As previously reported on our Privacy Blog, TalkTalk, a major UK telecoms company, has been fined a record breaking £400,000 for a data breach after they were hacked. This fine, given by the ICO (the UK’s data protection authority), followed an in-depth investigation into an attack by hackers on TalkTalk’s systems where hackers obtained the details of 156,959 customers, including their names, addresses, dates of birth, phone numbers and email addresses. The maximum fine the ICO can require companies to pay is £500,000. Read the full post on our Privacy Law Blog.
On July 30, 2016, newly-elected British Prime Minister, Theresa May, wrote an article detailing how her government would lead the charge in combatting modern slavery. As a major proponent of the UK Modern Slavery Act (and one who played a key role in the Act’s passage as former Home Secretary), May pledged to make it her personal mission to help eradicate the “barbaric evil” of slavery and human trafficking, calling it the “great human rights issue of our time.” In doing so, she announced the allocation of £33 million from her aid budget to create a 5-year International Modern Slavery Fund focused on high-risk countries.
On the heels of her announcement, an independent review conducted by barrister Caroline Haughey, and commissioned by the Prime Minister herself, was published online. The goal of the review was to “ensure that the Modern Slavery Act, even in its infancy, is fulfilling the intentions of the legislature.” Among the findings were that more victims were identified as operational agencies began to utilize the powers given to them by the Act and, at the same time, there has been an increase in the number of police investigations, prosecutions and convictions. Nevertheless, the review called for greater consistency in how law enforcement and criminal justice agencies deal with modern slavery with special attention paid to additional witness protections, training for police officers, investigators, and prosecutors and a more structured approach in identifying, investigating, prosecuting and preventing slavery. Along these lines, PM May also announced that she would assemble a new cabinet taskforce to coordinate a government response to these issues.
And May is certainly not alone in her concerns about human trafficking. In recent months, the first civil penalty for victims of modern slavery was handed down by Britain’s High Court in a case brought by six Lithuanian men against DJ Houghton Catching Services, Ltd. The men alleged that they were trafficked to the UK and subsequently exploited by the Kent-based gangmaster firm, who tasked them with catching chickens on farms across the country. Notably, the Claimants were confirmed to be victims of trafficking by the UK Human Trafficking Centre or the Home Office. On June 10, 2016, Justice Supperstone charged the company with failing to pay the minimum agricultural wage, unlawfully withholding wages, charging prohibited work-finding fees and failing to provide to men adequate bathroom facilities and meal, sleep and restroom breaks.
The recent emphasis on efforts to combat modern slavery and human trafficking has not changed employers’ obligations under the UK Modern Slavery Act, including those with respect to supply chain transparency and the related reporting requirements under Section 54. It is abundantly clear, however, that the British government intends to continue investing considerable time and resources in the development of an operational framework to properly address and combat practices that violate the Act. Commercial organizations subject to the Act that conduct business in the UK (regardless of where they are based) should take notice of these efforts and continue to conduct the due diligence necessary to ensure that their business and supply chains are compliant.
The Upper House of India’s Parliament just passed an amendment to India’s Maternity Benefit Act of 1961. The amendment increases maternity leave to 26 weeks of paid leave, a major increase over the current 12 week leave. It also grants a number of new rights, albeit with important qualifications. These include:
- Leave may start up to six weeks before the expected delivery date.
- The increase to 26 weeks does not apply to mothers with 2 or more children. For them, the leave continues to be 12 weeks.
- The introduction of 12 weeks of paid leave for mothers adopting a child younger than 3 months old, and for women having a child through a surrogate.
- Allowing new mothers and their employer to agree to a period of time for the new mother to work from home after the 26 week leave ends.
- A requirement for employers to inform women of their right to maternity leave at the time of hire.
The changes still need to be approved by the Lower House of India’s Parliament. The amendments, however, have already been approved by the Prime Minister and his cabinet, and the government has a majority of the seats in the lower house. Therefore, it is likely the amendments will be approved shortly. These expanded maternity leave provisions, providing 26 weeks of paid leave, go far past the protections in some other countries, most notably the United States, which provides for a maximum of 12 weeks of unpaid leave under federal law.
On May 31, 2016, the Advocate General (“AG”) of the European Court of Justice issued its opinion in a case relating to a Muslim employee wearing a headscarf at work. In the case, Samira Achbita v. G4S Secure Solutions NV, Case C-157/15, the AG stated that a neutral policy prohibiting employees from wearing visible religious symbols was not direct discrimination under Article 2(2)(a) of Directive 2000/78 EC, the EU Directive that addresses discrimination in the workplace. Furthermore, the AG indicated that such a policy may not constitute indirect discrimination either, and therefore not be illegal, provided it is based on a legitimate and proportional policy requiring religious or ideological neutrality in the workplace. This decision, while not binding, stands in stark contrast to the law on the subject in the United States, where just in 2015 the Supreme Court held that failing to hire an applicant because she wore a headscarf constituted discrimination.
In Achbita v. G4S, the plaintiff, Samira Achbita, was an employee of a global security firm. Achbita is Muslim, and for over three years followed a company policy that banned wearing any visible religious, political or philosophical symbols. In April 2006, she announced to the company that she intended to wear a headscarf during working hours for religious reasons. In June 2006 her employment was terminated for violating company policy. She sued the company in a Belgian labor court for wrongful dismissal on the grounds of direct religious discrimination. After winding its way through the courts, in 2015 the Belgium Court of Cassation (the court of last resort) certified a question to the European Court of Justice to determine whether prohibiting a Muslim employee from wearing a headscarf in the workplace constitutes direct discrimination under EU Directive 2000/78 EC.
The AG held that the policy was not direct religious discrimination because it was not based on stereotypes or prejudices against one religion in particular as compared to other religions. The AG did rule, however, that a policy banning religious garb could constitute indirect religious discrimination if it was not justified by a legitimate aim. Quoting the EU Directive, the AG held that a genuine and determining occupational requirement is a legitimate aim, but that a rule enforcing that requirement must be proportionate. The AG first ruled that a public neutrality rule was a legitimate aim, since it was “essential” to avoid the impression that customers may associate the Company with the religious beliefs expressed by an employee’s dress. The ruling also noted the rule could qualify as an “occupational requirement” in order to maintain “brand image.”
Turning to whether the ban was a proportionate means of achieving the legitimate aim, the AG made two key rulings. First, the AG held that a total ban on religious garb was necessary to achieve a policy of neutrality. Second, the AG determined that the rule would not create an undue prejudice to religious employees, since, “While an employee cannot ‘leave’ his sex, skin colour, ethnicity, sexual orientation, age or disability ‘at the door’ upon entering his employer’s premises, he may be expected to moderate the exercise of his religion in the workplace, be this in relation to religious practices, religiously motivated behaviour or (as in the present case) his clothing.” Therefore, the AG ruled that an employee may be required to have a “measure of restraint” in his or her religious expression at work, and the level of restraint required depends on the circumstances of the case. In particular, the AG indicated that courts should assess the following factors when determining how to strike a “fair balance between the conflicting interest[s]:”
- The size and conspicuousness of the religious symbol;
- The nature of the employee’s activity;
- The context in which the employee must perform his or her activities;
- The nationality of the company.
Finally, the AG also ruled that employees wearing visible signs of their religious beliefs may be “prejudicial to the rights and freedoms of others” by having an impact on coworkers and customers, and it may affect the Company’s business.
As noted above, this ruling is not binding, and it remains to be seen whether its reasoning is followed by the Court of Justice of the European Union (“CJEU”) and becomes binding precedent for the EU. (A case dealing with the same question, Bougnaoui v. Micropole Univers, C-188/15, currently is pending before the CJEU.) Still, the decision stands in stark contrast to the law in the United States, and multinational employers should be aware of the greater protections afforded religious garb in the United States.
In the United States, under Title VII of the Civil Rights Act of 1964, an employer must accommodate an employee’s religious garb even if it violates a workplace policy, unless the accommodation would be an undue hardship on the company. A major case on the topic, EEOC v. Abercrombie & Fitch Stores, was decided last year. The case turned on whether the failure to hire a Muslim applicant because she wore a headscarf that would have violated a workplace policy constituted religious discrimination under Title VII. (For a full review of the decision, please see here). The Supreme Court, in an 8-1 decision, held that to make out a religious discrimination claim, the plaintiff, “need only show that his need for [a religious] accommodation was a motivating factor in [an] employer’s decision,” even if the employer did not have actual knowledge of the applicant or employee’s religion or need for an accommodation. This stands in stark contrast to the reasoning by the AG in Achbita v. G4S, under which Abercrombie’s workplace policy would likely have been a valid reason to not hire an applicant who would need a religious accommodation.
Employers operating in both the United States and the European Union should be aware of the different standards applied to religious garb and expression in the workplace. We will continue to monitor whether the AG’s opinion is adopted on a wider scale in the European Union, but if this decision stands, it will herald a widening gulf between the conception of religious discrimination, and protections for religious expression in the workplace, between the United States and Europe.
On 23 June 2016 the people of Britain voted in favour of leaving the European Union – the so-called “Brexit.” The result has created uncertainty and speculation as to the implications of Brexit and what happens next.
Employment law has often been cited as an area where European legislation dominates with the implication that departing the EU will radically change UK employment law. Although exiting the EU will have implications for UK employment law, we consider that much that is in place will remain, not just in the short-term but in the medium and long-term too.
In connection with these concerns, we have outlined the potential impact of Brexit on UK employment law in our Client Alert, available here.
Employee’s Privacy Rights
European courts continue to grapple with the limits on employee protections under Article 8 of the European Convention of Human Rights. Article 8 protects a person’s right to respect for their private and family life, and our blog has actively tracked developments on the subject (to review prior rulings, see here, here, and here). The UK’s Employment Appeal Tribunal (EAT) recently further defined the limits of an employee’s expectations of privacy in the workplace when it held that an employee had no reasonable expectation of privacy in emails and photographs from his personal phone that had been passed to the police.
In the case, Garamukanwa v Solent NHS Trust, UKEAT/0245/15/DA, an employee of a hospital, Mr. Garamukanwa, had been in a relationship with a nurse (a fellow employee) that ended. He believed that she left him for another nurse at the hospital, and sent emails to both individuals. An anonymous individual then reported their relationship to a manager, an anonymous Facebook account was set up under the nurse’s name, and anonymous malicious emails were sent to the hospital’s management regarding the nurse. In light of these anonymous actions, the nurse felt threatened, and she complained to the police. Mr. Garamukanwa was suspended pending an investigation, but the police decided to not take any action. In the course of the investigation, however, the police passed all relevant evidence to the employer, including emails and photographs from Mr. Garamukanwa’s personal iPhone. The hospital subsequently terminated his employment.
On appeal, Mr. Garamukanwa argued that his employer could not use the information gathered by the police from his iPhone as a basis for his termination, because it violated his Article 8 rights. The EAT rejected this argument. Importantly, the EAT ruled that the employer’s termination of Mr. Garamukanwa based on the emails and photographs did not even engage Article 8, let alone violate its provisions. Significantly, the EAT held that because the emails were sent to the work addresses of the recipients, dealt with work-related matters, and affected the work of the nurse and other recipients, Mr. Garamukanwa did not have a reasonable expectation of privacy under Article 8. The EAT found it relevant that the company did not rely on any other personal materials from Mr. Garamukanwa outside of what the police provided to them when deciding to terminate him.
This decision provides clarification for companies investigating misconduct. Importantly, even if the employee is using a private device to harass co-workers, if the actions are not solely personal and are connected with work-related matters and the workplace, the employer may be able to rely upon those communications, even if they contain some personal material, as grounds for termination.
Disability Discrimination Protections
Multi-national employers should also be aware of a recent expansion of disability discrimination protections under the UK’s Equality Act 2010. The act prohibits treating an employee unfavorably because of something arising from the employee’s disability unless the unfavorable treatment is a proportionate means of achieving a legitimate purpose. The case, Risby -v- London Borough of Waltham Forest, UKEAT/0318/15/DM, centered on a training course for employees at a location that did not have wheelchair access. One of the employees, who is paraplegic, was extremely upset about the decision, and shouted, swore and made a racist comment toward a junior colleague. The employee was immediately dismissed. The EAT overturned his dismissal, however, holding that he was terminated because of his disability. The EAT reasoned that while his short temper was a personality trait, the employee would not have been angered by the decision to hold the workshop in a venue without wheelchair access if he had not been paraplegic, and therefore his disability was an “effective cause” of his conduct.
This is a broad reading of the Equality Act of 2010, and expands the types of conduct that are protected as ‘caused’ by a disability. Employers operating in both the US and the UK should be particularly aware that this differs markedly from the protections available to US employees under the Americans with Disabilities Act (ADA). While the ADA protects from discrimination against disabilities, the regulations are clear that, “[t]he definition of an impairment…does not include common personality traits such as poor judgment or a quick temper where these are not symptoms of a mental or psychological disorder.” Nonetheless, employers in the UK should be vigilant when terminating an employee with a disability to ensure that the termination is not based on conduct that may be related to a disability.
Until recently, there have been few formal regulations regarding the operation of foreign non-governmental organizations (NGOs) in China. While the Chinese government has expressed skepticism and, at times, hostility toward foreign NGOs, many NGOs – including many prominent U.S. based organizations – currently operate in China. Based on new legislation in China, however, the status of the more than 7,000 foreign NGOs operating in China – in addition to many other organizations wanting to expand into the country – now remains in question.
In late April 2016, the People’s Republic of China passed the Foreign Non-Governmental Organizations Management Law (the “Foreign NGO Law”), which provides considerable restrictions on the operations of NGOs in China. This article highlights a few of the key changes that NGOs should be aware of in light of the Foreign NGO Law, which will take effect on January 1, 2017.
NGOs Required to Register:
Under the Foreign NGO Law, all NGOs currently operating in China – as well as those who wish to operate in China – will be required to register with the government and partner with a Chinese entity. The foreign NGO must register either (1) a representative office if it plans to engage in long-term activities in China, or (2) a temporary event or activity in China. In either case, such registrations will be subject to review and approval by the local police department and Public Security Bureau (PSB).
Previously, foreign NGOs were overseen not by the PSB, but by the Ministry of Civil Affairs. The Ministry is considered by many to be less powerful within the government than the PSB, so this change may indicate that NGO registration is being taken more seriously by the Chinese government.
Eligibility to Register:
Under the new law, foreign NGOs that have a political or religious background are not permitted to register. Entities that have expressed criticism of the Chinese government may also be subjected to heightened scrutiny. Similarly, it is anticipated that NGOs focused on advocacy or preparatory work will be subject to a high level of scrutiny before registration.
The PSB will look to the NGO’s history when determining whether it should be permitted to register. A foreign NGO will be expected to have operated successfully for at least two years in its home country before attempting to register in China.
Requirements After Registration:
After the NGO has been accepted for registration by the PSB, the NGO must apply to another government department to obtain a “supervisor” for the work. The other departments (e.g., Health and Education) typically are controlled by the PSB, and may be reluctant to agree to supervise the work as doing so puts the other department at risk of incurring the wrath of the PSB.
Once registered, the foreign NGOs are not permitted to engage in fundraising or political activity. If the NGO is suspected of activity viewed as harmful to the Chinese government –including “spreading rumors” or obtaining state secrets – it may be shut down and penalized by the government, including by confiscation of properties or income, warnings, and potentially criminal detention of employees.
Penalties for Failing to Register:
An unregistered foreign NGO may not engage in any activity in China directly or indirectly, and may not authorize or fund any Chinese entity or individual to engage in activity on behalf of the unregistered NGO. If an entity violates the law by engaging in activity in China without having registered, the entity and those acting on its behalf may be subjected to penalties including: confiscation of illegal properties or income, warnings, and/or criminal detention up to 10 days.
More Information To Come:
Implementing rules, which may provide more guidance regarding enforcement, may be released by the State Council of the Ministry of Public Security to supplement the Foreign NGO law between now and the effective date of January 1, 2017. We will provide more information on this topic as it becomes available.
European courts continue to clarify the right of employers to review their employees’ emails. As we discussed previously, the European Court of Human Rights and the National Labor Relations Board of the U.S. have recognized that employers have the right to monitor their employees’ internet communications in order to ensure productivity during work. (To review the holdings by the ECHR and NLRB, please click here and here, respectively.)
Shortly after the ECHR opinion, the German Regional Labor Court in Berlin-Brandenburg held that an employer was entitled to check an employee’s internet use without consent and that the employee’s excessive personal use of the internet during company time justified immediate termination. In the case, the employee had a work computer that, according to company policy, was only allowed to be used for work-related purposes. The employer was told that the employee often used his computer for non-work activities, such as surfing the internet. The employer first checked and saw that the employee’s volume of data for his internet usage was surprisingly high, and then decided to actively monitor the employee’s internet use for 30 days. Over that month, which would constitute approximately 160 working hours, the employee logged almost 40 hours of private internet usage. The employer immediately terminated the employee for good cause. The employee challenged the termination on the grounds that his browsing history could not be monitored without consent, and that therefore the browsing history should be excluded from trial. The Regional Labor Court ruled for the employer on each claim. The court held that:
- The employee’s actions were a valid reason for an immediate good cause termination.
- Under the Federal Data Protection Act, the employer was allowed to gather the information from the employee’s computer even without consent, and the browsing history was therefore admissible. The court held that data can be gathered when it relates to the working relationship, and that consent was not necessary because it would not have altered the nature of the review and there was no other way for the employer to monitor this misuse of company time.
- Finally, the court ruled that the employer was not a service provider under the more stringent German Telecommunications Act. This is important because it allowed the company to access the data following only the less restrictive provisions of the Data Protection Act.
Notably, the employee has appealed this decision to the national German labor court, which may decide whether employers are service providers under the stricter Telecommunications Act. This would limit the ability of German employers to monitor internet usage.
The decision is consistent with the decision of the ECHR in Barbulescu: that employers are allowed to monitor employee use of work computers to ensure productivity during working-hours. The decision also affirms prior German labor court rulings that have held that extensive unauthorized private use of the internet can justify termination. Employers should be aware that this case is currently under review, and that the national court’s decision may impose stricter monitoring and consent requirements on employers.
However, the decision illustrates a promising uniformity across jurisdictions. Namely, there is a growing acceptance of the right of employers to monitor employees’ use of company computers when used to ensure productivity, provided that the company’s policies and rules clearly detail the employer’s right to monitor internet usage on company equipment.
The protection afforded to trade secrets is disparate across the EU. In order to protect trade secrets as potential drivers for economic growth and jobs and to create a level-playing field within Europe, the European Parliament has now approved the Trade Secrets Directive.
This Directive aims to provide a minimum, uniform level of protection in respect of undisclosed know-how and business information (trade secrets) against unlawful acquisition, use and disclosure. The intent is for this protection work in parallel with the existing uniform EU law protecting intellectual property.
The Directive provides a minimum standard framework, with common definitions, procedures and sanctions. Higher levels of protection are permitted. Accordingly, countries which already enjoy higher levels of protection (e.g. UK and Germany) will not necessarily need to take any steps to implement the requirements. Nonetheless, decisions of the ECJ interpreting the Directive may well have a bearing on the existing national law of Member States in relation to trade secrets.
The following is a list of the notable aspects of the Directive:
Recitals 27(a) – Post termination restrictions
There are no requirements to harmonise the laws in relation to post-termination restrictions, including non-compete clauses.
Article 1.2a – Subject matter and scope
The Directive does not seek to limit an employee’s use of their experience and skills honestly acquired through the normal course of their employment. This means that what amounts to a trade secret must be above and beyond something that is mere skill and experience. Additional restrictions cannot be put on employees to reduce their mobility because of the Directive.
Article 2 – Definition of “trade secret”
Under the Directive, a “trade secret” is information that (i) “is secret in the sense that it is not….generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question; (ii) has “commercial value because it is secret”; and (iii) “has been subject to reasonable steps under the circumstances, by the person in control of the information, to keep it secret” (emphasis added).
This broad definition reflects the wording of article 39(2) of international TRIPS Agreement (Trade-Related Aspects of Intellectual Property Rights), an agreement administered by the World Trade Organisation. It is also similar to the definition of trade secrets under the U.S. Uniform Trade Secrets Act.
This will be a definition that is ripe for judicial interpretation by the ECJ, especially those parts emphasised in italics.
Article 4(b) – Exception for whistleblowers
One exception to the general prohibition against disclosing trade secrets is for whistleblowers. Article 4(b) explicitly permits the disclosure of trade secrets by whistleblowers, where such disclosure involves raising “misconduct, wrongdoing or illegal activity, provided that the [whistleblower] acted for the purpose of protecting the general public interest”. We anticipate that the scope of this exception will be an area of controversy.
Article 9 – Provisional and precautionary measures
This gives judicial authorities the power to take certain interim actions and precautionary measures against an alleged infringer before a decision has been made. These would include: the cessation or prohibition of the use or disclosure of the trade secret on a provisional basis; a prohibition on producing, offering or placing on the market or using infringing goods or importing or exporting infringing goods; and seizing or delivering up suspected infringing goods. The Article is silent on other interim measures that judicial authorities may have the power to do e.g. search orders, freezing orders and pre-action disclosure.
Article 11 – Injunction and corrective measures
Once the case has been decided, the Directive gives judicial authorities to grant final remedies in addition to or as an alternative to an award of damages, such as orders prohibiting the use or disclosure of the trade secret; prohibiting the production, offering or placing on the market or use of the infringing goods, or importing or exporting or storing infringing goods; adopting appropriate corrective measures with regard to the infringing goods; and destroying or delivering up of relevant documents, objects, materials, electronic files. These remedies will be familiar to UK lawyers.
Article 13 – Damages
This gives judicial authorities the power to award damages for misuse of trade secrets. Interestingly, the legislation expressly provides Member States with the option of limiting the liability for damages of employees where the misuse was unintentional.
The European Parliament has formally approved the Directive. It will now need to be endorsed by the Council of the European Union, which we expect to occur in May. Member States will then have two years to ensure that the national law is in accordance with the Directive, or implement it.
Last month, we blogged about the much discussed ECHR Barbulescu opinion. (To review the implications of the case, please click here.) As a follow up, we wanted to provide further insights to multi-national employers about how this European decision compares to the position in the United States.
Purple Communications, Inc.: the United States’ approach to Email Monitoring
In the U.S., an employee’s freedom of expression, even when using an employer-provided email, has been closely guarded in recent years by the National Labor Relations Board (“NLRB”) under Section 7 of the National Labor Relations Act. Section 7 protects any employee when they engage in “concerted activities for…mutual aid or protection.” The NLRB has made clear that certain company policies that seek to limit social media and electronic communications could infringe on these rights, or “chill” concerted activities, and are therefore prohibited (for a full review of prohibited social media policies, see here, here, or here).
In December 2014, the NLRB encountered a similar policy to the one in Barbulescu. The case, Purple Communications, Inc., asked the Board to decide whether a newly introduced policy that required company electronic systems and equipment to “be used for business purposes only” violated Section 7. The Board held that introducing a blanket prohibition against employees using company electronic systems and equipment for private purposes violated Section 7. The Board held that introducing such a blanket prohibition would chill the rights of employees to engage in concerted activities. Importantly, this decision was limited to employees who already had access to an employer’s email for business purposes, and noted that employee use can still be subject to “reasonable” restrictions (e.g., prohibiting work-time use of equipment for personal purposes, or sending oversized attachments). The decision did not address the issue of whether a new policy which imposed a blanket ban on using company electronic systems and equipment would violate Section 7. The Board also noted (similarly to Barbulescu) that employers are permitted to monitor employee use of company electronic systems to ensure productivity during work-time, so long as the monitoring is not used to impede protected activity. (You can read more analysis about the NLRB’s Purple Communications, Inc. decision here.)
Accordingly, based on Purple Communications and Barbulescu, employers in both the United States and Europe have the right to monitor an employee’s communications on company electronic systems and equipment to ensure that the employee is using work-time productively. However, in order to do so, employers should make it explicit to employees that they may monitor these systems for that purpose as part of their electronic communications and social media policies. A failure to have an express written policy creates a significant risk that any such monitoring would be unlawful: in Barbulescu, the absence of such a policy may well have led to a different decision that would have prohibited the review of personal material; the implication from Purple Communications and other decisions under the NLRB is that absent a clear policy which sets out the scope and purpose of any monitoring, it will be far more difficult for a company to satisfy the NLRB that the monitoring does not violate Section 7.