for if things don’t go according to plan.
Accordingly, it is critical to regularly check the adequacy of your insurance coverage with your brokers. Ensure full descriptions of your actual and intended business everything are recorded in writing to your brokers and passed to your insurers so they can assess the risks and charge an appropriate premium that reflect the risks.
You should ensure you understand the nature and extent of the policy coverage, the policy exclusions and limitations such as whether legal advice cover is included for any enforcement authority investigation and /or prosecution before agreeing terms and paying the policy premium.
This article is only intended to provide a brief summary of some of the main insurances that organisers of an event should consider and discuss with their brokers.
If you would like any specific advice on the legal implications of holding an event, please contact Alan Davies, Defendant Insurance Partner and member of the Hospitality Sector or Nicola Kirk, Dispute Resolution Partner and Head of the Hospitality Sector.
Alan Davies
T: +44 (0)118 957 0300
E: alandavies@pitmans.com
Nicola Kirk
T: +44 (0)118 957 0226
E: nkirk@pitmans.com
For further information, please see:
Pitmans’ Hospitality Sector Services
Briefing Note: Product Recall – Guidelines for retailers, manufacturers and producers
September 28th, 2011
A retailer, manufacturer or producer of a potentially defective product could face both civil and criminal liability if appropriate action is not taken. It is critical to take immediate expert advice upon acquiring knowledge of a potentially defective product because the consequences of a failure to do so can be severe.
Below is a summary of the main issues and guidelines to consider:
A. Legislation
The relevant Legislation makes regular references to obligations being imposed upon ‘producers’ under The Consumer Protection Act 1987 “CPA”. Producers can include retailers, suppliers and manufacturers and for the purposes of this article I adopt the collective term unless stated otherwise.
1. General Product Safety Regulations 2005 (the GPSR): general notes
a. Introduction to GPSR 2005: the UK General Product Safety Regulations 2005 implemented the revised General Product Safety Directive (2001/95/EC) (GPSD). The GPSD has increased the regulation of product safety in the UK and therefore businesses must review their product safety systems to ensure compliance with the regime. The GSPD covers all products intended for use by consumers or likely to be used by consumers.
b. GPSR 2005, regulation 5: General safety requirement
Under regulation 5, there is a “general safety requirement” that producers will only place a product on the market if it is a “safe product”. A “safe product” is one which presents no risk or the minimum risk compatible with its use and which provides a high level of protection for consumers. If an unsafe product is placed on the market the manufacturer must notify the relevant enforcement authority (see regulation 9(3) on notification).
c. GPSR 2005, regulation 10(1): Enforcement
Under regulation 10(4), the relevant enforcement authorities in England are the local authorities, which are the county councils, district councils, London Borough Councils, the Common Council of the City of London and the Council of the Isles of Scilly.
2. Notification
a. GPSR 2005, regulation 9: Obligations of producers and distributors.
Where a product does not comply with the general safety requirement, both the producer and the distributor have a duty to notify the relevant enforcement authority (as defined in regulation 10(1)) of
i. information which will enable the product or batch in question to be identified;
ii. the risks that the product poses to consumers;
iii. details of action taken to prevent risk to the consumer.
b. This means that producers should monitor their products for potential risks. Such monitoring would give producers advance warning of product safety risks, so that they can take action before the authorities take the step of ordering a product recall. In addition, the GPSR 2005 require producers to keep a record of consumer complaints about the safety of their products (see regulation 7(4)(b)(ii)), and to notify the safety regulators if they find that the product is unsafe (see regulation 9 on notification).
c. This obligation to notify the relevant enforcement authority creates two questions for producers:
i. Issue 1: whether to notify. Producers must quickly assess the seriousness of the risk in order to decide whether the product is unsafe. The European Commission’s “Guidelines for the notification of dangerous consumer products to the competent authorities of the Member states by producers and distributors in accordance with article 5(3) of Directive 2001/95/EC” states that producers and distributors should take into account the severity of the possible damage and the factors which affect the level of the risk, such as the type of user and obviousness of the hazard, in deciding whether a product is unsafe and should be notified.¹
ii. Issue 2: when to notify. If the product is unsafe, then the European Commission’s Guidelines state that a company must inform the authorities: “without delay, as soon as the relevant information has become available, and in any case within 10 days since it has reportable information, even while investigations are continuing, indicating the existence of a dangerous product. When there is a serious risk, companies are required to inform the authority and in no case later than 3 days after they have obtained notifiable information. In an emergency situation, such as when immediate action is taken by a company, the company should inform the authorities immediately and by the fastest means”.
d. Once notified, the regulator will decide whether to send the information onto the European Commission and the other member states through the RAPEX system (the rapid alert system for non-food consumer products).
3. Recall
a. The GPSR 2005 place a positive duty on producers to recall dangerous products in certain circumstances.
i. Before the GPSR 2005 there was common law authority for a duty to recall unsafe products.
ii. Under GPSR 2005 producers now have a legal obligation to withdraw unsafe products from the distribution chain and/or recall them from consumers.
b. The GPSR 2005 regulation 15 gives national authorities the power to issue product recall notices. The authority can order the producer or distributor to take steps to protect consumers, including ordering a product recall.
i. Under regulation 10(5), while voluntary action on the part of producers and distributors is to be encouraged, an enforcement authority has the power take action “urgently and without first encouraging and promoting voluntary action if a product poses a serious risk”. The enforcement authorities must act proportionately to the seriousness of harm and take account of the precautionary principle. Acting on a precautionary basis means that regulators must take action even when they lack conclusive scientific evidence of the existence of the risk, as long as there is a likelihood of real harm.²
ii. Under regulation 15(4), an enforcement authority may only issue an recall notice if:
• other action which the authority may require would not suffice to prevent the risks
• the action being undertaken by the producer or distributor is unsatisfactory or insufficient; and
• the authority has given no less than seven days’ notice of intention to serve the recall notice and, where the person served has required the authority to seek advice from a person appointed by the Chartered Institute of Arbitrators (CIArb) to determine whether the product is dangerous or whether a recall notice is proportional to the seriousness of the risk, the authority has in fact sought and taken account of such advice.
Under regulation 15(5), the second and third requirements of regulation 15(4) do not apply for products which pose a serious risk and which require urgent action.
iii. Note that there is a right of appeal against recall notices. Under regulation 19(2)(d), a recall notice will be set aside if the product is not dangerous, or if the enforcement authority has not used recall as a last resort and the other requirements of regulation 15(4) have not been met.
4. Taking corrective action: when producers should make a recall.
“Product Safety in Europe: A Guide to Corrective Action Including Recalls”
The Guide aims to give producers and distributors of consumer products general advice about what they should do if they have evidence that one of their products may be unsafe.
a. Plan ahead: preparing your collective action strategy before you have a problem
i. Establish a policy and procedure for corrective action. Details of such policies may vary, but should include a statement by the company management of its aims and commitment to speedy corrective action to restore product safety, and to inform consumers fully of the corrective action being taken.
ii. Set up a corrective action team. The team should have knowledge of design, production, product safety/ risk management, quality assurance, distribution, public and corporate relations, legal, and accounts.
iii. Monitor information about the safety of your products. You need to have systems to collect and analyse information on report of accidents involving your products, customer complaints, warranty claims, insurance claims, any evidence of consumer abuse or misuse of the product.
iv. Keep good records to help trace products and identify customers and end users.
v. Assemble documents about the product’s design and safety
b. Decide whether to take action: assess the risk
i. Identify the hazard and its cause
ii. Estimate how many products are affected
iii. Identify who might be affected
iv. Consider what severity of injury could result
v. Assess the likelihood of such an injury
vi. Evaluate acceptability of overall risk
c. Taking corrective action: deciding what action to take
i. Decide whether corrective action needs to involve:
• Products in the supply chain and possibly
• Products in the hands of consumers
ii. Decide what corrective action needs to be carried out
If the overall risk is judged to be serious, the producer should take immediate action to:
• Inform the market surveillance authorities
• Isolate affected products
• Set up a communications programme to contact consumers
If the overall level of risk is judged to be moderate, the corrective action may be limited to products in the distribution chain, and it may be enough to withdraw those and give the authorities details of what is begin done
If the overall level of risk is judged to be low, corrective action may be limited to consideration of changes affecting products in design and production.
iii. Possible corrective action:
• Changing the design of products
• Withdrawing products from distribution
• Modifying products at consumers’ premises
• Return of products by consumers for modification
• Recalling products from consumers for replacement or refund
iv. Agree responsibilities and actions with distributors
v. Inform the market surveillance authorities
5. The European Commission published its revised Guidelines for the operation of “RAPEX” in January 2010.
a. “RAPEX” is a European rapid alert system for dangerous consumer products. It allows information about dangerous products to be given to other national authorities and the European Commission, in order to prevent the sale of these products. All the EU countries participate in the system. Under Article 12 of the GPSD, national authorities have a duty to notify the Commission, via the RAPEX system, of action taken to prevent the marketing and use of dangerous consumer products.
b. Manufacturers of consumer products marketed in Europe should be aware of the importance of the new RAPEX Guidelines, which give guidance on how the risk posed by consumer products should be assessed. This risk assessment process is relevant when a manufacturer has marketed an unsafe product. Regulators will follow this risk assessment process to decide whether the producer or distributor needs to notify regulators about the problem; what corrective action, up to and including recall, needs to be taken; and whether the issue will be communicated across Europe. The Guidelines and the new risk assessment process are expected to significantly change the way in which national authorities handle product recalls, and therefore the producer needs to understand the process.
c. Preparing risk assessment under the new 2010 Guidelines:
i. Describe the product and its hazard.
ii. Identify the type of customer to be included in the injury scenario.
iii. Describe the injury scenario in which the hazard might affect the consumer.
iv. Determine the severity of the possible injury to the consumer.
v. Determine the probability of the injury arising.
vi. Determine the risk level.
vii. Check whether the risk level is plausible.
viii. Repeat in order to identify other injury scenarios and the risk posed by the product. Classify the risk as “low”, “medium”, “high” or “serious”.
6. Advice on crisis management
a. The new GPSR regime means that producers must respond much more quickly to a product crisis. Producers should prepare a crisis plan beforehand in order to manage a potential product crisis. The producer should decide on an internal recall team, external advisors to deal with the risk assessment process, and detail procedures for employees.
b. There are differences between how the General Product Safety regime has been implemented in different member states, and how each member state approaches risk management. Producers should be aware of these differences and address both national and international issues in their crisis management plans.
c. Manufacturing companies may consider extending their existing product liability insurance to include product recall insurance which will cover some of the costs of a product recall.
B. The potential consequences of selling, producing or manufacturing a defective product that caused injury and/or damage to property
1. Criminal Proceedings by a prosecuting authority
Health & Safety at Work Act 1974
a. Action against the company
i. Section 3 of HSWA imposes a duty on an employer to ensure, so far as is reasonably practicable, the health safety and welfare of persons not in its employment (i.e. the public).
ii. A company is guilty of an offence if it fails to comply with the duty imposed by section 3.
iii. A company would be liable to an unlimited fine in the event of conviction.
b. Action against Individuals
i. Section 37 of HSWA states that where an offence has been committed by a company (see section 3 HSWA above) is proved to have been committed with the consent, connivance or neglect of an individual director, manager, secretary or other similar officer who was purporting to act in such capacity he too shall be guilty of an offence.
ii. Therefore in order for a director or other similar officer to be guilty of this offence:
a. The company must be guilty of an offence
b. That director must have consented to that offence or wilfully ignored it or negligently allowed it to occur.
iii. A director guilty of such an offence faces up to 2 years in prison and an unlimited fine.
General Product Safety Regulations 2005
a. Action against a company or individual
i. Regulation 20(1) of GPSR creates an offence for a person to place an unsafe product on the market. A company faces a maximum fine of £20,000. An individual prosecuted for this offence can be imprisoned for up to 12 months and a fine.
ii. Regulation 20(2) of GPSR creates an offence if a person fails to notify an enforcing authority that a product it has placed on the market is not safe. A company faces a maximum fine of £5,000. An individual prosecuted for this offence can be imprisoned for up to 3 months and a fine.
iii. Regulation 20(3) of GPSR creates an offence if a producer does not give notice to an enforcing authority that its product is unsafe and it is proved that the producer ought to have known that the product was unsafe. A company faces a maximum fine is £5,000. An individual prosecuted for this offence can be imprisoned for up to 3 months and a fine.
iv. Regulation 24 creates offences where a person obstructs an officer of an enforcing authority. A company or person faces a maximum fine is £5,000.
2. Civil Proceedings by the Claimant
a. If a defective product has caused injury to a consumer or third party the injured persons will have a cause of action enabling them to bring a claim for damages against the retailers, producers or manufacturers. It will be easier for a consumer to establish liability against the retailer as that is the legal entity with whom the contract was made and as such the consumer will have the benefit of a breach of contract claim which would not be available if the consumer sued the producer or manufacturer of the product. In practice the claim is normally persued against the retailer and pleaded alternatively in negligence and possibly under the CPA. There would normally be a claim for damages for damages for pain, suffering and loss of amenity suffered, any loss of earnings, out of pocket expenses sustained by the individual and family sustained as a result of the injury and a claim for care and assistance provided by the family. Upon receipt of any claim (or knowledge of any circumstance which may give rise to a claim under their insurance policy) the retailer must immediately notify their insurers.
b. Further, if the product caused damage to property then the purchasers of the product, the Claimants, can claim damages either directly or more usually by way of a recovery action by their insurers, for the physical damage to property sustained and if a business then potentially of loss of net profits sustained.
C. The potential consequences of selling, producing or manufacturing a defective product that caused death.
1. Coroner’s Inquest. In the even of a fatality arising there is an additional type of legal proceeding that will ensue, namely the Coroner’s Inquest.
a. The Coroner must investigate any unnatural death.
b. The Coroner’s inquiry is limited in nature and is designed to answer the following questions:
i. Who was the deceased?
ii. When and where did he die?
iii. How did he die?
c. The final question is a narrow question which means “by what means did he die”?
d. The inquest must not appear to determine any question of criminal or civil liability.
e. The coroner will reach a “verdict”. There are various possible verdicts, the most common of which are: accidental death, unlawful killing and an open (i.e. inconclusive) verdict.
f. The inquest will happen: it cannot be settled.
2. Criminal proceedings. In addition to the consequences outlined under B, further serious criminal proceedings may ensue by virtue of the Corporate Manslaughter & Homicide Act 2007 (CMHA).
a. A company is guilty of an offence if the way in which its activities are managed or organised
i. causes a person’s death and
ii. amounts to a gross breach of a relevant duty of care owed by the organisation to the deceased.
b. The relevant duty includes a duty owed in connection with the supply of goods.
c. The company’s conduct must fall far below what can reasonably be expected of the organisation in the circumstances.
d. Only a company can be prosecuted for corporate manslaughter. On the basis of the present information, a prosecution under the CMHA appears unlikely, but cannot be ruled out.
e. If prosecuted and convicted of such an offence, a company faces an unlimited fine and might be subject to a remedial order (requiring the problem to be remedied in a particular manner) or a publicity order (requiring the company to publicise the fact of the conviction to the media).
3. Civil Proceedings on Behalf of the Estate
a. A claim for damages may be made on behalf of the Estate of a deceased
person, the extent of which may be extensive as it may include a loss of dependency by the deceased’s family. The extent of the claim falls outside the scope of this brief article.
D. The powers of the Trading Standards officers
1. Trading Standards Officers: general information
a. Trading standards officers exist to enforce consumer protection legislation in order to create a safe trading environment. They carry out inspections on business premises to establish whether Trading Standards legislation has been complied with.
b. An inspection may take place as part of a routine inspection programme, or because the officer suspects that an offence has been committed.
2. Trading Standards Officers: powers
a. Power to enter premises and inspect goods: an officer may at all reasonable times enter any business premises and inspect any goods
b. Power to request or require books, documents or records: an officer can require the production of documents relating to the business and may make copies.
c. Powers of seizure: if an officer has reasonable cause to believe an offence has been committed, he may seize and detain any goods in order to ascertain whether an offence has been committed.
3. Trading Standards Officers: if there is a breach of Trading Standards legislation
a. If the Officer finds a contravention of safety legislation, he may issue a suspension notice prohibiting the movement of specified goods for a period of six months.
b. If the Officer finds more serious contraventions of safety legislation, he may consider legal proceedings.
These Guidelines are not intended to be fully comprehensive and each case depends on it’s own facts. For further information please visit Pitmans Defendant Insurance Service, or contact:
Alan Davies
Partner
T: +44 (0)118 9570 300
E: alandavies@pitmans.com
¹ http://ec.europa.eu/consumers/cons_safe/prod_safe/gpsd/notification_dang_en.pdf
² Department of Trade and Industry Guidance Notes, paragraph 78
Agency Workers Regulations: Additional Costs
September 5th, 2011
The Issue
The Agency Workers Regulations come into force on 1 October 2011 and will change the way in which the hospitality sector view agency workers.
Take the example of a hotel that uses agency workers to cover the busy summer months. At present agency workers often receive the same basic hourly rates as directly recruited staff but are not given the same benefits (transport facilities, overtime, maternity benefits and bonuses for example). However, from the 1 October 2011 this will change.
The Legal Position
After completing 12 weeks of an assignment, an agency worker will be entitled to the same basic working and employment conditions (including pay, working time and holiday entitlement) as they would have received had they been directly engaged to do the same job. The scope of the Regulations only includes terms which are ‘ordinarily included’ in the hirer’s contracts – for example, as part of a pay scale or company handbook.
Breaks of up to six weeks between assignments with the same hirer will not break the 12 week qualifying period. However, the clock will restart if the worker begins a new assignment with the hirer in a ‘substantially different’ role.
An agency worker’s right to equal pay will not apply when the agency worker is employed on a permanent basis by their agency, receives a minimum level of pay in between assignments and signs a contract with the agency prior to the start of the assignment (this is known as a ‘derogation contract’).
From day one of an assignment, agency workers will have equal access to collective facilities, such as a canteen or transport services; unless different treatment can be objectively justified (cost alone is unlikely to be enough). Agency workers will also have equal access to information on employment vacancies.
Agency workers who believe that they are not receiving equal treatment may ask the agency (and then the hirer if the agency fails to respond within 30 days) for written details of the hirer’s basic working and employment conditions.
A reasonable and practical approach
All organisations need to be aware of what is covered by “pay” in terms of the Regulations. Pay includes holiday pay, overtime, shift allowances, unsocial hours premiums; performance bonuses directly related to the work of the individual agency worker, and lunch vouchers.
Pay excludes occupational pension and sick pay schemes; notice pay; redundancy pay; expenses; loyalty bonuses and benefits in kind such as company car allowances and health insurance.
The hotel would be potentially liable for failing to provide agency workers with the same transport service as direct recruits. If any of the agency workers stayed on and worked for 12 weeks they would also gain a right to overtime for the remainder of their assignment if this is provided to permanent workers.
There would, however, be no obligation to provide the loyalty bonus or pay expenses.
Agency Worker Policy
For those employers who rely on agency workers we recommend that you undertake the following:
- Assess the average length of assignments; the extent to which agency workers and direct recruits are carrying out the same job; and whether agency workers are currently receiving the same pay, working time and holiday entitlement as direct recruits.
- Put systems in place to respond to information requests made by agency workers.
- Ensure that systems are in place to make agency workers aware of job vacancies and to inform them about collective facilities.
- Consider whether to review terms of business with agencies to apportion liability for any employment tribunal claims and to deal with the exchange of information with agencies.
- If seeking to avoid the impact of the Regulations, consider other options such as limiting the length of agency workers assignments (bearing in mind the anti-avoidance provision below), increasing the number of directly recruited fixed-term employees or using in-house staffing banks.
Potential Risks
Agency workers may be awarded unlimited compensation for a breach of the equal treatment rights with both agencies and hirers potentially liable (although the hirer is solely responsible for any claims regarding “day one” rights).
If an employment tribunal finds that assignments have been structured specifically to deprive an agency worker of equal treatment rights (for example by, rotating 11 week assignments in “substantially different” roles) it can make an additional award of up to £5,000.
For further information please visit Pitmans Hospitality Sector, or contact:
David Loosemore
Solicitor
T: +44 (0)118 957 0240
E: dloosemore@pitmans.com
Amanda Dorling
Solicitor
T: +44 (0)118 957 0407
E: adorling@pitmans.com
The Issue
Reliant on a youthful workforce that has grown up with instant news and social media networks employers within the hospitality sector are frequently challenged by on-line comments that often overstep the mark. Often made outside of the workplace and in the employee’s private time these remarks can be damaging to an employers business and difficult to deal with.
We have been approached by a number of clients within the catering sector for advice on how they should handle employees who have brought their business in to disrepute and whether they can be dismissed.
The Legal Position
When dismissing an employee, it is important that it is for a potentially fair reason and that the employer has acted reasonably in treating this reason as the basis for dismissal.
Employers are given a relatively wide scope for such dismissal. If they feel that an employee has prejudiced their business or reputation, or has damaged trust and confidence, then there is a strong possibility that dismissal is a legitimate option.
In a recent incident we were asked to advise on the actions of a marketing manager of a hotel who specialised in wedding functions. This manager posted comments on Facebook stating that her workplace was a building site and to make matters worse she posted pictures of the on going building works on to the website. On investigating the matter our client considered that this matter only warranted a warning on the understanding that the manager removed the offending items from the website.
However, in a recent tribunal case a pub manager was considered to have been fairly dismissed by his employer having made derogatory Facebook entries that named a number of customers who had been abusive to him. The tribunal found that her dismissal was fair on the grounds that, whilst she had a right to freedom of expression, her public statements had damaged the pub’s reputation. There had been a thorough disciplinary process and although the tribunal said that it would have been minded to issue a final written warning, dismissal was within the range of reasonable responses.
A Reasonable and Practical Approach
Employers must be aware of the need to take a reasonable view of employee actions and be flexible in their approach. It is clear that the power of social media is not always understood by employees and once this is pointed out to them issues can often be resolved quickly. Generally, employment tribunals do not look favourably on employers who are not flexible and not prepared to fully investigate the issues of concern.
It is also relevant that the same actions of different employees may have different effects on a company’s reputation. The drunken high-jinks published on the net of a junior bar manager whilst socialising may only warrant an informal chat from HR. Whereas the same actions a senior manager with a public presence might be reasonable grounds for disciplinary action if it is considered that he brought the employers business into disrepute.
Internet and Social Media Policy
Many of these incidences can be avoided by the preparation and communication of clear policies about what could happen to employees whose actions may reflect badly on the company through the impact of out-of-work activities. Such a policy should clearly outline the actions that may harm the reputation of the company and state the dangers of seemingly casual on-line banter. Managers involved in disciplinary procedures need to be trained in how to assess the extent of the potential damage that its’ employees can cause.
Potential Risks
It is not possible to draw up a rigid set of rules to govern this type of behaviour. Be prepared to be flexible and mindful of the actual circumstances surrounding each individual situation.
Dismissal is a drastic step. If this is a consideration, ensure that you take a realistic view of the actual damage to the business and not just what could have happened. Consider whether a written warning may be a suitable alternative.
For further information regarding Pitmans Hospitality legal services, please contact:
Amanda Dorling
Employment Lawyer
+44 (0)118 957 0407
adorling@pitmans.com
David Loosemore
Hospitality Lawyer
+44 (0)118 957 0240
dloosemore@pitmans.com
The Issue
We were recently approached by the Finance Director of a small but prestigious group of hotels who was concerned that from 2012 all companies must automatically enrol their staff into a pension scheme. With over 1,000 staff and an average staff turnover of 36% per annum our client was particularly keen to understand how temporary staff should be administered, determine what the additional costs would be to his business and establish the Company’s legal responsibilities.
Background Information
Our client’s business is heavily reliant on students and temporary staff who normally work for them during the summer season and who on average stay within their business for approximately 6 months. An average staff turnover of 36% is good for the hotel/catering trade and our client is proud of its ethical standards and the relationship it has built with its workforce. The hotel group presently offers its staff access to a Money Purchase pension scheme and operates a closed Final Salary pension scheme. At present 40% of the group’s employees do not belong to either pension scheme.
The Legal Position
The principle of automatic enrolment was introduced by the Pensions Act 2008 which set out reforms designed to make saving for retirement the norm for employees. What this means for employers of all sizes is that from October 2012 and phased in over a number of years, they will be obliged by law to pay contributions into qualifying pension scheme for most, if not all, of their employees.
Who?
A key challenge for our client will be identifying who they (the relevant “jobholders”) have to auto enrol as not only are a large number of their staff temporary, they also tend to be younger in age. The requirements for all employers are as follows:
- Workers aged 22 and over, but under State Pensionable Age will have to be auto enrolled if they have qualifying earnings (£7,475 in 2011/12),
- Workers between 16 and 21, and those between 65 and 75 who have qualifying earnings, may opt to become a member of an automatic enrolment scheme, and
- Those aged over 16 but under age 75 who do not earn the minimum qualifying earnings can demand membership.
In particular our client will need to decide whether when employing temporary staff their earnings will exceed approximately £623 per month in 2011/12 and the likelihood that they will remain employed with the company for more than three months. In this instance if the employee is between 22 and at present 65, has earnings in excess of the qualifying earnings and is employed form more than three months the Company will have to contribute to his/her pension.
When?
The implementation of auto enrolment is being phased in by the government over four years starting on the 1st October 2012, with the staging being based on the number of PAYE employees an employer has. With over 1,000 employees our client’s duty to auto enrol will commence on the 1 October 2013.
From 1 Oct 2013 our client must enrol the relevant jobholders, who are not presently within their group’s money purchase scheme or final salary scheme into a qualifying pension scheme within three months of them becoming eligible.
One option is to admit these jobholders into their existing money purchase scheme as it meets the minimum requirement of providing employer contributions of 3% of qualifying earnings and in total at least 8% of qualifying earnings, the necessary level of contributions required by 2017. At present our client’s money purchase scheme is more generous than this and it would prove expensive to move all new employees into this scheme.
Alternatives options (potentially less expensive than the existing scheme) are available and our client could consider auto enrolling those employees not in one of the existing schemes into a contract based group personal pension schemes, a trust based money purchase scheme or the National Employment Savings Trust (“NEST”).
Do the Employees have a choice?
Our client’s employees may opt out of the chosen pension within one month, but only after active membership has started. An opt-out within one month leads to an employee’s membership being cancelled and the employer/scheme have to refund any contributions. Under certain trust based pension schemes, the scheme rules presently allow members to receive a refund of their contributions if the employee leaves within two years, with employer contributions remaining within the Scheme. However, recent comments from the Department of Work and Pensions suggest that this flexibility is now under review as it could undermine the future success of NEST.
Irrespective of the employees view towards the pension benefits offered by their employer the emphasis is placed on the jobholder to opt-out if that is their wish as the employer is not allowed in anyway to induce them to opt-out.
Future Planning
Although, our client does not need to auto enrol his eligible employees until Oct 2013 he is advised to plan now to ensure he fully understands the cost implications of auto-enrolment and the impact it will have on his employees and the business. He needs to decide whether the business can afford to enrol all of its eligible employees into the Company’s existing scheme or whether cost savings need to be investigated?
In addition our client also has to ensure that he has an efficient system in place to administer the auto enrolment process, provide the correct information to its employees (17 items of data in total) and satisfy the Pensions Regulator who will be responsible for the effective compliance of employers. These administrative factors alone representing an additional cost that should not be underestimated.
For further information regarding our Hospitality expertise, please visit Pitmans Hospitality website or contact:
David Loosemore
Solicitor
+44 (0)118 957 0240
dloosemore@pitmans.com
Ticket Touts Beware
May 1st, 2011
Tickets for the 2012 London Olympic Games went on sale on 15 March 2011. First round applications for tickets will close on 26 April 2011 and in situations where demand for tickets exceeds supply, London 2012 will use an automated ballot to allocate tickets.
On 16 March 2011 Home secretary Theresa May laid before Parliament plans for the fine for ticket touting to increase from £5,000 to £20,000 for those convicted of ticket touting at the 2012 Games. “By increasing the fines for touting we are sending a clear message to criminals and prospective criminals that it is not worth their while and they are not welcome,” said May.
Whilst legislation already exists to counter the issue of ticket touting at football matches and the upcoming London Olympic and Paralympic Games in 2012, there is no such law prohibiting ticket touting at other sporting, music or other major events despite intense lobbying from MPs and rights owners.
There is a clear disparity between the various sports, as although ticket touting for last years’ FA Cup Final was deemed illegal, thus controlling ticket prices, the 2010 Men’s Wimbledon Final saw tickets being sold for in excess of £6,000 per pair.
The introduction of anti-touting legislation for the 2012 Games suggests that there is a public interest in controlling the market for the resale of tickets. However whilst this shows that extensive action is being taken to prevent ticket touting at the upcoming Games, it only serves to further highlight the lack of action being taken against ticket touts in other events. The significant financial gains made by touts are clearly being targeted by legislators especially where they have the effect of limiting the availability of affordable tickets for genuine fans and tarnishing the reputation and interests of event organisers themselves.
Whilst many may see this issue as purely economic, there are increasingly common situations which display the human effect this issue can have. Many internet sites are unscrupulously promising and misleadingly advertising to, in return for heavily inflated prices, sell tickets to music, sporting and other events. However unlike genuine secondary ticket selling sites, tickets from these sites never arrive, much to the despair of those who have spent hundreds of pounds on them, who in addition to suffering the financial loss, are also often left distraught.
Without legislation governing ticket touting for other events, we are forced to think of other creative ways to prevent touts buying large numbers of tickets for oversubscribed events with a view to selling them at a profit. The lack of legislation also makes it difficult to differentiate between genuine secondary ticket sellers and fraudulent ticket touts from whom tickets often never arrive. As a result we continue to do everything possible to combat ticket touting in respect of events, sporting and otherwise, organised by our rights owning clients. This often involves ensuring ticket touting websites are removed in order to stop sales of tickets at inflated prices which have the effect of harming the reputation and interests of our clients. To avoid situations such as those detailed above, always start by going through a reputable ticket seller, in situations where they are unable to fulfil your ticketing needs they will usually refer you to a reliable source who can.
Jeremy Summers
T: +44 (0)20 7634 4622
E: jsummers@pitmans.com