COVID-19 and contact tracing apps: A test of public confidence in data privacy?
The Coronavirus challenge for tech coworking spaces
Tech in Two Minutes Podcast Series
Top tips for drafting online consumer terms and conditions
Coronavirus, disruption and legal liability
Cloud software contracts - Top tips for suppliers
Tech in Two Minutes/Lifecycle of a Tech Startup - Essentials for #e-commerce businesses in the UK
In this time of global crisis, business and community life has become increasingly dependent on technology enabled solutions to help contain the spread of the coronavirus, from online shopping to remote working and contact tracing. Whether you’re the supplier of an innovative new tech solution or you intend to license use of such technology, you can rely on our expertise in these exceptional times to advise you upon, draft and negotiate the relevant technology contracts.
We specialise in acting for early stage companies and for startups, and the key asset of many such businesses is their technology. Our priority is to protect rights for technology businesses and to allow realisation of maximum value from technology assets.
Our tech lawyers may advise you on general commercial/contractual matters at the same time as they advise you on a corporate transaction (i.e. on an investment, restructuring, trade sale or listing). In a fast moving sector, you will need a lawyer who has a deep understanding of your technology business, and who can co-ordinate the approach you take on all legal issues.
Technology Legal Advice
Our technology solicitors can advise on a technology specific issue or draft or comment upon technology agreements, including in relation to the development, licensing and maintenance of software, provision of software as a service, R&D, consultancy services, escrow arrangements and systems integration.
If you sell or market through a website, we can draft your e-commerce terms and conditions, your site and privacy terms, and negotiate the basis on which your site is hosted, maintained and designed. We also advise on the outsourcing of specific IT functions or applications, and on high value business process outsourcing arrangements in relation to back office and front office functions, and where a managed service is provided.
FREQUENTLY ASKED QUESTIONS RELATING TO TECHNOLOGY LAW
Which legal documents do I need to place on my business’ website and why?
Terms of website use are required to set out the basis upon which a visitor to the site may access and use it. These terms should be used to comply with the website owner’s legislative information requirements by making it clear who operates the site and how to contact them. The terms are also an opportunity for a website owner to limit its liability relating to content on the site via the inclusion of disclaimers relating to reliance on that content.
A privacy notice is required on a website to notify visitors about how their personal data is collected, used, shared, stored, retained and secured by the website operator. From 25th May 2018 website privacy notices will need to comply with the General Data Protection Regulation (GDPR) and should therefore include specific details regarding the legal rights exercisable by individuals in respect of their personal data, including the right to be provided with access to it, to ask for it to be erased it and to transfer it to a third party provider.
An acceptable use policy (AUP) will be required if your website contains functionality which allows visitors to upload comments and/or other materials to the site. The AUP should set out the rules and standards governing those uploads and, if drafted carefully, should assist in excluding the website operator’s liability in the event that those uploads are defamatory or breach a third party’s intellectual property rights.
E-commerce websites should contain terms and conditions of sale setting out the terms on which goods and/or services are sold via the website. If sales are made to consumers, website operators will be subject to numerous obligations pursuant to the Consumer Rights Act 2015 and associated regulations, the vast majority of which can be complied with via well drafted terms and conditions of sale.
I provide a cloud-based software application to my customers. How do my customer terms and conditions relating to data processing need to be amended in order to comply with the General Data Protection Regulation (GDPR)?
Under the GDPR, a data controller may only engage a data processor in accordance with the terms of legally binding contract containing certain mandatory terms. Typically, providers of a cloud-based software-as-a-service platform are data processors under the GDPR, whereas their customers are data controllers, given that the software provider typically processes the personal data of the customer on its behalf.
The mandatory terms which must be set out in contracts for the provision of affected cloud-based software applications are briefly summarised below and more details can be found in our blog:
- Details of the nature of the personal data being processed e.g. subject matter, duration, purpose of processing etc.
- A provision confirming that the software provider may only process the customer’s personal data in accordance with the customer’s written instructions.
- A commitment from the software provider to protect the confidentiality of the customer’s personal data.
- An obligation upon the software provider to maintain appropriate technical security measures in respect of the customer’s personal data.
- The software provider may only engage a sub-contractor to process the customer’s personal data (e.g. a server host) with the customer’s prior written consent.
- The software provider must assist the customer in relation to certain obligations of the customer under the GDPR to the extent those obligations relate to the data processed by the software provider e.g. notifying incidents of data security breaches and assisting in respect of requests to access personal data by data subjects.
- The software provider must delete or return the customer’s personal data at the end of the contract in accordance with the customer’s instructions.
- The software provider must maintain records to demonstrate compliance with the provisions set out above and the customer must be provided with a right to audit and inspect the same.
If you are a cloud software platform provider who is yet to tackle this aspect of GDPR compliance, you will therefore need to: (a) vary the terms of all existing contracts with your customers; and (b) ensure that standard terms and conditions are amended appropriately so that your new customers sign up to compliant agreements.
I provide a cloud-based software application to my customers. What are the key terms that I need to consider in my software-as-a-service licence with my customers?
Subscription and pricing model. Consideration needs to be given as to whether access to the software will be provided on a price-per-user basis or whether the subscription fee will allow unlimited numbers of personnel at a customer organisation to access the platform. If the former, you should include a mechanism in the agreement for additional user subscriptions to be purchased during the term of the licence.
Term and termination. The industry standard is for the licence to last for an initial term of usually a month, a quarter or a year. The licence would then automatically renew for the initial term if neither party serves notice to cancel prior to the end of the initial term or any renewal term.
Data protection. As a provider of a cloud-based software platform, you are likely to be deemed a data processor in accordance with the General Data Protection Regulation (GDPR). If so, your licence must contain certain mandatory terms [ACS1] in accordance with the GDPR. In addition, it’s prudent to add a schedule to the licence setting out the specific technical security measures that you have in place to protect your customer’s personal data.
Availability. SaaS software is typically made available to customers by suppliers on a 24-7 basis. If a warranty of this nature is included in the licence, it should ideally be accompanied with carve outs for forseeable periods of downtime. This may include scheduled maintenance which is to periodically take place in stated downtime windows during the term of the licence and/or unscheduled periods of maintenance which can take place at any time, provided your customers are given sufficient notice. Downtime and delays caused by problems with the customer’s internet connection should also be carved out from any 24-7 availability warranty.
Support. If users are provided with helpdesk support, a comprehensive support policy should be provided setting out the extent of that service e.g. methods of contact (telephone, e-mail, live web-chat etc.), hours of operation etc.
IP. The licence should make it clear that your organisation owns all of the intellectual property rights in the software, which are only licensed to the customer during the term. Given that position, customers will usually expect you to indemnify them against any costs they incur defending a third party’s claim relating to ownership of the IP in the software.
Limitations and exclusions of liability. As is the case with all commercial agreements, it’s prudent to insert a cap limiting your total liability to the customer under the licence. Such caps are only enforceable if they are reasonable and a cap based on the total subscription fee paid by the customer is likely to be considered reasonable. Ideally, you should also exclude liability for certain unreasonable heads of loss, such as indirect or consequential losses which haven’t directly arisen from your breach of contract.
What’s the purpose of a source code escrow agreement?
Access to source code is essential to allow a party to modify and support the software program to which the source code relates. Software suppliers understandably want to ensure that they keep hold of the source code relating to the software they license to their customers and therefore software is licensed in machine readable object code form. As such, the customer is dependent on the software supplier for modifications, maintenance and error correction of the software on an ongoing basis. If business critical software is being licensed, a savvy customer may require a mechanism that allows them (or a third party appointed by them) to take over these software support functions if the supplier fails to provide them.
An escrow agreement serves as a reasonable compromise to satisfy the supplier’s need to maintain control over its source code and the customer’s need to gain access to the source code in certain circumstances. A copy of the source code is deposited with an independent third party (the escrow agent) which enters into the escrow agreement with the supplier and the customer. Upon the occurrence of any mutually agreed ‘trigger event’, e.g. the supplier becoming insolvent or failing to maintain the software if it has been contracted to do so, the escrow agent will release the source code to the customer for the limited purposes of maintaining and updating the software.
OUR RECENT WORK
- Advising executive board members of a digital advertising business in connection with its admission to trading on AIM (May 2021)
- Advising the founder of a mental health tech startup on his exit from the company and, in particular, the sale of his shares to the existing VC investors (April 2021)
- Advised a smart city as a service technology firm on the terms of a software as a service subscription agreement for interactive transport facilities (April 2021)
- Advising a tech startup on a £1m follow-on fundraise from angel investors (April 2021)
- Advising a retail investor on a £7.5m investment into a wearable technology business (March 2021)
- Advising an AI startup on the exit of 2 shareholders and a follow-on raise via convertible loan notes (February 2021)
- Advising an online marketplace on a bridging round (February 2021)
- Advising an IT managed-services provider on a virtual server hosting arrangement with a key client (February 2021)
- Advising a tech startup on a follow-on equity round (February 2021)
- Advising a venture capital company on a £1m investment into a deep-tech startup (January 2021)
- Advising a venture capital company on an investment into a software startup (January 2021)
- Advising an e-commerce startup on its equity seed round (November 2020)
- Advising an angel investor on a convertible loan investment into a immunotherapy and vaccine high-growth company (October 2020)
- Advising the sellers of an edtech startup on the sale of the business (October 2020)
Partner and Head of Department
Andrew and Alex's presentation [on data protection and the GDPR] was the most concise and relevant I've heard on the subject. A good balance of practical and regulatory content."
A tech startup founder
"...sensible, realistic view of cases - seizing only the points worth arguing..."
Chambers UK, A Client's Guide to the Legal Profession
Latest blogs and news
In the last instalment we talked about the ways in which the founders of KNow Wear Limited could protect the intellectual property in their business. Since then, the business has been progressing well and our founders have been working on developing a prototype.
In our last instalment our founders, Sarah and Chris, considered the basics in establishing their tech startup and they incorporated a company under the registered name ‘KNow Wear Limited’.
Many companies in the tech sector will be aware of the new immigration system and Skilled Worker category opening in a couple of weeks on 1 December. For those companies without a sponsor licence, they will need to apply for one in order to recruit both non-EU and EU citizens. EU citizens resident in the UK before 11pm on 31 December 2020 can apply to the EU Settlement Scheme.
Welcome back to the blog series covering the lifecycle of a tech startup, from a legal perspective.
Alex (tech), Andy (tech), Emer (investments) and I (investments) work alongside startups and founders day to day and thought it might to helpful to some of you out there to bring together our expertise on the legal issues that tend to arise and how we deal with them.
This blog will explore the difficulties currently facing tech coworking spaces in light of the Covid-19 pandemic, how providers can keep tenants engaged and what the future may hold for these spaces. For an audio introduction to this topic, please listen to episode 7 of our Tech in Two Minutes podcast.
In recent years there has been lively discussion about artificial intelligence revolutionising the way we work and live our lives. In its policy paper on the AI Sector Deal, the UK government predicted that the development of AI technology could have the same dramatic impact on society as the invention of the printing press.
The Competition and Markets Authority (“CMA”) has today (18 December 2019) given the tech sector an early Christmas present by publishing its interim report on its market study, commenced earlier this year, into online platforms and digital advertising.
If you are a trader selling to consumers online, whether that is through a web-based platform or a mobile app, it is important that you understand and comply with relevant consumer protection laws. Eager to launch, many traders fail to satisfy the key legal requirements of fairness and transparency in their online consumer terms despite serious consequences for non-compliance.
After a 13 year legal battle, the Supreme Court has awarded £2m in compensation to a professor for an invention he created during his employment, nearly forty years ago. This ruling poses the question; will Shanks v Unilever open the floodgates to future compensation claims from disgruntled employees?
Security tokens are a digital representation of ownership rights in real world assets (such as property or shares) and have captured the curiosity of entrepreneurs, startups and investors. This blog summarises the potential benefits and pitfalls of security tokens and is part of our wider crypto assets blog.
Whether you are in the market for short-term profit or making long-term investments, adequate planning is certainly a worthwhile (and small) investment of your time and money. If you’ve been savyy enough to successfully invest in crypto-assets, make sure you are smart enough to ensure your loved ones can benefit, should the worst happen.
Trust is the cornerstone of commercial activity and can be enhanced in the online world by the use of e-signatures and trust services. In this blog we review the different types of e-signature and consider their legal validity and security for executing contracts and deeds.
Website development agreements – consider the content of your contract as well as the content on your site
A strong online presence is often a crucial component of a business’ marketing strategy. If your business doesn’t have sufficient resources to develop its website in-house, it will need to engage a website developer. It is imperative to enter into a carefully drafted legally binding contract with your website developer from the outset of the project in order to protect your business interests and minimise the risk of any future disputes.
On 11 June, the UK Financial Conduct Authority (FCA) issued a “Dear CEO” letter on how banks should deal with the financial crime risks associated with “cryptoassets”. The FCA defines cryptoassets as publicly available mediums of exchange that feature a distributed ledger and decentralised system for exchanging value, such as Bitcoin and Ether. These assets are more commonly known as cryptocurrencies.
Last month the National Crime Agency (‘NCA’) published its annual strategic assessment of Serious and Organised Crime (‘SOC’) in the UK. The data has come from a variety of law enforcement agencies and other sources including the National Cyber Security Centre (‘NCSC’).
Bitcoin, Ehtereum, Litecoin... cryptocurrencies are all over the press. Most of us are now broadly aware that cryptocurrencies are digital currencies which use blockchain technology. But how many people actually understand how the underlying technology works, what it means to ‘invest’ in a cryptocurrency, and appreciate the risks behind them? For anyone thinking about investing in cryptocurrencies, set out below is a summary of the main concerns, which should hopefully encourage you to stop and think before jumping on the crypto band wagon.
Increasingly, facts and figures about the negative effects of social media are being reported in the press. Recent statistics have shown that three-quarters of children aged 10-12 already have social media accounts, and that the amount of time children aged 12-15 spend online has more than doubled in a decade. Just last week, the Children’s Commissioner announced that schools should be playing a bigger role in preparing children for social media’s “emotional demands”. Such reports are understandably very concerning, and raise questions about the morality of social media giants benefiting at the expense of the emotional wellbeing of children. However, thought should also be given to the legal aspect of these relationships, and in particular, the terms and conditions that children are signing up to when creating social media accounts.
One in five NHS Trusts were hit by a cyber-attack known as “Wannacry” on 12 May 2017 leading to PCs and data being locked up and held for ransom. The malicious ransomware known as WanaCrypt0r has hit companies and other organisations, from Russia to Australia, and Europol estimated there had been 200,000 victims in at least 150 countries. It was alleged that NHS networks were left vulnerable because they were using outdated Windows XP software, which is no longer supported by Microsoft, and therefore security upgrades had not been installed. The National Cyber Security Centre warned that more cases of the ransomware were expected to come to light beyond the NHS and “possibly at a significant scale”.
We published a blog last year about Uber’s pilot and driverless cars and, at that point, it seemed straight out of the pages of a science fiction novel, but driverless cars are now well and truly amongst us, and it seems that everyone is jumping on the band wagon.