Digital Markets, Competition and Consumer Bill

The Digital Markets, Competition and Consumer Bill is expected to receive Royal Assent in Spring 2024. The Bill proposes several large-scale changes to the competition and consumer law regimes, including granting the Competition and Markets Authority (CMA) direct enforcement powers.

In addition to procedural changes, the Bill prohibits unfair commercial practices. These practices are defined as being those which would cause the average consumer to take a transactional decision they otherwise would not have taken as a result of a misleading action or omission, or an aggressive practice. Early indications from the CMA suggest that most enforcement action will target unfair commercial practices online, including drip pricing, misleading discounting practices, and urgency claims.

How could it impact your business?

Any businesses that trade directly with consumers, particularly those that trade online, will be affected by the changes to the consumer law regime. By granting the CMA direct enforcement powers the enforcement of consumer law becomes (from the perspective of the regulator) cheaper, quicker, and subject to less scrutiny. We predict that this change will lead to a ‘boom’ in consumer law enforcement.

Prior to the Bill becoming law, the CMA is already flexing its powers; it has launched several investigations into alleged infringements of consumer law and has outlined online selling practices as an area of strategic focus for the year ahead.

To assist the CMA with enforcement, the Bill introduces fining powers for breaches of consumer law of up to 10% annual group worldwide turnover, enhanced information gathering powers, and criminal sanctions for company officers who consented to, or were negligent to, the unfair commercial practices. If found guilty of the offence, officers could receive a personal fine, or up to two years imprisonment.

In addition to the CMA independently and randomly auditing websites for evidence of unfair commercial practices, the CMA website hosts a button whereby consumers can file complaints to the CMA independently - the likelihood that unfair commercial practices are identified is therefore high.

What steps should you take?

Businesses selling to consumers online should engage in a review of their online selling practices to ensure that they are compliant with the Bill and to avoid becoming the subject of a CMA investigation. Considering the significant potential sanctions for non-compliance, it is recommended that businesses act quickly to identify any risks presented by their current online trading practices and remedy them prior to the Bill coming into law.

In addition to a review of existing practices, businesses should review training given to sales teams and any policies regarding online trading practices to ensure ongoing compliance.

National Security and Investment Act

The National Security and Investment Act came into force in January 2022. Since it's introduction, the Act has been the culprit of holding up and disrupting many acquisitions.

As a result, the Government launched a Call for Evidence, with the aim of identifying “how the NSI regime can be even more business friendly while maintaining and honing the essential protections we need for our national security.” This consultation closed on 15 January 2024.

In response to the consultation, the Government is expected to consider the scope of the mandatory notification requirements, develop the guidance on how the Act works, and improve the notification and assessment processes.

How could it impact your business?

In order for any 'qualifying acquisition' of an entity in one of the 17 ‘sensitive areas’ to proceed, a mandatory notification must be made to the Government explaining the proposed transaction. The practical ramification of this is that many transaction timetables have been delayed.

The Government has made it clear that they do not intend to make any changes to the triggers for mandatory notification and, as such, it is likely that investors will have to continue to contend with the legislation.

However, it isn’t all bad news, as the Government is due to consider whether any targeted exemptions should be implemented, or if they can refine acquisitions caught by some of the ‘sensitive areas’.

What steps should you take?

The Government has approved the majority of mandatory notifications which have been made to date (reporting that 93% of notifications in the most recent Annual Report “have been cleared without needing a detailed assessment”).

As such, until changes have been made, the best way to protect against delays and disruption caused by this legislation is to consider whether a mandatory notification is required as soon as there is a ‘good faith intention to proceed’ and there is likely to be no further ‘material’ changes to the details of the acquisition (i.e. the new ownership structure or the percentage to be transferred).

If an acquisition is completed without compliance with the NSIA, the consequences can be severe. In these cases, the Government has the power to apply both civil and criminal penalties.

Standard Contractual Clauses

Under the UK GDPR, businesses cannot lawfully transfer personal data outside of the UK unless: (a) the destination country has been deemed adequate by the UK Government; or (b) the restricted transfer is covered by appropriate safeguards.

Details of the countries and territories currently covered by the ‘adequacy regulations’ can be found on the ICO’s website, here. 

Appropriate safeguards (also known as ‘transfer mechanisms’) include the UK’s International Data Transfer Agreement (IDTA) or an Addendum to the new standard contractual clauses issued by the European Commission under the EU GDPR on 4 June 2021 (known as the ‘new EU SCCs’). These new EU SCCs replace the previous set of EU standard contractual clauses issued by the European Commission under the ‘old’ Data Protection Directive (now known as the ‘old EU SCCs’).

Contracts that were entered into before 21 September 2022 in reliance on the old EU SCCs will only remain valid until 21 March 2024. If a restricted transfer will continue beyond this date, the relevant exporting and importing parties must implement a new contract on the basis of the IDTA or the Addendum (or look to an alternative safeguard under the UK GDPR).

(Note the new EU SCCs are not valid for restricted transfers under the UK GDPR on their own. They must be used in conjunction with the Addendum.)

How could it impact your business?

To date, any commercial contracts that were entered into prior to 21 September 2022, under which data is transferred to a non-adequate or ‘third’ country outside the UK, have been able to continue relying on the old EU SSCs to safeguard data. However, from 21 March 2024, the old EU SCCs cease to be valid, meaning data provisions need to be migrated to either the IDTA or new SCCs plus Addendum. Companies should therefore carry out a timely review of all relevant agreements, to check whether old SCCs have been relied upon and, if so, determine which mechanism will be most appropriate to replace them.

Contracts with third party suppliers are likely to be of particular concern and should be prioritised. Often suppliers use standard terms incorporating a Data Processing Agreement (DPA), which enables them to process data on behalf of the transferring controller. The DPA will set out any relevant transfer mechanism where the supplier is based overseas to their controller clients. If a supplier has not updated its standard terms, these may refer to the old SCCs, which will be invalid from 21 March. Such terms are often available on the supplier’s website for ease of review.

In addition, data protection policies should be reviewed by businesses to ensure that they do not refer to the old SCCs or otherwise suggest that the business continues to rely upon this soon outdated mechanism.

What steps should you take?

For existing contracts, (ignoring exemptions/other existing mechanisms) companies have two options:

• implement the International Data Transfer Agreement; or

• implement the UK Addendum alongside the new SCCs.

These mechanisms require additional action, including carrying out a Transfer Risk Assessment (TRA). A TRA tool and guidance is available on the ICO’s website.

Note that there are differences between the content of the IDTA and the Addendum + new EU SCCs. In contrast to the IDTA, the new SCCs incorporate the mandatory written terms between controllers and processors, such that a separate DPA may not be required between the transferring parties. A general review of all data clauses is advised if moving to the Addendum and new SCCs, as there may be inconsistencies.

Contract and data policy reviews should take place immediately to be effective from the deadline of 21 March 2024. Training may be required on how to use the new mechanisms and conduct transfer risk assessments.

If the old SCCs remain in contracts, international personal data transfers will not be adequately safeguarded and will therefore be unlawful. Businesses risk exposure to the usual consequences of non-compliance, including reputational damage, ICO investigation, monitoring and fines, together with individual private action concerning the mishandling of data.

Hague Convention on Recognition and Enforcement of Foreign Judgments

The UK’s withdrawal from the EU had a significant and detrimental impact on UK companies’ ability to have their judgments recognised and enforced in the EU (and vice versa). The Ministry of Justice therefore opened a consultation as to whether the UK should become a signatory to the Hague Convention on the Recognition and Enforcement of Judgments 2019. The response was overwhelmingly in favour. As a result, the Government has indicated that it will become a signatory to the Convention.

How could it impact your business?

Currently, whilst English judgments rendered before 31 December 2020 can still take advantage of the European regime, those issued after this date need to go through significant steps dictated by the relevant local law to have them recognised and enforced. This not only impacts the ability to enforce a judgment, but also to simply have it recognised by national courts (for example, to demonstrate that a national court should not re-litigate a matter that has previously been decided by the English court).

Becoming a party to the Hague Convention can only mean good news for UK businesses operating in the EU, who will then be able to benefit from a single, simplified process throughout the region. As the arrangements are reciprocal, EU companies will be able to benefit from a similarly streamlined process to have their judgments recognised and enforced in the UK.

It will not however happen overnight. Although the Government has indicated that it will sign up to the Convention as soon as possible, legislation will then need to be enacted to ratify the Convention within the UK and it is anticipated that it will come into force 12 months after ratification.

What steps should you take?

UK or EU companies with potential claims in the corresponding region may wish to delay bringing claims until after ratification so that they can benefit from this more efficient procedure. Before doing so however, care must be taken to ensure that delaying does not fall foul of any relevant limitation periods.

Employment landscape post-election

In January, Prime Minister Rishi Sunak announced that he expects to call the next general election "in the second half" of 2024. The result of that election will undoubtedly impact UK employment law significantly, particularly if (as is currently predicted) the Labour Party get elected.

The Labour party have published their Employment Rights Green Paper ‘A New Deal for Working People’ which proposes new employment laws to be introduced within the first 100 days of a Labour Government and outlines its commitment to wide-ranging, radical reform.

How could it impact your business?

The Labour Party have proposed extensive reforms. Perhaps the most significant is its plans to make unfair dismissal a day one right. This will remove the requirement for 2 years’ service, whilst also removing the statutory cap on the compensation workers can receive if they are successful in an unfair dismissal claim.

If the reform goes ahead, we may see a significant increase in the number of unfair dismissal claims being brought by employees/workers. However, it may in turn reduce the number of challenging discrimination and whistleblowing claims, given that employees won’t need to search for a discrimination or whistleblowing angle to go beyond the statutory cap for financial loss.

Aside from the changes to unfair dismissal, some of the other notable proposed reforms include:

• reforming employment status, meaning ‘workers’ will have the same employment rights as ‘employees’, as part of a single status of ‘worker’ for all but the genuinely ‘self-employed’;

• giving workers a new right to disconnect from work outside of working hours and not be contacted by their employer outside of working hours;

• banning zero hours contracts. This would ensure that anyone working regular hours for 12 weeks or more would have a right to a regular contract;

• ending fire and rehire practices; and

• expansion of trade union rights and stronger family-friendly rights.

What steps should you take?

If a Labour government implements the proposed reforms, it would arguably be the largest shake up to employment law in decades. The proposed reforms to the law around unfair dismissals would have a resounding impact on employers, forcing them to reconsider how they approach recruitment processes, staff monitoring, and dismissals.

Employers would likely need to invest much more time and resource on recruitment to ensure that prospective candidates are a good ‘fit’ with the organisation, that there are strategies in place to aid integration of new staff, and that there are structures to monitor things like employee performance and conduct effectively (two of the most commonly used ‘potentially fair’ reasons for dismissal).

Dismissals will inevitably need to be approached with greater care, ensuring compliance with ACAS dismissal guidance closely, and budgets will need to take account of increased likelihood of litigation.

Regarding the other proposed reforms, the extension to the definition of worker would entitle more individuals to a wider range of employment rights. Employers would need to assess which of their staff would be affected and identify where working arrangements, HR policies and practices, including compliance processes, along with employee benefit schemes might need to be revised.

It is not yet clear what exceptions might be made to the right to disconnect and what the consequences for a breach would be, however employers will likely need to review contracts and HR policies to ensure compliance with any new rules. If the right were introduced, the UK would be joining EU countries including France, Belgium, Italy, Spain, and Portugal where, in some cases, significant fines can be imposed on offending employers.

Unfair dismissal and discrimination reminder

The Employment Tribunal has recently awarded over £470,000 to an employee who was dismissed after using an offensive racial term in a race awareness training session.

The employee’s claim for unfair dismissal and discrimination arising from disability was upheld. The Tribunal deemed his actions fell short of gross misconduct, whilst also finding that his dyslexia was a factor behind how he had expressed himself in the session.

How could it impact your business?

Many employers grapple with issues arising out of equality and diversity training sessions in which employees are encouraged to speak freely and ask questions. In this matter, some colleagues expressed shock at the language the employee used and were pleased the trainer reprimanded him, whereas others were uncomfortable that he was reprimanded after participants had been encouraged to ask awkward questions.

It is important for employers to consider conduct issues resulting from these sessions on a case-by-case basis. In this case, the company said it had a ‘zero tolerance’ disciplinary policy, however the Employment Tribunal observed that it was still necessary for any disciplinary matter to be investigated on its own facts and a sanction decided upon.

The judgment suggests that it is possible to demonstrate ‘zero tolerance’ of discrimination without dismissal being the automatic sanction. In this case, for example, the Employment Tribunal felt that the employee showed clear remorse and understanding of the hurt caused by his use of language. It found that there was no rational basis for believing that the incident would be repeated and that issuing a lesser sanction, such as a warning, would have confirmed that the company did not condone his actions. This provides a useful guide as to how employers can balance ‘zero tolerance’ with a fair sanction.

What steps should you take?

Whilst this is a first instance decision that is not binding on future Employment Tribunals, it is a reminder of how people's opinions and perceptions can differ and of the need for employers to have a clear behavioural framework in place.

It is therefore prudent to ensure that staff, and those delivering equality and diversity training, are made aware of what is and isn’t acceptable behaviour through policies, with reminders as part of the sessions themselves.

It is also important for employers to consider conduct issues on a case-by-case basis. This is not to say employers should not necessarily take a strong stance with respect to equality and diversity, but that blanket sanctions ought not to be applied in every case. As the Tribunal said “context is everything” and overlooking this can be immensely costly.

Research results published on ‘Gender Pension Gap’

A recent report has been published by NOW: Pensions (titled The Gender Pension Gap report 2024), which investigated disparities between men and women’s pension savings.

The report has revealed that women retire with average pension savings of £69,000, compared to £205,000 for men. A perfect storm of social factors was highlighted as contributing towards an average ten-year career gap for women, which combine to produce the rather depressing fact that closing this gap would require a girl to start pension saving at three years old.

A copy of the report can be viewed here.

How could it impact your business?

The report indicates a huge adverse impact on women in the workplace and employers should take steps to help female employees to save towards their retirement. Failure to do so could be discriminatory.

What steps should you take?

The NOW: Pensions report highlighted several proposed Government-level policy changes to address the gender pension gap, including the following:

• reducing/removing the auto-enrolment trigger (currently set at £10,000) along with the lower earnings limit;

• introducing a family carer’s top-up that would mimic employer’s contributions;

• improving awareness of pension savings in divorce negotiations; and

• ensuring childcare is both affordable and accessible, so that more women have the realistic financial option of returning to work.

Until such policy change materialises, employers can take proactive steps to help address the gender pension gap at grassroots level within their business. Such steps could include:

• offering and/or improving awareness around options such as voluntary pension contributions;

• encouraging female employees to save by matching employee pension contributions;

• introducing salary sacrifice as a further incentive;

• supporting employees with childcare responsibilities through attractive family-friendly policies and incentives including childcare vouchers;

• promoting family-related leave for all employees so that the burden of childcare is reduced for female employees.

Additionally, employers could introduce gender specific financial education and information to support female colleagues in making informed decisions about their pensions. It’s likely that this would improve engagement in the workplace, as well as helping tackle the gender pension gap.

Green Agreements Guidance

The Competition Markets Authority (CMA) recently published the Green Agreements Guidance. Designed to provide companies with greater clarity when entering into green collaboration agreements, the guidance provides a framework for how your business can legitimately engage in cooperation with competitors to combat climate change.

The guidance reflects the CMA’s wider strategic objective to promote sustainability whilst protecting competition and is a supplement to existing guidance on horizontal and vertical agreements previously issued by the CMA.

The guidance covers all environmental sustainability agreements, defined as agreements between competitors, or potential competitors, that aim to prevent, reduce, or mitigate the harmful effects of economic activities on the environment or assist with the transition towards sustainability. This marks an important area of divergence from similar guidance issued by the European Commission in June 2023, which allows for inclusion of wider societal objectives, such as working conditions and respect for human rights within agreements.

How could it impact your business?

The guidance is likely to impact the content of corporate sustainability and ESG policies, green collaboration agreements and projects, and how businesses make decisions in relation to net zero commitments. It presents greater clarity on how businesses may collaborate with others, setting out clear examples of what may, or may not, be considered permitted by the CMA.

However, the guidance remains vague in some areas and penalties for non-compliance are high, for example, the CMA can issue fines of up to 10% of annual group worldwide turnover on all entities involved.

What steps should you take?

As the guidance is already in place, it is recommended that businesses review their existing ESG/Green collaboration agreements and policies to ensure they are compliant, particularly those which may have been signed off by European-based compliance teams. If any areas of uncertainty are identified, businesses should seek advice on whether the agreement is exempt or requires further Competition Law analysis.

If required, the CMA’s open-door policy offers businesses the opportunity for constructive dialogue with the regulator relating to green agreements. Given that ESG is a high-growth area, particularly considering the introduction of the Corporate Sustainability Due Diligence Directive in the EU, businesses may wish to roll out training and guidance to in-house legal and procurement teams, to ensure agreements are compliant with the guidance.

The Procurement Act 2023

As mentioned in our Horizon Scanning update last month, the Procurement Act 2023 received Royal Assent in October 2023, ushering in a period of great change in the procurement regime. The Act, which is due to come into force in October 2024, replaces multiple procurement regulations with one single consolidated set of rules for public procurement. It is designed to make the procurement process more flexible and transparent.

In addition to the changes to mandatory exclusion grounds and the introduction of a centralised debarment register mentioned last month, additional changes include:

1. removing the requirement for the successful tender to be the most economically advantageous tender (contracts will be awarded to most advantageous tender, allowing for additional factors such as sustainability credentials to be taken into consideration);

2. the introduction of an open procedure and a competitive flexible procedure; and

3. expanded direct award powers and additional discretionary exclusion grounds.

How could it impact your business?

Any agreements in place before the Act comes into force will not be affected by the new legislation. However, any procurements procedures taking place after this date will need to do so in line with the Act.

For those involved in public procurement processes, the flexibility introduced by the new legislation will bring increased risk of procurement challenges from unsuccessful bidders. Additionally, the framework procedure introduced under the Act permits frameworks to continue for up to eight years, with the frameworks having to “open” at various statutory intervals to assess competition. This will open the public authority up to risk of challenge each time the framework is opened.

Another area opening the floodgates to potential challenge is the additional discretionary exclusion grounds being introduced by the Act. These include potential competition infringements (both in the UK and other jurisdictions), poor performance in a previous contract, or acting improperly in procurement. These wide-ranging, vaguely drafted, and discretionary exclusion powers invite procurement challenges where potential suppliers feel they have been unfairly excluded.

Moreover, for businesses that tender for public sector work, it adds an additional risk for non-compliance with competition law. For companies found to be infringing Competition Law, they could face fines of up to 10% group worldwide turnover as well as being barred from public procurements for up to three years after the decision.

What steps should you take?

For those currently providing services to the public sector under a procurement procedure, it is business as usual for now, with the added health warning that any ‘bad behaviour’ could cost them contracts in future under the new discretionary powers.

Whilst businesses which engage in public procurements should start to familiarise themselves with the changes to the legislation, at this time much remains uncertain. Secondary legislation, which will provide greater insight into how the Act will be interpreted and applied, is expected imminently. Once this secondary legislation is agreed, a six-month transition period will be triggered, allowing suppliers and public authorities time to get their respective houses in order.

Landlord Withholding Consent to Alterations

The recent High Court case of Messenex Property Investments Ltd v Lanark Square Ltd [2024] held it was reasonable for a landlord to refuse consent to alterations, where structural engineer’s drawings and an unqualified undertaking for costs were requested and a tenant failed to provide them.

In this case, the tenant applied for consent from the landlord in accordance with their lease to add three floors to a building and convert the ground floor from business to residential use after planning permission was obtained in April 2020.

Due to the major works proposed, the landlord requested preliminary and final architectural and structural engineer’s drawings showing the extent of the works as a condition of consent. Discussions continued until March 2023 when the Tenant issued proceedings alleging the landlord had unreasonably withheld consent.

The High Court decided the Landlord could reasonably withhold consent on the following grounds:

• The tenant’s failure to provide structural engineering drawings; and

• The tenant’s failure to provide an unqualified undertaking for the Landlord's reasonable costs.

How could it impact your business?

The decision reinforces that a landlord’s reasonable costs must be covered when requesting consent to alter. Any budget for carrying out alterations should include an allowance for those costs.

Tenants should be alert that a landlord can impose reasonable conditions on consent being provided for works which do not need to be provided for in your lease. Where a landlord imposes additional conditions on consent, consider taking advice as to whether any condition is reasonable and needs to be complied with.

Landlord consent may be required for a planning application to be made. If planning is being/has been obtained, be mindful of engaging with a landlord early enough that consent can either be obtained, or an application to court for deemed consent can be made ahead of planning permission lapsing.

What steps should you take?

If you are a tenant intending to carry out works, engage with the landlord early on any conditions for consent so any delays with procuring specialist advice can be factored into the works’ programme. This may require professional drawings and specifications and engineers’ reports. You may need to request collateral warranties in favour of a landlord where structural or major works are intended and subsequent insurance valuations could be required before a landlord will insure those works.

If you believe that a condition imposed by the landlord is unreasonable you should seek advice as soon as practically possible.

Introduction to AI Assurance

On 12 February, the Department for Science, Innovation & Technology released a report outlining an introduction to Artificial Intelligence (AI) Assurance. This follows the white paper released by the Government in March 2023.

The report highlights the importance of AI Assurance and offers practical guidance for organisations, as well as Regulators, bringing together various considerations to help them develop and deploy responsible AI Systems.

A copy of the AI Assurance report can be found here.

How could it impact your business?

AI brings unprecedented opportunities for businesses and society. However, the benefits also come with risks for any organisation that implements the technology.

In addition to demonstrating compliance with any existing and future relevant legislation, AI Assurance is a crucial component of an organisations’ wider risk management when developing, procuring, and deploying AI systems. As such, AI Assurance should be a main priority of any business who is looking to implement AI.

What steps should you take?

Whilst the document notes that ‘AI assurance is not a silver bullet for responsible and ethical AI’, the report provides 5 key steps to further develop AI assurance understanding and capability:

1. Consider existing regulations (for example, the GDPR and Equality Act);

2. Upskill within your organisation (any organisation is likely to be held back without specific knowledge about the technology). There are options, such as the Alan Turing Institute, which provide training workbooks on AI governance;

3. Review internal governance and risk management (internal governance processes should be assessed and amended to ensure that are ready for the new technology as these will form the foundation of any policies moving forward);

4. Look out for new regulatory guidance (The ICO has previously developed guidance on AI and data protection with further guidance expected soon); and

5. Consider involvement in AI standardisation.