Photo of Conor McEneaney

The Scottish Courts have given an interesting decision in relation to IT contracts, relating to the allocation of delivery risk between supplier and customer and the importance of doing what it says in the contract.

In David MacBrayne Limited v Atos IT Services (UK) Limited (2018), Atos, a supplier, had entered into an agreement with David MacBrayne Limited to supply a digital platform. The engagement was not successful and the parties claimed and counter-claimed against each other for material breach of the contract (amongst other things).

Customer Dependencies – Whose Responsibility is Delivery?

IT contracts will often include dependencies on customers to provide the supplier with information/documentation, some negotiated more than others.

In this case, the dependency was on the customer to use all reasonable endeavours to provide such documentation, data and/or information that the supplier reasonably requested and which was necessary to perform its obligations under the contract.

The question was whether this obliged the customer to provide the supplier with detailed specifications of their requirements in sufficient time to allow the supplier to comply with their obligations under the contract. In other words, to what extent should the customer be pro-active in telling the supplier what to do and thereby share delivery risk.

The Court said such general obligations are indicative of a responsive obligation (i.e. respond to queries from the supplier) as opposed to an obligation on the customer to be proactive in setting out their requirements. The Court said such obligations did not displace the obligation of the supplier to be primarily responsible for ascertaining the requirements for the service.

When negotiating IT transactions, it is very important to carefully consider (and negotiate) the scope of dependencies. While this decision points to a pragmatic approach by the courts which favours the customer, the very existence of general (or worse, unclear) dependencies can lead to disputes becoming more protracted and costly than they need to be.

Delay – Managing The Fall Out

The contract required the supplier to provide notice and follow a particular procedure in order to deal with delays. Here that process wasn’t followed. The supplier said it instead opted for a ‘co-operative and facilitative approach’ rather than ‘reaching for the contract’.

The Court said that the supplier was in breach for not following the procedure and this did not assist the supplier in its defence of the claim for material breach for delay. Ultimately, damages were awarded against it.

The judgment of the Court in this case highlights the inherent danger of choosing to ignore the procedural requirements in a contract; it will make claims all the more difficult to successfully prove or defend. The more removed from the letter of the contract the parties conduct is, the more uncertain their legal positions. It is essential to properly manage contracts.

 

The High Court has refused an application by the Irish Times for injunctions restraining the Times of London from using the words "The Times Irish Edition" in its forthcoming digital Irish edition of the newspaper. The new digital publication will be sold as a part of a subscription package with the Sunday Times and will be solely available digitally. The Irish Times had sought an injunction preventing Times Newspapers Limited (TNL) from using the "The Times Irish Edition" or any other title which may be confusingly similar to The Irish Times. TNL denied that the phrase would create any confusion due to the co-existence of the two publications in Ireland for 150 years as well as the fact that it was common knowledge that they intended to launch an Irish edition.

Continue Reading High Court refuses injunction over Irish edition of the UK Times

The European Commission has recently unveiled a 16 point plan for boosting the European digital economy entitled ‘A Digital Single Market Strategy for Europe’ (the Plan). The Plan envisages widespread revision of existing European internet, intellectual property and e-commerce law in a series of bold measures that the European Commission projects would add €415 billion to European GDP and also create 3.8 million new jobs.

Continue Reading Europe’s 16 point Digital Master Plan

Symantec released their annual Internet Security Threat Report (the Symantec Report) last week (available at http://www.symantec.com/security_response/publications/threatreport.jsp) and it makes for alarming reading. The risk of cyberattack is one that has been brought to the forefront of popular consciousness by the devastating cyberattacks on Sony Pictures Entertainment in 2014 and the Symantec Report shows that 2014 saw a worryingly exponential increase in the number, severity and sophistication of such attacks.

Continue Reading Symantec Cyberattack Report a timely reminder of increasing Cyberattack risk

The Data Protection Commissioner, Helen Dixon, spoke at the Society for Computers and Law’s ‘The Evolution and Reform of Data Protection’ event this morning. The Commissioner gave an overview of the activities of the Office of the Data Protection Commissioner (ODPC) in 2014 and set out the aims of the ODPC for the year ahead.

Continue Reading Data Protection Commissioner reviews 2014 and sets out plans for 2015

On November 23rd, Symantec, the American antivirus company, announced the discovery of a piece of software called Regin, which it had found lurking on computers and stealing data in Ireland, Russia, Saudi Arabia and several other countries. Its sophistication and stealth led Symantec to conclude that it must have been created by a nation-state.

The Regin software appears to have been lurking on some computer systems from as long ago as 2008 and Symantec said it was unusually low-key, meaning it could be used on a target for several years before being noticed. Symantec have described the purpose of Regin as “intelligence gathering” and said: “It is used for the collection of data and continuous monitoring of targeted organizations". Regin appears to be significantly more sophisticated than most other examples of hacking software as it could take screenshots, control the cursor and steal passwords.

While most computer viruses and hacking malware are produced by individual hackers or criminal gangs, the sophistication of Regin has led commentators to conclude that it must have been produced by a nation state. This is just the latest in a growing trend of sophisticated, state sponsored hacking attacks. The most famous example of such an attack is the ‘Stuxnet’ virus. Stuxnet was discovered in 2010 and was designed (according to experts in the field, almost certainly by America and Israel) to hijack industrial-control systems. It was deployed against Iran’s nuclear program, and caused widespread damage by destroyed centrifuges that were being used to enrich uranium.

Ireland has the fourth highest rate of infiltration by Regin in the world with almost 10% of infiltration incidences happening in Ireland. Irish companies should be aware of the threat posed by increasingly sophisticated hacking attacks particularly from software such as Regin which could be used for industrial espionage.

Under Irish law, infiltrations such as those carried out by Regin could be considered an offence under a number of different grounds. From a data protection perspective, pursuant to section 22 of the Data Protection Acts 1988 and 2003, it is an offence to obtain access to personal data without the prior authority of the data controller by whom the data is kept and to disclose the data to another person while sections 2 and 5 of the Criminal Damage Act 1991 could also make infiltrations such as those carried out by Regin an offence. Finally, section 9 of the Criminal Justice (Theft and Fraud Offences) Act 2001 could make the infiltrations carried out by Regin an offence as section 9 states that it is an offence for a person to "dishonestly, whether within or outside the State, operates or causes to be operated a computer within the State with the intention of making a gain for himself or herself or another or of causing a loss to another". Further legislative provision to deal with such hacking attacks will be provided in the forthcoming Criminal Justice (Cybercrime) Bill, the heads of which have been agreed and is currently being drafted.
 

In the Irish Government Budget for the forthcoming year published on 14 October, it was announced that the so called ‘Double Irish’ tax mechanism was being phased out. One of the mechanisms that is being considered to replace the ‘Double Irish’ is a new ‘Knowledge Box’ scheme. This scheme would be similar to the recently introduced Patent Box in the United Kingdom and would be of significant benefit to intellectual property holders in Ireland and those seeking to establish themselves in Ireland. Commentators suggest the Knowledge Box scheme will include a tax rate likely to be at least as low as 6.25 per cent and perhaps lower on intellectual property assets managed in the scheme. A 6.25 per cent tax rate would be half the standard Irish corporate tax rate of 12.5 per cent. The exact scope and conditions for qualifying for the scheme have yet to be determined.

Continue Reading Knowledge Box – Ireland’s new IP Tax Incentive

Apple Pay: an Introduction

One of the most exciting elements of the Apple iPhone 6 launch in September was the announcement by Apple of the Apple Pay feature. Apple Pay is a near field communication (NFC) based mobile payment system that comes pre-installed on the iPhone 6. NFC technology involves a short-range, low power wireless link evolved from radio-frequency identification technology that can transfer small amounts of data between two devices held a few centimetres from each other. It is the same technology that is behind the ‘tap and pay’ debit cards that have been rolled out by Irish banks in the last number of years.

While Apple Pay was launched with the iPhone 6 in the US, it has not yet been rolled out in Europe with rumours predicting an Apple Pay European launch in 2015.

It is clear that Apple Pay has the potential to be a ground breaking technology that may change the way that consumers use their phones and, indeed, how consumers pay for goods and services.

Continue Reading Apple Pay – Challenges and Solutions