Posted
By and

The UK Government has published a statement of intent containing details of its proposed Data Protection Bill. The full text of the Bill is expected in September 2017, when the UK Parliament returns from its summer break.

The Bill will enshrine the EU General Data Protection Regulation (GDPR) into UK domestic law. It will also implement the requirements of EU Directive 2016/680 (The Law Enforcement Directive) which covers the processing of personal data for crime prevention, and the free movement of such data.

Why is a UK bill needed?

Continue reading

Posted
By

Financial Institutions may need to revise consumer contracts to remove class action waivers in preparation for a March 2018 federal rule.

On July 19, the U.S. Consumer Financial Protection Bureau, the federal regulator for a sweeping range of depository and non-depository consumer financial services companies (including the largest of U.S. banks), published a final rule that makes it illegal for many of the CFPB’s regulated entities to include consumer class action waivers in pre-dispute arbitration agreements. The Rule’s effective date is September 18, 2017, and applies to contracts entered into after March 19, 2018. (The Rule does not apply to pre-existing contracts.)

As a result, covered consumer contracts entered into after March 19, 2018, will need to: (a) remove language in pre-dispute arbitration provisions that bars consumers from participating in class actions; and (b) add language informing consumers of their rights to participate in class actions. The Rule will also require such companies to provide information on individual arbitration awards to the CFPB for publication in a public database (redacting consumers’ private financial information). Although the Rule does not outright prohibit pre-dispute arbitration agreements themselves (as many expected the CFPB might), companies will need to reconsider the economics behind offering consumers a full arbitration program in light of a future reality of increased class actions.

Continue reading

Posted
By

Pharmaceutical and Life Sciences companies operate in a demanding environment and face diverse challenges such as pricing pressure, increased regulatory requirements and mounting costs. With this backdrop, they have, starting with non-core functions, such as IT, facilities management, finance and human resources, before moving to secondary core functions, such as research and development, manufacturing, logistics, warehousing and brokerage, increasingly looked to outsourcing so as to better focus on core competencies, access specialized expertise and achieve cost-saving benefits.

In this blog post, a closer look at some of the key challenges faced by those operating in the Pharmaceutical and Life Sciences sector is taken from an outsourcing perspective.

Regulatory Environment

Continue reading

Posted
By

The European Banking Authority (EBA) has opened a consultation on its draft recommendations for financial institutions outsourcing to cloud service providers across all cloud-related domains including infrastructure as a service, platform as a service and software as a service. The recommendations are intended “to clarify the EU-wide supervisory expectations if institutions intend to adopt cloud computing, so as to allow them to leverage the benefits of using cloud services, while ensuring that any related risks are adequately identified and managed.” A public hearing will take place at the EBA’s Canary Wharf, London premises on 20 June 2017 and the consultation will close on 18 August 2017.

Continue reading

Posted
By

A number of major carriers have suffered high-impact IT events in the past several months. Estimates of losses in these cases have exceeded £100m. This is on top of (no doubt significant) remedial costs, reductions in share price and reputational damage.

Such high-impact events are, in theory, unlikely to occur—the result of a series of unlikely events which when taken together have a catastrophic impact. Unfortunately for corporates, the probability of a high impact IT event is increasing. This is partly due to the increasingly interconnected and complex nature of IT infrastructures but also due to heightened cybersecurity risks. Failures tend not to be not localised to a particular geography or business but have global reach.

We advise airlines to consider and revisit their current business continuity and disaster recovery (BCDR) arrangements. In our experience, the reality of BCDR arrangements often falls below the stated requirements or capabilities of such solutions, whether provided by third-party IT providers or in-house.

Continue reading

Posted
By

In a global economy, every supply chain should have each link inspected to ensure it has not been forged in whole or in part in a manner that involves human rights abuses. In “Is your supply chain free from human rights abuses?,” a recent piece in Outsource, our colleague Tim Wright explores what a company can do to ensure its product is not the result of slavery or other human rights abuses.

Posted
By

The European Commission has published its Brexit mandate with a clear focus on “citizens’ rights, the financial settlement and new external borders,” with the Commission’s chief Brexit negotiator, Michel Barnier, planning to “pay great attention to Ireland during the first phase of negotiations.” In his Next Steps toward Brexit Client Alert, Pillsbury partner Tim Wright explores some key issues including safeguarding of EU citizens, settlement of UK financial obligations, and sorting out the Irish border situation.

 

Posted
By

Software giant’s victory in “indirect use” case is cause for concern for companies worldwide.

On February 16, 2017, the High Court of Justice in the United Kingdom held that Diageo plc, a global drinks company, was liable for unauthorized use of SAP software as a result of failing to secure “Named User” licenses for its customers and sales representatives who used certain third party applications running on a Salesforce platform that accessed and exchanged data with SAP systems. While the decision does not have direct application outside the United Kingdom and may be appealed by Diageo, it is an important win by SAP and a significant cause for concern for companies licensing SAP software. The decision may embolden SAP to be even more aggressive in attempting to extract additional license and support fees from customers—which could potentially run into tens of millions of dollars for many companies—based on alleged “indirect” uses of SAP software. We encourage licensees of SAP software to get in front of this issue by undertaking an assessment of whether they are at risk for claims of indirect use by SAP.

 

To read the full alert on the Pillsbury site click here…

Posted
By

Recently, governments and rule-making bodies across Europe, the UK and globally, appear to be paying increasing attention to the need for the development of legislative and regulatory frameworks in the expanding field of artificial intelligence (AI) and robotics. With the growing use of these technologies across a wide range of industry sectors, we expect to see new laws and regulations being introduced in this area in the coming years, across a broad spectrum of legal disciplines including intellectual property rights and product liability.  Discussed below are some recent developments in this area in the European Union, the United Kingdom, the United States and Japan.

European Union

The European Commission’s Legal Affairs Committee recently published a report calling for EU-wide rules governing AI and robotics[1]. Rapporteur Mady Delvaux (S&D, LU) said: “A growing number of areas of our daily lives are increasingly affected by robotics. In order to address this reality and to ensure that robots are and will remain in the service of humans, we urgently need to create a robust European legal framework”.

Continue reading

Posted
By

According to PwC’s latest biennial Global Economic Crime Survey, cyber-crime is up 20 percent since 2014 and more than half of the firms surveyed expect to become the victim of a cyber-crime in the next two years, although a third reported that they have no plan to address a cyber-incident. While we are used to seeing the big cyber-attacks make the news, an attack of any size can have a disastrous effect on a business and within the supply chain and can also have wide-reaching implications: not only for the business targeted, but all those businesses linked to it. In “Protection Planning,” an article in Logistics Business Magazine, Pillsbury partner Tim Wright discusses the steps you should be taking to proof your business from such damaging shocks.