Website Law

English law can be unfair.  In 1962, Peter Beswick agreed to hand over his business to his nephew, John.  In exchange, John contracted to pay a sum of money to Peter each week and, after his death, to Peter’s widow.  After Peter died, John decided not to pay.

He almost succeeded.  Peter’s widow could not sue under the contract herself as she was not a party to it — but she was administering Peter’s estate, and was able to enforce it on his behalf.

This is an example of the rule of privity of contract: just as only the parties to a contract can acquire legal obligations under that contract, they are also as a general rule the only parties which acquire any legal rights under it.  A third party, like Peter’s widow, cannot enforce a contract where they suffer a loss as a result of its breach.

The Contracts (Rights of Third Parties) Act 1999 (CRTPA) creates an exception which mitigates the harshness of this rule.  Where a contract confers a benefit on a third party, that party may acquire the right to sue.

It is important for businesses to be aware of CRTPA since it can give rise to sometimes unexpected legal risks, and can even prevent the rescission or alteration of a contract without the consent of persons who are not parties to the contract.

When does CRTPA apply?

CRTPA applies to most contracts, but some exceptions are stated in Section 6.  These include employment contracts and most contracts for the carriage of goods.

If a contract is not exempted under Section 6, then under Section 1 a person who is not a party to a contract may in his own right enforce a term of the contract if:

(a) the contract expressly provides that he may, or

(b) the term purports to confer a benefit on that person, unless the contract indicates in some way that that party was not intended to be able to enforce it.

Accordingly, unless it is intended that third parties should be able to enforce a contractual term, it is generally advisable to state explicitly in the contract that they cannot.

Under Section 1(3), the third party does not have to be explicitly named in the contract provided that they are identified as a member of a class or by means of a description.

As an example, if a contract between a wholesaler and a retailer explicitly referred to consumers, then any consumer whom the contract purported to benefit could potentially sue under it, unless of course their right to do so is excluded.

What are the effects of third parties’ rights?

Where a third party has rights under a contract as a result of CRTPA, under Section 1(5) they can take full advantage of all the legal remedies for any breach of contract that would be available to a party to that contract.

This means that they will be able to claim monetary compensation for any loss they suffer as a result of the breach.  In some circumstances they may even be able to secure an injunction or specific performance.  (An order for specific performance will require a party to fulfil their contractual obligations.)

It may also make it difficult to rescind such a contract or vary it in such a way as to extinguish or alter the third party’s rights.  Under Section 2(1), there are three circumstances in which such variation or rescission will require the consent of an affected third party:

(a) Where the third party has communicated his assent to the party which contracted to provide the benefit.

(b) Where the party which contracted to provide the benefit knows the third party has relied on the relevant term.

(c) Where the third party has in fact relied on the relevant term and the party which contracted to provide the benefit can reasonably be expected to have foreseen that they would do so.

Are there any restrictions to liability to third parties?

Under Section 3, parties to the contract can rely on all the usual defences to a claim for breach of contract.  So they can argue, for instance, that their liability should be limited because the third party has failed to limit their loss or has been contributorily negligent.

To prevent double recovery, Section 5 stops a party to the contract and a third party from both recovering the full amount for the same loss.

Practical consequences

When entering into a contract, it is prudent to consider whether the contract purports to confer benefits on any third parties which are named or identified as members of a class or by description in the contract.  If so, you should consider whether they may be able to enforce the terms and, if you do not want them to be able to do so, you should expressly state that they cannot.

Non-disclosure agreements (NDA) impose obligations to refrain from disclosing  information, take measures to protect the confidentiality of information and/or use information only for a specified purpose or purposes.

In this post, I look at the issues surrounding the use of NDAs in the IT industry, and consider some of the the typical situations in which they may be used.

Law of confidence

Obligations of confidentiality can arise under the law of confidence even where there is no contract.  However, as the Law Commission has recognised, the law of confidence is entirely judge-made, and breach of confidence litigation is an uncertain and unreliable way to protect business secrets (Law Commission Report No. 110 (1981)). In part for this reason, businesses shouldn’t rely upon the law of confidence alone, and should consider the use of an NDA, whenever they are disclosing confidential business information to others.

Confidentiality is a particularly important form of asset protection in the computer industry, where any technology-based competitive edge will not last long.

Confidentiality and intellectual property

The law concerning the protection of confidential information is closely related to  intellectual property law.  There are many uncertainties and gaps in the protection that intellectual property law affords to processes, techniques, ideas, and information in the IT industry – for instance, computer programs are not generally patentable in the EU.  The use of NDAs to create non disclosure obligations can be used to supplement intellectual property laws, and thereby to clarify some of the uncertainties and fill some of the gaps.

NDAs: drafting issues

Before considering the specific situations in which NDAs may be used, I will look at several of the key drafting issues affecting NDAs: the difference between unilateral and reciprocal agreements, ways of defining confidential information, the question of who is bound by an NDA, the duration of obligations and the impact of data protection law.

When to contract

As a general rule, it is better to sign an NDA before confidential information is disclosed, rather than after.  That said, an appropriately drafted NDA may protect information that was disclosed before execution.

Unilateral or reciprocal?

A reciprocal (sometimes called a mutual or two-way) agreement puts non-disclosure obligations on both parties and is appropriate when both sides are revealing sensitive information.  Where only one party is disclosing sensitive information, a unilateral (also called a one-way) agreement will be appropriate.

Defining confidential information

It is important to carefully consider the definition of confidential information in an NDA.  You need to ensure that the relevant information is covered, and that irrelevant information is excluded.  You should consider whether information provided orally should be included within the definition.

Whilst information needn’t be “top secret” to be protectable, and NDAs can protect information that wouldn’t be given protection by the law of confidence, a non-disclosure obligation may still be unenforceable on public policy grounds if the definition of confidential information is too wide – for example if it relates to trivial information.

Looking at this question from the other side of the fence, if you are going to be subject to confidentiality obligations under an NDA, you should take care to ensure that those obligations do not overly hinder your business activities.  This is especially important if the non disclosure obligations continue for a long period or indefinitely (see below).

Who is bound?

An NDA should identify the persons to whom information may be disclosed and, if not signed by all of those persons, should identify the means by which further onward disclosure will be prevented.  For example, the primary disclosee may be obliged to ensure that all persons to whom the information is disclosed enter into NDAs with the primary disclosee on specified terms that are enforceable by the disclosor as a third party beneficiary.

Duration of obligations

Confidentiality obligations under an NDA may be of a fixed or indefinite duration.  Businesses need to be especially careful when agreeing to be bound for an indefinite period.

Data protection

Information disclosed under and NDA may include personal data, and such personal data may be subject to data protection law.  Typically in these circumstances, the disclosor will be a “data controller” under the Data Protection Act 1998 while the disclosee will be a “data processor”.  A data processing clause may be used within the NDA to ensure information is not disclosed illegally.

NDAs: where are they used

I consider here four situations in which NDAs are very commonly used in the IT industry: when a new business opportunity is being negotiated; when a business is outsourcing software or web development work; when a developer is sub-contracting work to bring in additional resources or expertise; and when an employee is taken on.

New businesses

The process of negotiating a new business proposition (whether taking the form of a joint venture, a company, a partnership or otherwise) will almost inevitably involve the disclosure of sensitive information, such as financial figures, client lists, business ideas and technical process information.  It is usually sensible to protect the information disclosed during negotiations using a reciprocal NDA.

Software and web development

Much web and software development is outsourced to developers.  For some types of work, clients will want to impose non disclosure obligations upon the developers.  For example, where a the project is based upon a new technology, a new business concept, or a confidential business relationship, and NDA will be of considerable importance.

Sub-contracting

Design and development work may be sub-contracted by a developer to freelancers, whether to access additional resources or expertise.  In this situation, the developer will want to ensure that first, the sub-contracting of the work won’t involve the breach of any non disclosure obligations imposed on the developer by the client, and second, that appropriate non disclosure obligations are imposed upon the the persons to whom the work is sub-contracted.  Typically, the obligations imposed by the developer upon the sub-contractor will be as strong or stronger than those imposed by the client on the developer.

Employees

Employees may have access to at least some of the confidential information of a business. Non disclosure obligations, in a form approved by an employment lawyer, should always be imposed upon such employees.

Conclusions: one tool amongst many

NDAs are an important part of any business’s legal toolkit.  However, they are no use in relation to the disclosure of  sensitive information by those who have not signed-up to their terms.

NDAs should supplement practical information security measures (which are mostly just common sense).  For instance: restrict access to confidential information on a need-to-know basis; where possible, only provide object code to customers; larger organisations should institute an information security policy – one that includes regular reviews; lock doors, windows and filing cabinets; and so on.

The practices and processes of many businesses in relation to information security are less than ideal.  NDAs often contain a provision requiring that the disclosee protect the confidential information of the disclosor “with the same degree of care that the disclosee takes to protect its own confidential information”.  For some businesses, this is not a very high standard to meet!

The Unfair Contract Terms Act 1977 (UCTA) imposes statutory limits on the avoidance of civil liability through exclusion clauses in business contracts for breaches of contract, negligence, or other breaches of duty.

UCTA is only concerned with exclusion clauses, and does not examine whether a contract is unfair generally.  An “exclusion clause” is not defined in UCTA, but Section 13 indicates that it can include any clause attempting to:

• restrict or exclude a liability;
• make a liability, or the enforcement of a liability, subject to restrictive or onerous conditions;
• restrict the rights and remedies of an aggrieved party; or
• restrict rules of evidence or procedure.

For example, a clause attempting to impose short time limits for an unsatisfied party to bring a claim could be deemed to be an exclusion clause by virtue of its attempt to restrict the time within which remedies are available.

Exclusion clauses that are subject to the provisions of UCTA will either be void in all cases, or void where they fail a test of “reasonableness”.

When does UCTA apply?

UCTA is concerned with upholding business liability, applying to contracts made in the course of business, or merely from a premises used for business purposes by the occupier.  It therefore does not apply to the occasional private transaction between individuals.  In addition, there are certain circumstances (outlined in Schedule 1) where UCTA is not applicable.  Those specific exceptions include employment contracts, contracts relating to interests in land, or contracts regarding intellectual property rights.

When UCTA does apply to the contract, some sections apply differently depending on whether the purchaser is a consumer, or another business.  Broadly, consumers benefit from a greater degree of protection under UCTA than businesses.  Accordingly, in analysing the effects of UCTA it is important to determine whether the purchaser is a business or a consumer.

Consumer contracts involve purchasers acting outside of the course of business. The product being sold will be of a type ordinarily supplied for private use or consumption, and it will be supplied by a person who is acting in the course of business.  In contrast, a business includes “a profession and the activities of any government department or local or public authority”.

If the purchaser asserts that he or she is a consumer and the supplier disputes this, then it will usually be the responsibility of the supplier to show that the purchaser is not a consumer.

What does UCTA restrict?

Exclusion of liability for negligence

“Negligence” has a special definition in UCTA.  Under Section 1(a), it means “the breach … of any obligation, arising from the express or implied terms of a contract, to take reasonable care or exercise reasonable skill in the performance of the contract” or “the breach … of any common law duty to take reasonable care or exercise reasonable skill (but not any stricter duty)”  or ” the breach … of the common duty of care imposed by the M1 Occupiers’ Liability Act 1957 or the M2 Occupiers’ Liability Act (Northern Ireland) 1957″.

Under Section 2(1), UCTA will apply to contract clauses and notices which attempt to exclude liability for death or personal injury resulting from negligence.  This Section renders the particular clause void, regardless of the status of the parties.

Under Section 2(2), UCTA subjects any clauses or notices excluding liability for any other loss or damage (i.e. loss or damage other than personal injury or death) resulting from negligence to a test of reasonableness.  Such loss or damage might include financial loss or damage to property.  Where such a  clause is unreasonable, it will be void.  Again, this Section applies regardless of the status of the parties.

These provision of UCTA will apply irrespective of whether the person seeking to dispute the validity of the clause or notice was aware of it, or gave his or her express agreement to it.

Exclusion of liability for breach of contract

Even where a breach of contract does not constitute negligence, UCTA may apply.

Contractual exclusion clauses – those that do not exclude liability for negligence – will be subject to UCTA if one of the parties is dealing as a consumer, or the contract is conducted using written standard terms of business.  If either of these conditions is met, the exclusion clause will be subject to the reasonableness test by virtue of Section 3.

Exclusion of terms implied by the Sale of Goods Act 1979

The Sale of Goods Act 1979 (SGA) implies specific terms into contracts for the sale of goods. For example, Section 14 stipulates (with limited exceptions) that goods sold will be of a satisfactory quality, including being fit for any purpose for which they are commonly used.

Section 6 of UCTA steps in whenever a contracting party attempts to limit any liability imposed by certain provisions of SGA.
First, Section 6(1)(a) of UCTA states that parties cannot exclude their liability for breach of Section 12 of SGA, which implies various provisions relating to the seller’s rights to sell the goods in question.  This applies to both consumer and business contracts.

Second, when dealing with consumers, a seller cannot try to avoid any liability imposed by Sections 13, 14, or 15 of SGA.  These sections cover such matters as sale by description, satisfactory quality, fitness for purpose, and sale by sample.  Any clauses seeking to exclude the liability of the seller for breaches of the conditions imposed by these Sections of SGA will be void by virtue of Section 6(2) of UCTA.  Where these Sections are implied by SGA into a business-to-business contract, Section 6(3) of UCTA will subject any relevant exclusion clauses to the reasonableness test.

How do I know if the clause is reasonable?

When an exclusion clause is subjected to the reasonableness test by UCTA, several factors will be taken into account by the court (or any other decision maker) in deciding whether to uphold the clause. Under Section 11 of UCTA, the court must take into account the “circumstances which were, or ought reasonably to have been, known to or in the contemplation of the parties when the contract was made”. Therefore, any subsequent developments in the trading relationship, or the losses caused by any breaches, are not relevant.  Further, Section 11(5) puts the burden on the party seeking to uphold the exclusion clause to show that it was a reasonable clause to include at the time of the contract.

Further considerations apply to specific scenarios.  For example, Section 11(4) is relevant to clauses which attempt to limit liability to a specified sum of money.  The legislation suggests regard should be had to the resources available to the party to meet the liability, should it arise, and the possibility of a party obtaining adequate insurance to cover the liability.  Alternatively, in relation to clauses attempting to exclude terms implied by SGA, a set of guidelines for reasonableness are set out in Schedule 2 of UCTA.  These suggest factors to be considered include any discrepancy between the bargaining power of the parties in relation to each other; whether the customer was induced to agree to the term; whether the customer even knew of the term and the extent of it; and whether the goods were adapted to meet a special order or different requirements.

Taking advice

Anyone working with contracts needs to be aware of the legal limitations upon exclusion clauses.  Under English law, a good understanding of UCTA is perhaps the key to any such awareness (although there are other legal rules that affect exclusion clauses, notably common law rules relating to their interpretation and special rules in consumer protection legislation).   This is one area where contract law isn’t mere common sense, and expert guidance will often be required to navigate the legal maze.   If you get into a serious dispute, exclusion clauses can become the most important of contractual provisions, and pre-contract legal advice on their drafting and enforceability can begin to look very good value indeed.