Main menu


+44 (0)151 600 3000


+44 (0)161 836 8800


+44 (0)1772 823 921

Search form

Search form



UK website privacy notices are far from compliant with GDPR
Monday 20th November 2017

An international study has found that businesses in the UK need to improve their online privacy notices if they are to comply with the General Data Protection Regulation (GDPR) by the time it comes into force on 25 May 2018. With new fines of up to 4% of global worldwide turnover or €20million, whichever is higher, organisations should be keen to improve in response to this timely warning.

The study was led by the UK data protection regulator, the Information Commissioner’s Office (ICO), and included participation by 24 additional data protection regulators from around the world. In all, 455 websites and apps across a wide variety of sectors were assessed. The regulators were considering how easy it was from a user’s perspective to establish precisely what information was being collected, how it was being used, processed and shared, and what the purpose of the collection and processing was.

The study highlighted several issues that were present across all of the jurisdictions in which websites were assessed:

  • Privacy communications across all sectors tend to be too vague, lacking specific detail and relying on generic clauses;
  • Most organisations are failing to inform their web users what happens to their information once it has been collected; and
  • There is a general failure to specify with whom personal data is shared.

On the back of the report, several regulators in different jurisdictions have decided to take action to improve compliance with data protection legislation. Some regulators are working to provide guidelines to advise businesses on how to improve their privacy practices, and in more serious cases regulators have contacted individual organisations to set out remedial actions that need to be taken to improve control of personal data.

In the UK, 30 websites were assessed by the ICO as part of the study. They included websites from the retail, banking, travel and price comparison sectors. The assessments concluded that the privacy notices of these websites were inadequate. Key problems highlighted by the ICO in the UK included:

  • 26 of the 30 failed to specify how and where information would be stored. Additionally, the data that was provided was often unclear and vague;
  • 26 organisations failed to explain whether personal data would be shared with third parties and who those third parties would be;
  • 24 websites did not provide users with any clear means to remove their personal data from the website; and
  • 7 businesses did not make it clear how users could exercise their rights to access the personal data the businesses held about them (i.e. through a Subject Access Request)

The ICO manager involved, Adam Stevens, said of the poor results, “the GDPR is coming in May 2018 and from what we’ve found so far, organisations which want to do business or operate in the EEA have a lot of work to do if they don’t want to be breaking the law.”

This month, the ICO have set up a dedicated advice line for small and micro businesses and charities. The main aim is to help those organisations without significant resources to prepare for GDPR, however, the service will also be able to advise on current data protection rules, electronic marketing and freedom of information requests. To get in touch, visit the ICO website here

This article is part of a series produced between November and December 2017 for Brabners Data Protection Month – you can find all of our data protection articles on our Data Protection Month page.



European Parliament Moves to Begin E-Privacy Regulation Negotiations
Wednesday 15th November 2017

The European Parliament last week voted to begin informal trialogue negotiations with the Council of the European Union and the European Commission on the draft wording of the new E-Privacy Regulation (EPR).

What is the E-Privacy Regulation?

The Regulation on Respect for Private Life and the Protection of Personal Data in Electronic Communications (EPR) is a new law emanating from the EU. The EPR is concerned with the collection and use of electronic communications data, including both content and metadata, as well as with tracking technologies, such as cookies or digital fingerprinting.

The EPR will repeal and replace the current law in this area, the Directive on Privacy and Electronic Communications 2002 (DPEC). Similar to the General Data Protection Regulation (GDPR), the EPR will have direct effect in EU member states and so should lead to greater harmonisation and eventual cost savings for businesses that operate within the single market.

How does the E-Privacy Regulation relate to GDPR?

The GDPR is, as the name suggests, a regulation with general application. It takes a blanket approach to data protection and does not distinguish between sources or methods of collection of personal data. The EPR is designed to complement the GDPR, sitting alongside it and applying in tandem. The EPR will only apply to information collected via certain channels; electronic communications and tracking technologies. For this information, whether it amounts to personal data or not, the EPR will lay down specific rules that apply in addition to any GDPR obligations. The EPR will not create any exceptions to the GDPR regime.

This means that businesses using electronic communications data will have to look to both regulations to ensure compliance. In the first instance, the EPR will define the rights and obligations involved in the collection and use of all electronic communications data, and then, if that data contains personal data, the GDPR will also kick in.

Who will be affected?

The EPR takes a much broader approach to electronic communications data than the DPEC. The new definition aims to catch all electronic communications in any form, including text, voice-over-internet-phone services such as Skype, and internet messaging platforms such as Whatsapp or Facebook Messenger.

In addition, the EPR will specifically apply to those businesses that provide communications services only as an ancillary function intrinsically linked to another service. This means that businesses that include communications platforms within their products, sites or services will also be caught, for example, a player-to-player messenger built into an online game, a messaging service between guests and hosts on an accommodation website, or even connectivity between appliances in an Internet-Of-Things context.

Like the GDPR, the EPR will take a global, extra-territorial view of compliance. The provisions of the EPR will apply to any business that is providing electronic communication services to individuals within the EU, or using tracking technologies placed on the devices of individuals within the EU. It does not matter where the business is established.

What are the key provisions of the E-Privacy Regulation?

The EPR splits ‘electronic communications data’ into two categories, content and metadata. The content is the message, the information or signal input by one end-user and transmitted to another. The metadata is all the surrounding information, the date of the message, the time, the identity of the sender and recipient, the IP addresses of each, etc.

Different rules apply to the collection and use of each category of electronic communications data. The rules’ key aim is to enshrine the principle that communications data should be private, however, they also seek to achieve a balance in which legitimate uses of such data are allowed, and wider uses are allowed with consent.

The use of metadata for billing purposes for example, is a legitimate use and will not require consent. On the other hand, accessing the content of messages to improve targeted adverts within a service would be seen as a wider use that would require the consent of the users.

The other main strand of the EPR is that individuals should not be tracked by technologies such as cookies without their consent. The European Commission proposal aims to improve the current state of regulation in this area, which is inconsistent in both its application and enforcement, leading to widespread non-compliance and consent fatigue.

The EPR marks a major departure from previous attempts to enforce a requirement for consent, by moving the obligation to seek consent from the website to the browsers or operating systems that enable access to the internet.

There are still technical issues to overcome in order to achieve this, as what the regulation essentially requires is a universally understood signal that can be sent by a browser to a website to tell it that the individual has not consented to tracking technologies. The idea of a Do Not Track signal has been under discussions in the World Wide Web Consortium for over 5 years with little progress seen so far.

When will the E-Privacy Regulation enter force?

The current aim is for the EPR and the GDPR to come into force together on the 25 May 2018. This would create a unified and complete system of data protection regulation across the EU.

However, the EPR is still in draft form and must be negotiated and agreed between the 28 member states of the EU and adopted by both the Council of the European Union and the European Parliament. The negotiations in respect of the GDPR took around 4 and a half years to complete, and the draft text of the EPR was only released in January of this year.

Given the short timescales that would be required for negotiations, and the key technical hurdles involved in cookie consent, it appears unlikely that the 25 May 2018 deadline will be met. What is clear is that the EPR remains a high priority for European legislators, despite these challenges.

What to do now

The consequences of non-compliance match those of the GDPR, with a maximum fine of up to 4% of annual worldwide turnover or €20million. Getting ready for the EPR should therefore be high on the agenda of any business, based anywhere in the world, that provides communications in the EU or uses tracking technologies in the EU.

Currently, we only have a draft text of the EPR and there are substantial amendments still likely to be made. This does not mean that preparation cannot begin now. At the moment there are three key points to take away from the draft proposals:

  1. Privacy of electronic communications is paramount: Organisations should review how and why they are collecting and using communications data.
  2. Consent will be required for tracking technologies, and the consequences of non-compliance will be much greater: Proper cookie consent should be sought in all instances, consider implementing banners.
  3. The scope of application is not limited to just those businesses in the EU: The EPR and GDPR are likely to affect most businesses in some way, resources should be sought to enable the changes required for compliance to be made.

This article is part of a series produced between November and December 2017 for Brabners Data Protection Month – you can find all of our data protection articles on our Data Protection Month page.


The Data Protection Bill – Criminal Offences
Wednesday 15th November 2017

There are just over 6 months left before the EU General Data Protection Regulation (GDPR) comes into force, and most businesses are now aware of the hefty administrative fines for breaching the new EU rules. However, the UK’s new Data Protection Bill (“the Bill”) also creates criminal offences for the UK, some of which exist neither in the current Data Protection Act 1998 (DPA) framework nor the GDPR.

Unlawful obtaining of personal data

Under the DPA, it is an offence to knowingly or recklessly obtain, disclose or procure the disclosure of personal data without the consent of the data controller. It is also an offence to sell, or offer to sell, illegally obtained personal data. This offence is extended under the Bill to include the retention of personal data. Therefore, an innocent recipient of personal data (where, for example, the data was disclosed to them by mistake) will commit an offence by failing to delete or destroy that data.

Defences to this offence involve proving that the actions were necessary to detect or prevent crime, required or authorised by law or an order of the Courts, or justified as being in the public interest. It is also a defence to prove that the alleged offender reasonably believed that they either had a legal right to obtain, disclose, procure or retain the data, or that the controller would have given its consent if had known about the circumstances.

Re-identification of de-identified personal data

Personal data is “de-identified” if it has been processed in such a way that it can no longer be attributed to a specific data subject (such as through encryption, anonymisation or pseudonymisation). The Bill makes it an offence to “re-identify” such data (so that data subjects can again be identified from it) without the consent of the relevant controller, or to process personal data which has been unlawfully re-identified by someone else.

This new offence also has defences relating to the prevention or detection of crime, authorisation by law or by the Courts, and justification in the public interest. If an alleged offender can prove that they reasonably believed they were either the subject or the controller of the data, had the subject or controller’s consent, or would have had such consent if the subject or controller knew of the circumstances, they will also have a defence.

It has been suggested that this offence could be disastrous for some security researchers (sometimes known as “ethical hackers”), who routinely attempt to decrypt encrypted data for the purposes of testing and improving security systems. However, where a researcher is commissioned to test the security of a system in this way, they will likely benefit from the consent of the relevant controller. Even where such actions have not been commissioned or requested, it is conceivable that ethical hackers could rely on the defence of public interest. Alternatively, it may be that the controller would have consented had they known of the circumstances – businesses may even be grateful for researchers pointing out security vulnerabilities in their systems (provided those vulnerabilities are not exploited during the process). These defences are not clear cut, however, and it remains to be seen how such actions will be treated when the Bill comes into effect.

Preventing disclosure of personal data

The GDPR retains (and extends) the rights of data subjects to access their personal data. Where a data subject makes such a request (e.g. a subject access request or data portability request) and is entitled to receive the information requested, it will be an offence for the data controller (or its employees, officers or persons under its control) to alter, deface, block, erase, destroy or conceal that information with the intention of preventing its disclosure to the data subject.

It will be a defence to prove that the infringing actions would have occurred in the absence of the data subject’s request, or that the person altering (etc.) the information reasonably believed the requestor was not entitled to receive the information requested.

Prohibition on requiring relevant records

Under the Bill, it will be an offence for a person (P1) to require another person to provide P1 with health records or criminal records in connection with P1’s recruitment (or the continued employment) of an employee, or in connection with a contract for the provision of services to P1.

Where a person (P2) provides goods, services or facilities to the public (or a section of the public), it will also be an offence for P2 to require access to health or criminal records as a condition of providing those goods, services or facilities to any third party.

The wording of these offences is largely lifted from the DPA, but the existing rules relate only to criminal records (although some health records may benefit from protection in other legislation such as the Access to Medical Reports Act 1988).

Further offences and penalties

Under the DPA, it is currently a criminal offence for a controller to process personal data without first being registered with the Information Commissioner’s Office (ICO). Carried over from the Data Protection Act 1984, this offence may have been practicable 20 or 30 years ago but, with developments in technology and the increasing use of personal data, it has become a costly burden for many businesses. This offence is abolished in the GDPR and the Bill, and controllers will instead have an obligation to keep their own records and make them available to the ICO upon request.

It will be an offence under the Bill to intentionally obstruct the ICO’s inspection of personal data (where inspection is necessary for the ICO to comply with its obligations) or to fail without reasonable excuse to give such assistance as the ICO reasonably requires for such inspections. It will also be an offence to fail to comply with an information notice issued by the ICO, to knowingly or recklessly make a false statement in response to such a notice, or to interfere with the execution of a warrant obtained by the ICO in connection with a suspected data protection breach or offence.

Currently, there are no custodial sentences for the criminal offences under the Bill, which are all punishable (in England and Wales) by uncapped fines.

This article is part of a series produced between November and December 2017 for Brabners Data Protection Month – you can find all of our data protection articles on our Data Protection Month page.


The Data Protection Bill vs The Data Protection Act
Wednesday 15th November 2017

The EU General Data Protection Regulation (GDPR) creates a new framework for data protection across the EU, and commentary on the changes under the GDPR is extensive (you may, for example, find it useful to read our article from last year summarising the key differences between the current rules and the GDPR).

The UK’s new Data Protection Bill (“the Bill”), which is currently working its way through Parliament, supplements the GDPR in UK law, creates a few new criminal offences, and (where it is allowed to) provides exemptions to the new EU regime. The Data Protection Act 1998 (DPA) similarly provided exemptions when it implemented the EU’s 1995 Data Protection Directive into domestic law in 1998, and many business have relied on such exemptions since that time.

Whilst talk of increased sanctions and harder-to-obtain consent has dominated the headlines, one of the important questions for many businesses will be: can we still rely on those exemptions? The good news is that, for the most part, the answer to that question is “yes”.

In relation to consent, more emphasis will need to be put on identifying the relevant legal bases a business may have for using personal data, rather than merely relying on consent. Privacy Impact Assessments will need to be undertaken and privacy notices sent to data subjects. Where consent is required it must be obtained unambiguously and (in the relation to special categories of data) explicitly. It must also be freely given, specific and informed consent. Businesses will need to take a more granular approach to different uses they make of personal data and ensure that they have the appropriate legal basis for each different use.

The Bill recreates a number of important exemptions from the DPA for public bodies, including in relation to data processing for national security purposes, the prevention and detection of crime and the assessment and imposition of taxes. A new exemption is also introduced for the maintenance of effective immigration controls.

The existing exemptions for regulatory and supervisory bodies, which apply to data processing for purposes in the public interest (such as, for example, protecting the public from financial malpractice, protecting charities and securing the health, safety and welfare of workers) also have equivalent provisions in the Bill (and are extended to reflect new provisions under the GDPR).

The ‘freedom of expression’ exemption for journalism, literature and art is extended in the Bill to include academic purposes, and the protection for research, historical and statistical purposes is also carried through into the Bill with largely identical conditions to those in the DPA. Further new exemptions are introduced in respect of data processed for archiving purposes which are in the public interest, and to restrict data subjects’ rights of access to data where other enactments prohibit disclosure of such information (in relation to, for example, child adoption and human fertilisation).

In respect of the processing of sensitive (or “special category”) personal data, which is generally forbidden under the GDPR unless certain conditions are fulfilled, the Bill provides some specificity to the GDPR’s broadly worded conditions. One such condition involves processing for reasons of “substantial public interest” (a phrase which is not used in the current legislative framework). The Bill expands on this by providing a number of circumstances where the condition is fulfilled, notably including the processing of such data for the purpose of identifying and eliminating doping in sports.

There are new criminal offences in the Bill which are not present in the DPA. The offence of knowingly or recklessly obtaining or disclosing personal data without the controller’s consent exists in the current framework, but the Bill also makes it an offence to retain, sell, or offer to sell such data once it has been obtained without consent. Other new offences include decrypting encrypted personal data (or processing such data once it has been decrypted) without the controller’s consent, and altering or destroying personal data to prevent a data subject’s right of access.

This article is part of a series produced between November and December 2017 for Brabners Data Protection Month – you can find all of our data protection articles on our Data Protection Month page.


GDPR vs The Data Protection Bill
Wednesday 15th November 2017

The UK’s new Data Protection Bill (“the Bill”), which was first introduced to Parliament last month, is intended to implement the EU General Data Protection Regulation (GDPR) and address areas (such as exemptions) where member states are afforded some discretion in applying the GDPR principles to domestic law (as well as creating some new criminal offences). The Bill also introduces similar provisions to those in the GDPR in respect of data processing by law enforcement authorities and intelligence services; areas which are outside the scope of the EU regime.

Controllers and Public Authorities

The substance of the Bill begins with a clarification of the term “controller”. The controller bears the brunt of the sanctions for non-compliance, and the GDPR’s definition (persons “who determine the purposes and means of the processing of personal data”) largely mimics that of the Data Protection Act 1998 (DPA). However, the Bill provides special rules in respect of data processed by the Crown or by Parliament, and retains a provision from the DPA which says that, where data is required to be processed by an enactment, the controller is the person upon which that requirement is imposed.

A definition for the term “public authority” (which is used, but not defined, in the GDPR) is also provided in the Bill, by reference to the Freedom of Information Act 2000. Whilst this was not an unexpected move, the definition notably includes limited companies whose shareholders are all public bodies (such as local authorities). One of the main repercussions of this is that such companies will not be able to rely on the “legitimate interests” ground for processing personal data.

Extended provisions

One topic of interest to the public is the minimum age at which children may provide their consent to the processing of their personal data. The default position under the GDPR is 16 years but member states are permitted to reduce this to not less than 13 years; the Bill implements the lowest age of 13.

The Bill also expands on the issue of processing sensitive personal data (such as data relating to racial origins, religious beliefs, sexual orientation etc.) which, under the GDPR, is prohibited unless certain conditions are met. The Bill provides substantial guidance on those conditions and, in some cases, may make them harder to fulfil. Controllers processing sensitive personal data will have to have appropriate policy documents in place, explaining their procedures for securing compliance with the data protection principles and their data retention and erasure policies.

An appeal route is also provided in the Bill for individuals that have been subject to a decision which substantially affects them based purely on automatic processing.

Criminal Offences

There are several new criminal offences created by the Bill which are not present in the GDPR or the existing DPA framework.

The DPA offence of knowingly (or recklessly) obtaining or disclosing personal data without the controller’s consent subsists, but the Bill also makes it an offence to retain such data once it has been obtained without consent, or to sell (or offer to sell) such data. It will also be an offence under the Bill to decrypt encrypted personal data, or to process such data once it has been decrypted, without the controller’s consent. Finally, in an attempt to safeguard data subjects’ access rights, it will be an offence under the Bill to alter or destroy personal data that a data subject has requested (and is entitled to receive) access to.


The Bill contains a wide array of exemptions from the provisions of the GDPR, some of which will be familiar to those acquainted with the existing DPA framework.

A large portion of the GDPR (including data subjects’ rights of access to data, rectification, erasure, data portability and objecting to processing) is exempted for various purposes that are in the public interest, such as the prevention of crime, the maintenance of effective immigration control, the protection of charities and the securing of the health and safety of workers (amongst many others).

The ‘freedom of expression’ exemption, which was present in the DPA, also subsists in the Bill where personal data is processed for the purpose of journalism or for academic, artistic or literary purposes.

The right of a data subject to access personal data held about him/her is explicitly limited in the Bill so that a controller is not obliged to disclose data to a subject if other individuals are identifiable from that data. The obligations on controllers to provide information about their processing of personal data to subjects are also exempted in various situations, including where compliance would cause a controller to incriminate itself for a criminal offence.

This article is part of a series produced between November and December 2017 for Brabners Data Protection Month – you can find all of our data protection articles on our Data Protection Month page.


Contract Formation & Incorporation of Terms
Tuesday 14th November 2017


In order for a contract to be legally binding, there must be an offer, acceptance of the offer, consideration (something given by each party), intention to create legal relations, and sufficient certainty of contractual terms.

Acceptance of an offer must usually be communicated to the offeror. However, a contract may be accepted through conduct, by the parties acting as if the contract is binding.

A valid contract can be formed verbally, but intention to create legal relations can be difficult to establish where a contract is purportedly formed in an informal setting. In such cases, there may also be uncertainty as to the agreed terms, which could prevent a valid contract from being formed.

Where two businesses contract with each other and both attempt to incorporate their standard terms of business, a process known as the ‘battle of the forms’ ensues. Several factors (including the existence of ‘prevail’ clauses, the process of negotiations and the order in which the conflicting terms are sent between the parties) play a part in determining which terms form part of the contract.

Recent case law

In Reveille Independent LLC v Anotech International (UK) Limited [2016] EWCA Civ 443, Anotech sent an offer document to Reveille, which stated that it would not be binding on Reveille until signed by both parties. Reveille never signed the document, but both parties proceeded as if the contract had been signed. Cranston J, in the Court of Appeal, held that Reveille’s conduct amounted to an acceptance of the offer and a waiver of the signature requirement. Both parties’ conduct confirmed the existence of a binding contract, and this outcome accorded with the reasonable expectations of honest and sensible business people.

In two similar cases this year, MacInnes v Gross [2017] EWHC 46 (QB) and Blue v Ashley [2017] EWHC 1928 (Comm), the Courts considered whether binding contracts had been formed as a result of discussions held in informal settings (a restaurant and a pub, respectively). In both cases, the Courts found that no binding contract had been formed. However, it was made clear that the informal nature of the meetings did not, of itself, preclude a contract from being formed. The factors which influenced the Courts’ decisions included:

• the informal setting and nature of the meetings and the absence of any written record of negotiations;
• the use of the phrase “headline terms” in respect of the purported agreement;
• the absence of terms vital to the performance of the contract and the uncertainty of terms supposedly agreed; and
• the lack of commercial common sense in the purported agreement.

In Barrier Limited v Redhall Marine Limited [2016] EWHC 381 (QB), Redhall sent a purchase order to Barrier which stated on the front: “The terms overleaf must be read and strictly adhered to”. Redhall would normally print its standard T&Cs on the back of such purchase orders but, in this case, the carbon copy which only contained the front page was sent by accident. The Court held that Redhall’s T&Cs were communicated to Barrier by reference and were therefore incorporated into the contract; Barrier had the opportunity to request the T&Cs at any time and did not need to have read the terms for them to be binding.


These recent cases highlight a number of important points:

• A document need not be signed in order to be binding, and explicit signature requirements can (in certain circumstances) be waived by the parties.
• An offer can be accepted by conduct even where the document expressly requires acceptance in a certain manner.
• A contract can be formed (verbally or otherwise) anywhere, but the informality of the setting, the nature and detail of the discussions and the commercial viability of the purported agreement will influence the Court’s decision.
• It is preferable (although not necessary) to reduce a contract to writing, but phrases such as “headline terms” or “heads of terms” indicate a lack of intention to create legal relations, even in a written document.
• It is not necessary for contractual terms to be set out in the actual contract document for them to be binding, provided that reasonable notice of the terms has been given to the other party (e.g. by clear reference on the front page of the document).

If you would like to find out more on the topic, please contact Jack Roberts or a member of our Commercial team.


Contractual Interpretation
Tuesday 14th November 2017


It has been established in the Courts that, when interpreting the provisions of a contract, one must look at a number of factors including:

• the natural meaning of the words used;
• the meaning of the clause (as a reasonable person would understand it) in light of the overall document;
• the purpose of the document (from a commercial point of view); and
• the relevant background facts or knowledge reasonably available to the parties at the time the contract was made.

However, there has been some debate in recent years as to how much weight should be afforded to each of those factors, and which should take priority in the event of a conflict.

In Rainy Sky SA v Kookmin Bank [2011] UKSC 50, Lord Clarke took the view that, where there are two possible interpretations of a contractual term, the Court is entitled to favour that which is consistent with “business common sense”, and to reject the alternate interpretation even where the natural meaning of the words leans in favour of the latter.

In Arnold v Britton [2015] UKSC 36, Lord Neuberger favoured the approach that puts the most weight on the plain and ordinary meaning of the words used, stating that the surrounding circumstances of the case and the idea of commercial common sense should not be invoked to undermine the language used in the contract.

Recent case law

In an attempt to reconcile the previous decisions and clarify the true legal position, the Supreme Court addressed this issue again in Wood v Capita Insurance Services Limited [2017] UKSC 24.

Lord Hodge stated in Wood that textualism (the approach that looks at the plain and ordinary meaning of the words used) and contextualism (the alternate approach of favouring commercial common sense and the factual background of the contract) are not conflicting paradigms. The correct, objective interpretation of a contract must be achieved having regard to both principles; the question of which deserves priority over the other will depend on the circumstances of the case, and the nature of the document.


Whilst it seems that Lord Hodge is “sitting on the fence” with regard to the alternate principles favoured in Rainy Sky and Arnold respectively, his comments in the judgment of Wood provide some useful guidance as to the circumstances in which each principle should be applied.

In the case of a sophisticated contract that has been negotiated and drafted by skilled professionals, if any provisions seem unusual or create an unfair outcome for one party then it is likely that this was intended as a result of the negotiations. The “textualism” approach of looking at the plain and ordinary meaning of the words should take priority, and only be departed from in the event that conflicting interpretations of the contract cannot be reconciled by the language alone.

If a document is informal, or badly drafted, the Courts may be more likely to depart from the most plausible linguistic meaning of the words used and favour a construction that better fits the commercial purpose of the contract, taking into account the document as a whole and the relevant circumstances.

If you would like to find out more on the topic, please contact Jack Roberts or a member of our Commercial team.


The Dental Lawyer’s guide to unlocking your NHS Pension- 24 Hour Retirement
Tuesday 17th October 2017

You own your NHS dental practice, you love it, you couldn’t bear to leave your wonderful patients and staff, but you wish that you could still get your hands on that NHS pension which you have accrued over the years. So how can you achieve this whilst still remaining in practice? Don’t worry, the dental team at Brabners can help.

To claim your pension you must: i) retire from your NHS contract for a minimum period of 24 hours and ii) have not worked more than 16 hours a week in the month preceding this retirement. If you have a partner on your NHS contract, this might be a simple process. However, for sole practitioners submitting notification to the NHS of your retirement would have the effect of terminating your contract.

If you want to continue to run and own your practice after claiming the pension, steps can be taken to ensure that this does not happen. The appropriate way forward is to add a second name onto your NHS contract, another dentist, who would act as a nominal partner. This allows you to ‘retire’ from the NHS for the obligatory 24 hours, and subsequently allows you to re-join the NHS and claim an entitlement to your pension the next day.

Obviously, the partner needs to be someone you can trust. It may also be sensible to have a document prepared, to formally stipulate that whilst this partner’s name appears on the NHS contract, the benefit of the goodwill and income will continue to be owned by you.

From the nominal partner’s perspective, it is worth bearing in mind that although they would have no actual right to any of the money from the NHS in accordance with their agreement with you, they do have obligations to the NHS once they appear on the contract. For example, if the practice runs behind whilst they are a partner, they are responsible (together with you) for clawback payments. If this is a significant risk, this partner may wish to ensure that their name is removed from the contract as soon as your name has been re-added to the contract.

The CQC is another factor to consider in this process. NHS England is likely to look to ensure that the partnership only starts once an application has been processed for CQC registration in the joint names of yourself and your proposed partner.

Once a CQC application has been processed, notice can be submitted to the NHS to add the second name to the contract and a date will then be set for your brief 24 hour retirement. Once this date is known, you can submit the ‘NHS BSA Pensions- Retirement Benefits Claim Form’ (AW8) to the Business Services Authority.

Following the 24 hour retirement, any changes that have been made to your NHS contract and CQC registration can be reversed. Your NHS contract can be returned to your sole name and you can re-apply as an individual for CQC registration.

However, for a number of reasons, you may wish to consider retaining the assistance of your nominal partner for a little longer.

For example, timescales for termination of a GDS contract upon the death of a sole practitioner are short and can only be extended at the sole discretion of NHS England. This puts an added and potentially avoidable stress on your family and executors, at an already stressful time.

Leaving a second nominal partner on your GDS contract would ensure that the NHS contract survives in their name following completion. In the event of your death, it would give your executors and family flexibility, giving them more time to sell on or possibly choose to continue running the practice.

Now all you need to do is find that trusted dentist friend and give us a call. 


Top 5 consumer rights businesses need to be aware of
Friday 6th October 2017

As the news emerged on Monday morning that Monarch Airlines had gone into administration overnight, just days after rival airline Ryanair announced that a second wave of flight cancellations would affect more than 400,000 people, many of the affected travellers needed information as to the options for recompense available to them.

Ryanair found itself in trouble with the Civil Aviation Authority (CAA) last week for misleading its affected customers. On the CAA’s orders, Ryanair has contacted its disrupted customers to advise them of their rights under EU regulations and will be offering full refunds or alternate flights.

However, for Monarch passengers, such remedies are unlikely to be available due to Monarch’s parlous financial position. The CAA will return stranded Monarch customers to the UK (at the government’s expense), but for those yet to depart on their travels the best remedy may be found in the UK’s consumer credit regime.

Whilst it is vital for consumers to understand their rights and remedies, it is equally essential that businesses understand their liabilities and obligations. Whether you are a large airline operator or a small high street retailer, here are the top 5 consumer rights that your business needs to be aware of:

1.Liability of credit card providers

Where a consumer makes a purchase over £100 (but less than £30,000) using a credit card for at least part of the payment, and subsequently has a claim against the supplier for breach of contract or misrepresentation, the Consumer Credit Act 1974 states that the credit card provider is jointly and severally liable and that a claim can be made by the customer against the provider. However, businesses should not see this as a safety net; credit card providers will seek reimbursement from a business should the provider pay up to the consumer, with businesses likely to find that credit institutions are more rigorous in their debt recovery than the average consumer.

2.Cooling off periods for online sales

When a consumer buys goods, services or digital content online or over the phone, the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 require a mandatory cooling-off period of 14 days within which the consumer may cancel the contract. The 14 days begins on the day after the date the contract is entered into (for services or digital content) or the date upon which goods are received by the consumer.

3.Remedies for defective goods

Under the Consumer Rights Act (CRA) 2015, goods (including digital content) sold to consumers must be of satisfactory quality, fit for their purpose and as described. If a consumer discovers a fault with the goods or digital content within 6 months, it is assumed that the fault existed upon delivery (unless the supplier can prove otherwise). Defective physical goods may be rejected (for a full refund) within 30 days after delivery. Within the first 6 months, a consumer is entitled to have faulty goods or digital content repaired or replaced or to obtain a price reduction (which may be a full refund).

4.Delivery of goods

Unless otherwise agreed with the consumer, the supplier must deliver goods within 30 days. The supplier also retains the risk in the goods until they are delivered to the consumer (or someone identified by the consumer to take delivery). If delivery is late, and another reasonable delivery time cannot be agreed, the consumer has the right to terminate the contract and get a full refund.

5.Unfair terms

There is a general rule under the CRA 2015 that if a term in a consumer contract is unfair to the consumer, it will not be binding. Terms that are likely to be considered unfair include: those which unreasonably limit the liability of the supplier or the rights of the consumer; disproportionate monetary penalties; and those which attempt to bind the consumer to terms that they have not had the opportunity to read beforehand. Whilst all businesses need to protect their own interests in their contracts, when dealing with consumers it is vital to ensure that the scales are not tipped too far in favour of the supplier, to the detriment of the consumer.

If you would like to find out more on the topic, please contact Jack Roberts or a member of our Commercial team.


NHS Dentistry figures released
Monday 2nd October 2017

A major nationwide survey by the BDA has indicated that almost 58% of the UK’s NHS dentists plan to leave NHS dentistry within the next 5 years.

Whilst retirement will play a significant factor in this (with 2016 figures showing that around a third of practice owners and 13% of associates intend to retire within five years), the more worrying result is that over half (53%) of young and newly qualified NHS dentists (under the age of 35) intend to leave the NHS in the same period.

10% of these young dentists intend to leave dentistry altogether, and a further 10% intend to practice overseas.

Only 16% of young dentists believe that they can own their own practice within the next 5 years.

The BDA's Chair of General Dental Practice, Henrik Overgaard-Nielsen, said:

"It is a tragedy that a decade of underfunding and failure to deliver meaningful reform now risks shutting off the pipeline of NHS dentists.

Government has made NHS high street practice so unattractive the next generation are now looking to the exit. These young dentists are the backbone of the dental workforce, and losing them at the start of their careers raises existential questions about the future of the service.
A suffocating contract system tells dentists from day one that government targets matter more than improving the oral health of their patients. We urgently require a new system that recognizes and rewards prevention.

The traditional career path for high street NHS dentists has gone, and until government can offer a viable alternative this brain drain will continue”

The Healthcare team at Brabners is committed to helping young dentists in their aspirations of practice ownership and we provide regular training and information to dentists with a view to helping them to get their foot on the practice ownership ladder. Despite the disturbing figures released over the weekend by the BDA, we continue to see high demand from purchasers for NHS practices coming onto the market.

If you are one of the many looking to retire, get in touch with our specialist dental lawyers. We can help you with planning your exit strategy.