COVID-19 and contact tracing apps: A test of public confidence in data privacy?
The Coronavirus challenge for tech coworking spaces
Tech in Two Minutes Podcast Series
Top tips for drafting online consumer terms and conditions
Coronavirus, disruption and legal liability
Cloud software contracts - Top tips for suppliers
Tech in Two Minutes/Lifecycle of a Tech Startup - Essentials for #e-commerce businesses in the UK
In this time of global crisis, business and community life has become increasingly dependent on technology enabled solutions to help contain the spread of the coronavirus, from online shopping to remote working and contact tracing. Whether you’re the supplier of an innovative new tech solution or you intend to license use of such technology, you can rely on our expertise in these exceptional times to advise you upon, draft and negotiate the relevant technology contracts.
We specialise in acting for early stage companies and for startups, and the key asset of many such businesses is their technology. Our priority is to protect rights for technology businesses and to allow realisation of maximum value from technology assets.
Our tech lawyers may advise you on general commercial/contractual matters at the same time as they advise you on a corporate transaction (i.e. on an investment, restructuring, trade sale or listing). In a fast moving sector, you will need a lawyer who has a deep understanding of your technology business, and who can co-ordinate the approach you take on all legal issues.
Technology Legal Advice
Our technology solicitors can advise on a technology specific issue or draft or comment upon technology agreements, including in relation to the development, licensing and maintenance of software, provision of software as a service, R&D, consultancy services, escrow arrangements and systems integration.
If you sell or market through a website, we can draft your e-commerce terms and conditions, your site and privacy terms, and negotiate the basis on which your site is hosted, maintained and designed. We also advise on the outsourcing of specific IT functions or applications, and on high value business process outsourcing arrangements in relation to back office and front office functions, and where a managed service is provided.
FREQUENTLY ASKED QUESTIONS RELATING TO TECHNOLOGY LAW
Which legal documents do I need to place on my business’ website and why?
Terms of website use are required to set out the basis upon which a visitor to the site may access and use it. These terms should be used to comply with the website owner’s legislative information requirements by making it clear who operates the site and how to contact them. The terms are also an opportunity for a website owner to limit its liability relating to content on the site via the inclusion of disclaimers relating to reliance on that content.
A privacy notice is required on a website to notify visitors about how their personal data is collected, used, shared, stored, retained and secured by the website operator. From 25th May 2018 website privacy notices will need to comply with the General Data Protection Regulation (GDPR) and should therefore include specific details regarding the legal rights exercisable by individuals in respect of their personal data, including the right to be provided with access to it, to ask for it to be erased it and to transfer it to a third party provider.
An acceptable use policy (AUP) will be required if your website contains functionality which allows visitors to upload comments and/or other materials to the site. The AUP should set out the rules and standards governing those uploads and, if drafted carefully, should assist in excluding the website operator’s liability in the event that those uploads are defamatory or breach a third party’s intellectual property rights.
E-commerce websites should contain terms and conditions of sale setting out the terms on which goods and/or services are sold via the website. If sales are made to consumers, website operators will be subject to numerous obligations pursuant to the Consumer Rights Act 2015 and associated regulations, the vast majority of which can be complied with via well drafted terms and conditions of sale.
I provide a cloud-based software application to my customers. How do my customer terms and conditions relating to data processing need to be amended in order to comply with the General Data Protection Regulation (GDPR)?
Under the GDPR, a data controller may only engage a data processor in accordance with the terms of legally binding contract containing certain mandatory terms. Typically, providers of a cloud-based software-as-a-service platform are data processors under the GDPR, whereas their customers are data controllers, given that the software provider typically processes the personal data of the customer on its behalf.
The mandatory terms which must be set out in contracts for the provision of affected cloud-based software applications are briefly summarised below and more details can be found in our blog:
- Details of the nature of the personal data being processed e.g. subject matter, duration, purpose of processing etc.
- A provision confirming that the software provider may only process the customer’s personal data in accordance with the customer’s written instructions.
- A commitment from the software provider to protect the confidentiality of the customer’s personal data.
- An obligation upon the software provider to maintain appropriate technical security measures in respect of the customer’s personal data.
- The software provider may only engage a sub-contractor to process the customer’s personal data (e.g. a server host) with the customer’s prior written consent.
- The software provider must assist the customer in relation to certain obligations of the customer under the GDPR to the extent those obligations relate to the data processed by the software provider e.g. notifying incidents of data security breaches and assisting in respect of requests to access personal data by data subjects.
- The software provider must delete or return the customer’s personal data at the end of the contract in accordance with the customer’s instructions.
- The software provider must maintain records to demonstrate compliance with the provisions set out above and the customer must be provided with a right to audit and inspect the same.
If you are a cloud software platform provider who is yet to tackle this aspect of GDPR compliance, you will therefore need to: (a) vary the terms of all existing contracts with your customers; and (b) ensure that standard terms and conditions are amended appropriately so that your new customers sign up to compliant agreements.
I provide a cloud-based software application to my customers. What are the key terms that I need to consider in my software-as-a-service licence with my customers?
Subscription and pricing model. Consideration needs to be given as to whether access to the software will be provided on a price-per-user basis or whether the subscription fee will allow unlimited numbers of personnel at a customer organisation to access the platform. If the former, you should include a mechanism in the agreement for additional user subscriptions to be purchased during the term of the licence.
Term and termination. The industry standard is for the licence to last for an initial term of usually a month, a quarter or a year. The licence would then automatically renew for the initial term if neither party serves notice to cancel prior to the end of the initial term or any renewal term.
Data protection. As a provider of a cloud-based software platform, you are likely to be deemed a data processor in accordance with the General Data Protection Regulation (GDPR). If so, your licence must contain certain mandatory terms [ACS1] in accordance with the GDPR. In addition, it’s prudent to add a schedule to the licence setting out the specific technical security measures that you have in place to protect your customer’s personal data.
Availability. SaaS software is typically made available to customers by suppliers on a 24-7 basis. If a warranty of this nature is included in the licence, it should ideally be accompanied with carve outs for foreseeable periods of downtime. This may include scheduled maintenance which is to periodically take place in stated downtime windows during the term of the licence and/or unscheduled periods of maintenance which can take place at any time, provided your customers are given sufficient notice. Downtime and delays caused by problems with the customer’s internet connection should also be carved out from any 24-7 availability warranty.
Support. If users are provided with helpdesk support, a comprehensive support policy should be provided setting out the extent of that service e.g. methods of contact (telephone, e-mail, live web-chat etc.), hours of operation etc.
IP. The licence should make it clear that your organisation owns all of the intellectual property rights in the software, which are only licensed to the customer during the term. Given that position, customers will usually expect you to indemnify them against any costs they incur defending a third party’s claim relating to ownership of the IP in the software.
Limitations and exclusions of liability. As is the case with all commercial agreements, it’s prudent to insert a cap limiting your total liability to the customer under the licence. Such caps are only enforceable if they are reasonable and a cap based on the total subscription fee paid by the customer is likely to be considered reasonable. Ideally, you should also exclude liability for certain unreasonable heads of loss, such as indirect or consequential losses which haven’t directly arisen from your breach of contract.
What’s the purpose of a source code escrow agreement?
Access to source code is essential to allow a party to modify and support the software program to which the source code relates. Software suppliers understandably want to ensure that they keep hold of the source code relating to the software they license to their customers and therefore software is licensed in machine readable object code form. As such, the customer is dependent on the software supplier for modifications, maintenance and error correction of the software on an ongoing basis. If business critical software is being licensed, a savvy customer may require a mechanism that allows them (or a third party appointed by them) to take over these software support functions if the supplier fails to provide them.
An escrow agreement serves as a reasonable compromise to satisfy the supplier’s need to maintain control over its source code and the customer’s need to gain access to the source code in certain circumstances. A copy of the source code is deposited with an independent third party (the escrow agent) which enters into the escrow agreement with the supplier and the customer. Upon the occurrence of any mutually agreed ‘trigger event’, e.g. the supplier becoming insolvent or failing to maintain the software if it has been contracted to do so, the escrow agent will release the source code to the customer for the limited purposes of maintaining and updating the software.
OUR RECENT WORK
- Drafting a collaboration agreement and a related privacy notice for a medtech startup in relation to the pilot of its digital platform to support a GP surgery’s patients with their treatment of certain long term illnesses (January 2022)
- Drafting account terms and conditions for a reputable foreign currency exchange service provider for use with its customer base of individuals, SMEs, large financial institutions and FTSE listed companies (November 2021)
- Drafting terms and conditions relating to a client’s online auction of digital art NFTs (October 2021)
- Advising a cloud computing software developer on software licence and maintenance agreements and consultancy services terms (June 2021)
- Advising a motor dealership group on its digital transformation programme, in particular advising on the terms of an agile software development agreement in relation to a new e-commerce platform (May 2021)
- Advising executive board members of a digital advertising business in connection with its admission to trading on AIM (May 2021)
- Advising the founder of a mental health tech startup on his exit from the company and, in particular, the sale of his shares to the existing VC investors (April 2021)
- Advised a smart city as a service technology firm on the terms of a software as a service subscription agreement for interactive transport facilities (April 2021)
- Advising a tech startup on a £1m follow-on fundraise from angel investors (April 2021)
- Advising a retail investor on a £7.5m investment into a wearable technology business (March 2021)
- Advising an AI startup on the exit of 2 shareholders and a follow-on raise via convertible loan notes (February 2021)
- Advising an online marketplace on a bridging round (February 2021)
- Advising an IT managed-services provider on a virtual server hosting arrangement with a key client (February 2021)
- Advising a tech startup on a follow-on equity round (February 2021)
- Advising a venture capital company on a £1m investment into a deep-tech startup (January 2021)
- Advising a venture capital company on an investment into a software startup (January 2021)
- Advising an e-commerce startup on its equity seed round (November 2020)
- Advising an angel investor on a convertible loan investment into a immunotherapy and vaccine high-growth company (October 2020)
- Advising the sellers of an edtech startup on the sale of the business (October 2020)
Tech Law Newsletter Editions
Partner and Head of Department
Alice Trotter (Français)
Andrew and Alex's presentation [on data protection and the GDPR] was the most concise and relevant I've heard on the subject. A good balance of practical and regulatory content."
A tech startup founder
"...sensible, realistic view of cases - seizing only the points worth arguing..."
Chambers UK, A Client's Guide to the Legal Profession
Latest blogs and news
In our recent blog, we explored why a Framework Agreement structure is typically the most appropriate customer contracting model for IT managed services providers (“MSPs”) and IT consultancies which offer a diverse product and service offering. Whilst our initial blog focussed on the purpose and terms of the Framework Agreement itself, that document is merely the starting point, given that a Work Order is also needed to document specific terms relating to each product or service offered by an MSP or IT consultancy. A typical service offering is a dedicated software support helpdesk, usually provided to support each of the software products offered by the MSP or IT consultancy to its customers. This blog considers a handful of the key issues to bear in mind when documenting the terms of a Work Order relating to the supply of a software support helpdesk service.
Many businesses lack comprehensive in-house IT expertise and resources to fully implement and manage all of their IT infrastructure requirements. IT managed services providers (“MSPs”) and IT consultancies plug the gaps by typically offering a diverse range of IT services and products to lighten the burden on their customers’ in-house IT teams (or to even remove the need to have an in-house IT team).
In this blog series, we will review the key proposals for reform of data protection law within the Government’s consultation paper ‘Data: A New Direction’. We will consider how far the Government will stray from the current path and signpost some potential pitfalls and practicalities for consideration along the way.
Potential reforms to UK data privacy laws will change the way that cookies work on websites - businesses need to prepare now.
In the last instalment we talked about the ways in which the founders of KNow Wear Limited could protect the intellectual property in their business. Since then, the business has been progressing well and our founders have been working on developing a prototype.
In our last instalment our founders, Sarah and Chris, considered the basics in establishing their tech startup and they incorporated a company under the registered name ‘KNow Wear Limited’.
Many companies in the tech sector will be aware of the new immigration system and Skilled Worker category opening in a couple of weeks on 1 December. For those companies without a sponsor licence, they will need to apply for one in order to recruit both non-EU and EU citizens. EU citizens resident in the UK before 11pm on 31 December 2020 can apply to the EU Settlement Scheme.
Welcome back to the blog series covering the lifecycle of a tech startup, from a legal perspective.
Alex (tech), Andy (tech), Emer (investments) and I (investments) work alongside startups and founders day to day and thought it might to helpful to some of you out there to bring together our expertise on the legal issues that tend to arise and how we deal with them.
This blog will explore the difficulties currently facing tech coworking spaces in light of the Covid-19 pandemic, how providers can keep tenants engaged and what the future may hold for these spaces. For an audio introduction to this topic, please listen to episode 7 of our Tech in Two Minutes podcast.
In recent years there has been lively discussion about artificial intelligence revolutionising the way we work and live our lives. In its policy paper on the AI Sector Deal, the UK government predicted that the development of AI technology could have the same dramatic impact on society as the invention of the printing press.
The Competition and Markets Authority (“CMA”) has today (18 December 2019) given the tech sector an early Christmas present by publishing its interim report on its market study, commenced earlier this year, into online platforms and digital advertising.
If you are a trader selling to consumers online, whether that is through a web-based platform or a mobile app, it is important that you understand and comply with relevant consumer protection laws. Eager to launch, many traders fail to satisfy the key legal requirements of fairness and transparency in their online consumer terms despite serious consequences for non-compliance.
After a 13 year legal battle, the Supreme Court has awarded £2m in compensation to a professor for an invention he created during his employment, nearly forty years ago. This ruling poses the question; will Shanks v Unilever open the floodgates to future compensation claims from disgruntled employees?
Security tokens are a digital representation of ownership rights in real world assets (such as property or shares) and have captured the curiosity of entrepreneurs, startups and investors. This blog summarises the potential benefits and pitfalls of security tokens and is part of our wider crypto assets blog.
Whether you are in the market for short-term profit or making long-term investments, adequate planning is certainly a worthwhile (and small) investment of your time and money. If you’ve been savyy enough to successfully invest in crypto-assets, make sure you are smart enough to ensure your loved ones can benefit, should the worst happen.
Trust is the cornerstone of commercial activity and can be enhanced in the online world by the use of e-signatures and trust services. In this blog we review the different types of e-signature and consider their legal validity and security for executing contracts and deeds.
Website development agreements – consider the content of your contract as well as the content on your site
A strong online presence is often a crucial component of a business’ marketing strategy. If your business doesn’t have sufficient resources to develop its website in-house, it will need to engage a website developer. It is imperative to enter into a carefully drafted legally binding contract with your website developer from the outset of the project in order to protect your business interests and minimise the risk of any future disputes.
On 11 June, the UK Financial Conduct Authority (FCA) issued a “Dear CEO” letter on how banks should deal with the financial crime risks associated with “cryptoassets”. The FCA defines cryptoassets as publicly available mediums of exchange that feature a distributed ledger and decentralised system for exchanging value, such as Bitcoin and Ether. These assets are more commonly known as cryptocurrencies.
Last month the National Crime Agency (‘NCA’) published its annual strategic assessment of Serious and Organised Crime (‘SOC’) in the UK. The data has come from a variety of law enforcement agencies and other sources including the National Cyber Security Centre (‘NCSC’).