"No-Brainer": UK Firms Switching From English to Irish Law And Courts For Their New EEA Hubs

Sadly, we are at "the point of no return" for Brexit preparations by UK businesses who supply goods or services into the remaining EU27 countries - or to non-EU markets under EU trade arrangements. Many will have already been making public announcements to reassure their regulators, customers and suppliers that they've planned how to keep their operations running smoothly in the event of a "No Deal Brexit" on 29 March 2019.  But now they have to execute those business continuity plans.

While the politicians seem to think they still have 6 weeks to negotiate a UK withdrawal agreement, few businesses would have that luxury. Working back from 29 March, they have to consider contractual notice periods (some mandated by law), as well as software development and operational process changes that will need to be fully tested and running in good time before that day.

Of course, the timetable is just the tip of the preparation iceberg. Below the waterline other preparations may have been happening for some time, such as establishing a new entity in an EU27 country and getting it authorised or licensed; opening local bank accounts; leasing office premises; transferring or employing management and staff; relocating or purchasing computers and other equipment, stock or assets, and related software and data licenses; and re-contracting some of the more critical affected customers and suppliers through their new entity.

These preparations raise numerous tax, legal and accounting issues in their own right - including the fact that the UK government is still unclear on much of the official rules, processes and procedures. But the choice of law under which each new entity contracts with customers and suppliers, and which courts will govern disputes, are among the most critical to making life as easy as possible in the transition.

Both EEA-based parties will probably want the contractual terms to remain broadly the same as any current English law contract, even if certain aspects might need to be re-negotiated. Billing and payment details, currency and pricing would likely need to change, for example; as will the legal basis for sharing EEA-residents' personal data with UK operations. There won't be an EU "adequacy decision" on the UK's data protection standards before April 2019 - and no timetable can even be agreed for reaching one unless and until the UK has actually left the EU. The General Data Protection Regulations as enacted where the new entity is established will apply to the new entity's collection, use and storage of personal data, even though the customer-facing privacy policy may remain broadly the same and the customers will still have consistent rights to complain about misuse under their own national data protection laws. In turn, the parties will no longer want the contract to be governed by English law and courts, to avoid the need to worry EEA customers and suppliers about the extent to which English law inevitably diverges from the law in EEA member states.

In these circumstances, choosing the application of Irish law instead of English law to govern at least the commercial aspects of a contract becomes a "no-brainer", because at this stage it's substantively very similar to the law of England & Wales, and far more so than the law of any other EU country. Ireland is the only other purely common law jurisdiction in the EU today, and will be alone after Brexit. The few technical differences include, for example, the absence of the right for any non-party to enforce a benefit under the agreement, which the UK allowed through statute in 1999, or different monetary thresholds for the jurisdiction of familiar types of courts. But such differences can be either simply flagged and understood or explicitly accommodated if necessary (to cite the relevant example, most parties try to limit or exclude 'third party rights' anyway, but the rights can also be explicitly specified). So, while the customer is well advised to run a final check of the contract with independent local Irish counsel, it will not face the comparatively awkward and expensive exercise in understanding the numerous substantive differences between English common law and the codified civil law system of other EU member states.

Of course, it remains possible to agree that the commercial elements of the contract and provision for its enforcement are governed by Irish law and courts, even though the regulated activities of one or other party to the contract (and any regulatory complaints) may be governed by the law of another EU member state. But it has been quite common until now for, say, a financial institution established and regulated in another member state to contract with its customers in the English language under English law (or Irish law, for that matter). So customers should have no problem with a switch from English to Irish law on that basis. 

Note that the process for transferring contracts can be a bit tricky, however. For instance, some UK businesses may seek to merely "assign" their English law contracts to a new entity (possibly under a provision that appears to allow this even without the other party's consent). But under English law it is not possible for a party to assign its obligations under a contract - just its own rights or benefits (e.g. the right to receive payments).  So the transfer of existing contracts to a new entity (and the other changes mentioned) would generally need to be done by way of "novation", which necessarily involves the consent of the other party.  The process of amending agreements may also be constrained by law, such as under national regulations implementing the second Payment Services Directive. These provide for a two month notice period for changes, and a right of termination where it is agreed the changes can be proposed unilaterally and the payment service provider takes that route. It's awkward enough for the ongoing relationship that the process might provoke a renegotiation (or that consent to novation might not be forthcoming at all), without actually being seen to trigger a positive right for the customer to terminate within a finite notice period (think Article 50)!

Of course, this all relates to the new EEA-based entity.  The group head office, and perhaps the UK entity, will still have the job of tracking the extent to which English law (and therefore the basis of the offering to UK customers) diverges from Irish law, EU rules and the offering to EEA customers. 

But you'll just have to blame the Brexiteers for that!

Privacy Must Be A Core Business Competence

The European Commission's proposed General Data Protection Regulation is just that: general regulation. No longer can businesses afford to treat data protection compliance as a 'bolt-on' to their marketing department, or even the compliance department. CEO's need to understand how the demands of personal data privacy are going to re-shape their business.

Just ask yourself whether you think the following rights go to the heart of any business that deals with individuals: the "right to be forgotten", "data portability", "data protection by design and by default", the logging/reporting of personal data security breaches, personal data processing impact assessments, prior consultation and regulatory consent for potentially risky processing. Not to mention requirements for enhanced internal controls, numerous enforcement and compliance burdens, and the obligation to appoint a data protection officer.

The trouble is, none of these concepts is straightforward, nor are the rules easily digested.

But digest them you must. Even if they don't make it onto the statute books, the genie is out of the bottle. Many of these 'rights' reflect the current concerns of at least some consumers (albeit most of them probably also happen to work for the European Commission and various consumer groups). Existing services will be judged against them as 'best practice'. Some businesses and new entrants without legacy systems will factor them into new services. And if they do make it onto the UK's statute books, you can bet they'll be gold-plated.

The Society for Computers and Law has done a great job of stimulating debate on the EC's proposals, and helping identify the implications for businesses generally. But there's a long way to go before the practical implications for businesses and business models are understood and fed back to the authorities in time for a new directive to be finalised in 2014. In fact, bitter experience suggests this won't happen at all.


At a recent seminar, Mark Watts, Chair of SCL's Privacy and Data Protection Group, polled about 100 delegates on the questions asked in the 4 week Ministry of Justice consultation on the EC's plans. The results can be downloaded via the Society for Computers and Law web site. One response made a telling point:

'Writing wide-ranging, broadly applicable laws that affect almost everything a business does but which can only be interpreted and implemented with the assistance of specialist data protection lawyers is surely not the best way to go. Laws that potentially affect so much of what ordinary business does on a day to day basis should be capable of being understood by "ordinary businessmen". The Regulation is a long way from this and will keep data protection lawyers in business for years.'

Further, As Dr Kieron O'Hara explains in relation to the technological challenges presented by the 'right to be forgotten' in his excellent article in this month's Computers & Law magazine, the EC's ambitious plan for personal privacy requires "a socio-legal construct, not a technical fix." 

Week One: Build A Decent Framework

The first week in any new in-house role or project has many defining moments. Are you friendly and approachable, or nervous and shy? Do you listen respectfully before suggesting improvements, or arrogantly impose your own experience and expertise from the outset? Do you have a plan for how you'll approach your new role, or will you simply react to demands on your time?

One advantage to having worked in nearly a dozen businesses over the past twenty years or so is having the opportunity to experience many 'fresh starts'. Here are three steps I've learned to take each time:

1. Research the business and its products: You should've done this at interview stage (along with understanding the overall market context), but you probably didn't get the whole picture from company filings, web sites and other publicly available material. Depending on seniority, you may not get much more. Play the 'newbie' card while you can. Try to meet the lead business people and ask plenty of questions about their successes and key challenges. Ask each product manager to explain how his or her product works. Make a note of anything that surprises you - good or bad. Understand the business problem-solving methodology (if any), project planning framework (if any) and the end-to-end business processes that comprise or support the products - how customers are signed up, complaints are handled, how distribution works, the supply chains, how contractual rights are enforced. Due diligence reports, regulatory filings, major contracts, sales presentations and process maps all make great source material.

2. Figure out the top ten challenges for the business: This can be a hair-raising experience, especially in a young business or one that's poorly run. Try to be discreet, patient and under-react until you've figured out the list and considered how to align yourself with each challenge. A well-managed business will identify and prioritise its most significant challenges annually. In that case, figuring these out will involve a fairly easy discussion with the boss about the business planning cycle, the current plan and where you fit in. In other cases, there may be no clarity at all, and no process for achieving it - great opportunities for anyone with an analytical mind and a positive attitude. Clearly the annual revenue target, major product launches, acquisitions and any substantial new regulation will be likely to feature in the top ten. Addressing the organisation's substantial strengths, weaknesses, opportunities and threats should round out the list.

3. Figure out the top ten legal challenges: What the lawyers need to do should have become pretty clear by now. Of course you have to factor in your own major initiatives, like getting a handle on significant contracts, contested litigation, training and competence, ensuring appropriate records retention and so on. But some of that will be business as usual. The major challenges should involve cross-functional co-operation - including public affairs and PR.

I'm interested in your thoughts.


Image from De Madera Constructions.