2021iii19, Friday: arbitrage while the music plays.

How long can Uber’s “labour law arbitrage business” last?

Short thought: There are times when someone comes up with a phrase that perfectly sums a concept up. And you therefore have to lift it – giving due credit, of course.

This week’s example came from FT Alphaville, which caustically, and I think accurately, described Uber as “everyone’s favourite labour law arbitrage business”.

This is beautiful. The whole Uber business model – even more, perhaps, than other gig economy businesses – rests on treating its drivers as self-employed in law, but as under contracts of service (ie workers) in practice. (This was, after all, the essence of the Supreme Court’s judgment earlier this year.)

The reason is simple. As many, many people have documented over the years, the sums just don’t add up otherwise. To succeed, Uber needs to undercut old-fashioned cab services (since its technological advantage is no longer quite so extreme as once it was). So it needs to externalise the significant costs of running a real-world service – which isn’t something that benefits from the zero-marginal-cost scaling advantage of a purely online ones-and-zeroes business – onto its drivers, while retaining sufficient control over them to make sure it can both supply the services with relative certainty and avoid the risk of drivers genuinely running their own “competing” businesses.

Even with this externalisation, and the relentless driving-down of payments to drivers, Uber still loses money hand over fist. Smart people have long opined that the only way the company could ever make a profit is to either have genuinely driverless cars – not going to happen, not in the near enough future – or to drive every other cab firm out of business and hike fares.

At some point, the music will stop. And setbacks to the core arbitrage play like the Supreme Court judgment may well bring that closer. Uber is resisting the judgment, or at least parts of it, while proudly declaring how wonderful it is for complying with the bits it thinks it can just about live with. We’ll see how long that works.

(I note, too, that it spends a lot of time talking about the need for a kind of “middle way” for workers between employee and self-employed status. Which – the sceptic might observe – isn’t a bad definition of “limb b” worker status, which is what the Supreme Court said Uber drivers were. Whereas what Uber seems to be pushing for – unsurprisingly – is something much closer to “self-employed, but with a bit of help”. Which really doesn’t seem to address the point.)


(If you’d like to read more like this, and would prefer it simply landing in your inbox three or so times a week, please go ahead and subscribe at https://remoteaccessbar.substack.com/.)

2021iii3, Wednesday: data, privacy and the Golden Rule.

If people talk about changing data protection laws, always ask for their philosophy; if they won’t say, be suspicious. And two great tales about the file format that makes remote working possible.

I wouldn’t worry if it were still like this.

Short thought: On Friday, I’m giving a webinar on privacy issues in employment. It’s part of a series of employment law webinars over 15 days (two a day); the second such series since lockdown, organised by my friend Daniel Barnett. With signups come big donations to the Free Representation Unit, a splendid charity which organises advocates for people who can’t afford lawyers in employment and social entitlement cases. (So yes – if employment law is important to you, sign up. There’s still 80% of the sessions left to run, all are recorded for later viewing at your leisure, and it only costs £65 plus VAT a head. Discounted significantly the more heads you book for.)

Anyhow: prepping for it has got me thinking. There’s a lot of noise, particularly post-Brexit, about what kind of law governing privacy and data protection we should have. GDPR comes in for a lot of stick: it’s cumbersome, it’s civil rather than common law, it’s inflexible, it makes life harder for small businesses and is easy for large ones. Scrap it, some say. Other countries get adequacy decisions (that’s the European Commission saying: yes, your data protection laws give sufficiently equivalent protection that we won’t treat you as a pure third country, with the significant restrictions on cross-border data transfer that entails) with different laws. Why shouldn’t we? (Incidentally, initial signs are we should get an adequacy ruling. Phew.)

All of this, I tend to feel, misses the point. The first step to working out what data protection architecture we have isn’t common vs civil law. It’s identifying the essential philosophical and ethical – and, yes, moral – basis for why data protection is needed in the first place. When I hear people advocating for changing the onshored version of GDPR, I want to hear that philosophical basis. If I don’t, I’m going to start patting my pockets and checking my firewalls. Because the cynic in me is going to interpret that the same way I interpret – say – calls for restricting judicial review, or “updating” employment law: as a cover for a fundamental weakening of my protections as a citizen and an individual.

Here’s why. GDPR, for all its faults, did represent a root-and-branch shift, and it’s that shift rather than its shortcomings (and lord knows it has them) that has caused much of the outcry. The shift? The imposition, in clearer terms than ever before, of the idea that people’s data is theirs, unalienably so. And if you want to muck about with it, they get to tell you whether that’s OK or not.

I know this is a wild over-simplification. But in our data-rich, surveillance-capitalism world, as a citizen that’s what I want. Yes, it carries downsides. Some business models are rendered more difficult, or even impossible. But that’s a trade-off I’m happy with.

I’m aware of one case, for instance, where an employer is alleged to have accessed an ex-employee’s personal email and social media accounts (or tried to) using credentials left on their old work computer, because the credentials to a work system were missing and there might have been password re-use.

I’ll leave the reader to compile their own list of what potential problems this might give rise to. But it does bring into sharp relief what I think the core issue is in privacy and data protection, both generally and in the employment context.

And it boils down to this: don’t be (to use The Good Place’s euphemistic structure) an ash-hole.

Honestly, it’s that simple. So much of employment law (and here, as we saw in the Uber case and many others, it differs from “pure” contract law significantly) is about what’s fair and reasonable. (As employment silk Caspar Glyn QC put it in his webinar on Covid issues yesterday, he’d made a 30-year career out of the word “reasonable”.) And through the architecture of statutes and decisions and judgments, what the tribunals and courts are ultimately trying to do is apply the Golden Rule. Has this person, in the context of the inevitably unequal power relationship between them and their employer, been treated fairly?

Now, everyone’s definition of “fair” is going to differ. But that’s why we have laws and (in common law jurisdictions like ours) authority. So that we can have a common yardstick, refined over time as society evolves, by which to judge fairness.

What does this have to do with privacy in employment? Loads. For instance:

  • Can you record people on CCTV? Well, have you told them? Have you thought about whether it’s proportionate to the risk you’re confronting? Does it actually help with that risk more than other, less intrusive, means?
  • Can you record details of employees’ or visitors’ Covid test results? Well, why are you doing it? Do you really need it? If so, how are you keeping it safe – since this is highly personal and sensitive health data?

It’s difficult. But it’s difficult for a reason. Personal data is so-called for a reason. Its use and misuse have immense, and often incurable, effects. The power imbalance is significant.

We lawyers can and do advise on the letter of the law: what GDPR, the Data Protection Act, the e-Privacy Directive and so much more tell you about your obligations.

But a sensible starting point remains, always, to consider: if this was my sister, my brother, my child, working for someone else, how would this feel? How would their employer justify it to them? And if they came home, fuming about it, would I think it was fair?


I live here. Or so my family would probably say.

Someone is right on the internet: I haven’t been in my Chambers since September. My workplace is my home office. It’s evolved into a decent environment over the past year. Furniture, tech, habits: they’ll keep changing, but they’re in a pretty good place right now.

But in many senses, the single biggest enabler of my remote working isn’t a piece of kit, or even a piece of software. It’s a data format. The PDF.

PDFs have been around for decades. Adobe came up with it, and in one of the smarter bits of corporate thinking, gave it away. Not entirely, of course. But anyone can write a PDF app (my favourite being PDF Expert) without paying Adobe a penny; while Adobe, rightly, still makes shedloads from selling Acrobat software for manipulating PDFs as a de facto, rather than de jure, industry standard.

And I rely on PDF entirely. I convert almost everything to PDF. All my bundles. All my reading matter. Practitioner texts. Authorities. Everything. Even my own drafting gets converted to PDF for use in hearings. That way, I know I can read them on any platform. Add notes, whether type or scribble (thank you, Goodnotes, you wonderful iPad note-taking app), highlight, underline. And have those notes available, identically, everywhere, in the reasonable confidence that when I share them with someone else, they’ll see precisely what I see, on whatever platform and app they themselves have available. They’re now the required standard in the courts, with detailed and thoroughly sensible instructions on how PDF bundles are to be compiled and delivered. (Note that some courts and tribunals have their own rules, so follow them. But this is a good starting point.)

My utter reliance on, and devotion to, PDF means I’m interested in its history. And two excellent pieces tell that story well. One describes Adobe’s long game. The other describes PDF as “the world’s most important file format”. Neither are terribly short, but neither really qualify as long reads. And given how much we now rely on this file format, they’re both well worth your time.


(If you’d like to read more like this, and would prefer it simply landing in your inbox three or so times a week, please go ahead and subscribe at https://remoteaccessbar.substack.com/.)

2021ii22, Monday: tl;dr.

Lord Leggatt is a judicial hero. And, as we now know, he understands that somethings really are too long; didn’t read. Also: creative conflict at its best.

Short thought: Smarter and better minds than mine have crawled all over the Uber judgment, handed down by the Supreme Court on Friday. It’s justifiably been the centre of attention in the employment law world: although obviously deriving from a specific set of facts, it nonetheless lays down a clear line as to whether companies can seek to dictate through contract terms whether their staff are workers – to whom they owe at least some employment rights – or independent contractors, to whom they owe nothing but payment for services rendered.

The tl;dr version: they can’t. It’s a question of statutory interpretation, not pure contract law. And it’s the reality of the relationship, not the words on the page, which make the difference.

Big news. Gig economy “employers” will have been poring over their business models and contracts over the weekend. Many, I anticipate, will find themselves in (for them) uncomfortable territory. I’m of the view (for what it’s worth) that the Supreme Court has gone the right way on this. That said, what will change straight away? Perhaps not much. Individual workers may need themselves to sue, given that the government seems notably uninterested in doing anything about it themselves. (The post of Director of Labour Market Enforcement, occupied on an interim basis by Matthew Taylor, falls vacant at the end of this week. He offered to stay in the job for nothing. He was turned down. Apparently none of the candidates were suitable. So clearly this wasn’t a high priority.) And as we’ve seen, the backlog in the employment tribunals, largely thanks also to government policy, is vast.

Among the mass of commentary, Jason Braier (unsurprisingly – his #ukemplaw Twitter form is near-unrivalled) has one of the best explanations. Fifty-plus tweets, but worth following through all the way. Although a pupil at our chambers, Ian Browne, managed to sum the whole thing up beautifully in two paragraphs:

But it’s not Jason’s (or indeed Ian’s) splendid work that I want to point to. No; it’s the magisterial judgment itself – the work of Lord Leggatt, a relatively recent addition to the UKSC. Friends and colleagues who’ve appeared before him are fans; even those he’s monstered with his questions or found against. I haven’t risen to those heights. But he was already one of my judicial heroes thanks to his judgment in the case of Gestmin v Credit Suissewhich I wrote about recently as the starting-point for the acceptance by the English courts (the Commercial Court, at least) that the fragility of memory was a critical consideration in how justice could be delivered.

Well, Lord Leggatt has done it again. We’ve all done that thing where you turn to the back of a judgment to find out the outcome, only to find there are 50 paragraphs of obiter addenda to wade back through. Not so here. In a glorious judicial tl;dr of his own, and perhaps in the knowledge that many reading a judgment with such significance for working people won’t be lawyers, Lord Leggatt gives the outcome upfront in paragraph 2, in just 39 words. Bless the man.


Someone is right on the internet: “Why can’t we just get along?” Because sometimes, just sometimes, we need to argue.

Argument is not, in itself, a bad thing. Debate and disagreement are like mistakes. Without them, you can’t learn, or grow, or find out you’re wrong. And if you can’t do those, there’s no hope for you – and no point in listening to you.

In this bit of writing, Ian Leslie calls on two examples. The first is an interview between noted right-wing poster-boy Jordan Peterson and Helen Lewis. Lewis is a great reporter, but this interview caused lots of people to accuse her of malice or unfairness, or (grow up, people) of some kind of “woke agenda”, in how she treated Peterson. I can’t see it. As Leslie suggests, she seems to be engaging in – to British eyes – a perfectly normal piece of searching and probing, but by no means unfair or aggressive, interviewing. To which Peterson seems to respond in a notably thin-skinned, take-it-personally manner. Odd, for someone whose shtick seems to be all about people toughing up, taking responsibility and stopping with the whining.

But it’s the second I really loved. You’ll have to scroll all the way down for it, but he describes a row (apparently well-known to Beatles fans, which I’m not particularly) between Paul McCartney and George Harrison during a rehearsal for a TV performance. Apparently it’s cited as an example of why the Beatles split, but Leslie instead sees it as an example of how conflict between collaborating artists can take their creativity to still loftier heights:

Maybe this won’t be interesting to anyone who isn’t a Beatles nerd but even if you’re not, isn’t it incredible have a raw and unfiltered record of one of the all-time great creative collaborations, as it happens – tensions, irritations, disagreements and all? If it is a little boring, that’s interesting too – it shows how magic can grow out of a long series of banal interactions. Anyway – it’s during this extended argument that Paul coins a favourite quote of mine, applicable to any creative process: “It’s complicated now. If we can get it simpler, and then complicate it where it needs to be complicated.” Whether you’re stuck on a song, an essay or a coding project, this is great advice: strip it back to its simplest form and then let the complications force their way in. (A little later, Paul rephrases it: “Let’s get the confusion unconfused, and then confuse it.”)

“Get the confusion unconfused, and then confuse it.” Wonderful. My new theme song.


(If you’d like to read more like this, and would prefer it simply landing in your inbox three or so times a week, please go ahead and subscribe at https://remoteaccessbar.substack.com/.)

2021ii5, Friday: Malleable memory.

The litigation process causes witness inaccuracy – and the courts are recognising that. Also: a wonderful hymn to the joy of errors. And why stories can help fight corruption.

Short thought: Job one, when you’re a barrister, is to read the papers. 

In olden times – that is, a year ago – these would normally arrive in fat bundles. Possibly, even today, tied up in pink tape. (Ah, the nostalgia.) Nowadays it’s PDFs. Already put together if you’re lucky. Buried in dozens of nested emails if you’re not. (The fact that I’ve written about this three times in the past six months shows how painful this is.)

But however they come, knowing the papers, inside out, is critical.

In commercial litigation this is if anything more important. The reason? Over the past decade or so, judges in the English commercial courts have recognised the fundamental problems with oral witness evidence, long considered the gold standard and backbone of any trial. 

The first really stalwart example of a judge making it clear that documents, not people, were what they would primarily rely on was the case of Gestmin v Credit Suisse [2013] EWHC 3560 (Comm), in which Leggatt J (now Lord Leggatt JSC) made clear at [15]-[22] his awareness that memory is fallible, that the process of civil litigation itself risked making it still more fallible, and that the mechanics of memory formation itself meant relying on witness recollection except as a means of scrutinising the documents in the case was usually a futile exercise.

There’s been push and pull about Leggatt J’s points ever since. But at their heart they stand up. They reflect, among other things, the growing and spreading knowledge of how cognitive biases function (warning: that link is a rabbit hole from which you may not emerge), and the fact that memory is a construct, not a recording. 

The Courts’ recognition of this, at least in commercial litigation, is now official. Enshrined in a new practice direction (PD57AC for those keeping score – starting at p64 of the linked PDF), are rules about witness statements at trial which seek to mitigate the adverse effects of the litigation process and improve the odds of witness evidence actually being useful. The explicit recognition of what one might call the Gestmin principle is at para 1.3 of the appendix, at page 69 in the PDF I linked to:

Witnesses of fact and those assisting them to provide a trial witness statement should understand that when assessing witness evidence the approach of the court is that human memory:

(1) is not a simple mental record of a witnessed event that is fixed at the time of the experience and fades over time, but

(2) is a fluid and malleable state of perception concerning an individual’s past experiences, and therefore

(3) is vulnerable to being altered by a range of influences, such that the individual may or may not be conscious of the alteration.

The other reason for the PD (and this was made clear on a enlightening webinar by the Leeds BPC Forum earlier this week addressed by Andrew Baker J) is the burgeoning use of witness evidence to make arguments. Judges are getting more and more annoyed by this – one can do little better than look at the many, many posts on Gordon Exall’s Civil Litigation Brief (this is just the latest) on this subject for excellent examples. 

Either way, though, the message is clear. Know your papers. Make them tell the story you need to tell, and use witnesses carefully to buttress that story. Because if you don’t, the other side definitely will.


Someone is right on the internet: Speaking with the experience that comes from being the parent of a 14-year-old, her generation seem to have a harder time with perfectionism than mine ever did. I don’t know why, but I suspect the welter of examples, spread across countless media, of people who seem effortlessly to succeed – with all the hard work in the background neatly occluded – may have something to do with it. The fact that Gen Z simply, frankly, has it harder than we do, with narrower pathways to success and far greater consequences for screwups along the way, is probably also relevant.

Even so, I remain a true believer in the principle that to be good at anything, you have to be OK with being bad at it for a while as you try to improve. And that it’s OK – no, it’s critical – to be OK with getting it wrong. So long as you only get it wrong the same way once. I remember interviewing someone for a job once who surprised me at the “do you have any questions for me?” stage by asking how I’d deal with her making a mistake, which sparked a great discussion about the importance of assessing people by how they correct and learn from errors, rather than by the errors themselves. A reallybrave question, but in fact an excellent one – one which made sure she got onto the final shortlist. 

So this piece by David Duchovny (yes, that David Duchovny) struck a chord. Starting with a Beckett quote – “Fail again. Fail better” – he weaves a hymn to the importance, and sometimes even the joy, of screwing it up and trying over. Or, as Fred and Ginger put it, “Pick yourself up, dust yourself off, and start all over again.” He also used a word I’ve never seen before, but am now in love with: hamartia, which he describes as the “near miss” that delivers an electric energy driving the next attempt. (Dictionaries give a darker meaning: the tragic flaw in a hero that triggers their downfall. But Duchovny’s sentiment, if not his usage, is bang on.)

Seriously, it’s a great read. (Sorry, paywall again, but The Atlantic’s is metered so you should be able to take a look.) And I can’t sing this song often enough. 


Thing I wrote: In less plague-ridden times, Fiona Horlick QC – a fantastic advocate and a genius at health and safety and disciplinary law – is my roommate at Chambers. 

(Barristers’ chambers are usually, although not always, set out in individual rooms rather than open-plan spaces. Our work doesn’t lend itself to the disruption and lack of privacy of open-plan. But often those rooms are shared with one or two others – which both cuts the cost and makes for a pleasant collegiality. Alex Haines, one of only a handful of lawyers who are genuine experts in the law of international organisations like the IMF or the international development banks, is in our room too.)

For the moment, of course, we’re physically far-flung. But we’re still working together. And Fiona and I put together a piece for the Government’s Public Sector Counter-Fraud Journal (link to the whole thing in PDF; we’re on page 5) on how the stories people tell themselves can encourage corruption – and how we can use those stories to quell it or find it as well. My past life as a reporter means that perhaps I look too much for narrative in my work as a barrister, but finding the right story can be a hugely important tool (a bit like finding the right analogy – see the last chunk of this piece). And understanding how the stories which people tell themselves can influence their actions is important for this, too.


Thing I said: My friend Daniel Barnett, who’s been mentioned in these annals before, was as upset and (frankly) perplexed by the Times’s assault on employment tribunals and their judges as I was. So he corralled – sorry, persuaded – several employment lawyers to take the Times’s inaccurate claims apart on his YouTube channel. I was one of them. Personnel Today followed us up – thankfully with a pic of someone else, not me. Phew.

Incidentally, judges aren’t the only people who can’t answer back. Think of all the tribunal staff who’ve been working their hardest, amid this nightmare of a pandemic, to keep the show on the road and to keep delivering justice. They don’t have a voice either, but their morale is hit just as badly by inaccurate garbage like this. We’re fortunate to have a voice; as (for barristers) self-employed professionals, speaking up for people is our job. So in this we’re speaking up for them, too.


(If you’d like to read more like this, and would prefer it simply landing in your inbox three or so times a week, please go ahead and subscribe at https://remoteaccessbar.substack.com/.)

2021i11, Monday: reluctance or refusal?

Vaccination – mandatory or not? Wise words from the Family Division. And the bell tolls for mainstream specialist legal journalism.

Thing I wrote: I was going to do a short thing about whether employers could require staff to get Covid vaccinations. But it turned out longer than I anticipated, so it’s a separate piece here. tl;dr: I don’t think so, not lawfully; except for care homes and healthcare, where the health and safety picture is very different. And if someone’s imbibed the conspiracy theories and is trying to stop other staff from getting vaccinated – well, that’s a whole ‘nother story, with more room for an employer to take a firmer line.


Short thought: Applause to the President of the Family Division, Sir Andrew McFarlane. His latest message (see paras 11-16) makes crystal clear why court hours – normally from 10 to 4.30 – are no more “part time” than are teachers’ hours, and why it’s simply not right or sustainable to make early or late listings a matter of course. No reason why what he says shouldn’t apply elsewhere.


Someone is right on the internet: David Allen Green does a fantastic job of public comms about the law. Increasingly, he and his ilk are on their own, though, since – as David writes – specialist legal correspondents in the press are disappearing. I remember, back in my reporter days, sitting round a table in the Law Offices with Joshua Rozenberg (then the Telegraph’s legal correspondent), elegantly roasting the then-AG about the just-published Fraud Review. He was, and is, a marvel. But he’s no longer a staffer. And with the exception of the Times and FT, there aren’t any left.

Sure, as I mentioned last week when talking about RSS readers, the internet is full of superb legal writers, from ol’ SB to Joshua himself. But they’re mostly read by us specialists. At a time when the rule of law is under assault – and it is – people with a popular platform who can explain why spin about legal aid, or Tribunal fees, or sentencing, or judicial review, is plain wrong are more important than ever.

And there’s barely any of them left.

(For a somewhat more optimistic take, Joshua’s own view is worth reading. He notes Dom Casciani has now added Legal to his Home Affairs brief. Dom’s really good. But the jobs aren’t the same. And that’s an awfully big beat.)


(Don’t forget – if visiting a site doesn’t float your boat, you can get this stuff in your inbox. Subscribe at https://remoteaccessbar.substack.com/.)

The difference between reluctance and refusal.

I don’t think (legally speaking) employers outside care or healthcare are likely to be able to force staff to vaccinate. But even in those areas, in these early days it’s best to talk about it. Which will enable you to spot the conspiracy theorists putting everyone at risk…

A good friend of mine, Daniel Barnett, recently let me loose on his HR Inner Circle, presenting an hour-long ask-me-anything about employment law on Zoom. Great questions, from thoughtful HR professionals. (including a nice one on TUPE. I’m mad. I actually like TUPE stuff.) It was a delight, and a privilege.

(Daniel, as I’ve mentioned before, terrifies me. His entrepreneurial existence is scheduled and planned apparently to the microsecond – he says thanks to online outlining tool Workflowy. Tried it. Not for me. I’ll stick with Craft for the moment – which I’ll get round to writing about in detail once these cases are over.)

Two questions were about vaccines – specifically, whether an employer could require staff to take them as a condition of employment. It turns out that Daniel – unknown to me – had posted a video about this shortly before the session. We came broadly to the same conclusion: no, usually they probably can’t – but the unpalatable and impoverishing alternative for the employee might well be to resign or be fired, and sue for unfair dismissal. (Possibly automatic unfair dismissal on health and safety grounds, but that’s trickier. Another friend, Gus Baker, is a good guy to go to on that.)

That said, the situation’s likely to be different in care homes and the NHS. There, there’s a strong H&S obligation to protect service users and staff in a high-risk environment. I (and I think Daniel) would reckon an employer would have a far better argument there, as they undoubtedly do for mandating regular tests.

What Daniel didn’t get a chance in his video to consider, and what I discussed on the call, was whether it might be different in these early days of the vaccine. I think it may well be, even in care environments. Many people could be forgiven for some nervousness: I’ll be at the front of the queue once my turn comes, but given the unprecedented (and bordering on miraculous) speed of development and rollout I wouldn’t be surprised to find people thinking they might want to leave it a month or two, to see if any unanticipated side-effects kick in. On the whole, I’d think it’s worth employers talking to staff and understanding reluctance; that’ll probably go some way towards encouraging participation in due course. Certainly much more than a hard line from the get-go.

This approach may seem obvious – but its roots are in the same kind of “harm reduction” approach to healthcare that created needle exchanges for drugtakers, stressing that shame and stigma don’t work, but trying to understand where people are coming from does.

But what about those who aren’t reluctant but rather refuse? Particularly those who seem to be imbibing Facebook-driven madnesses concerning 5G, Bill Gates-designed microchips or other lunacies? And – still worse – try to persuade others to boycott the thing as well?

Like Daniel, in a care environment I think employers might have a good case for taking a hard line on this. Particularly if you’re not only refusing but agitating for others to do likewise. The risks are too high, for too many people.

And it frankly scares me. A relative of mine who works in a care home had his first jab just before the New Year. He says two thirds of his colleagues have refused – and a number of them are definitely of the “it’s all a plot, tell your friends” variety. I despair. Humans. Really.

A good day for employers. With a data protection sting in the tail.

I’m not going to usurp those who know a lot more than me (Panopticon, I’m looking at you). But today’s Supreme Court decisions on vicarious liability are a big deal.

There’s a thematic beauty to the fact that the Supreme Court decided to release its judgments in WM Morrisons Supermarkets plc v Various Claimants [2020] UKSC 12 and Barclays Bank plc v Various Claimants [2020] UKSC 13 on the same day. Taken together, the two judgments offer a solid dose of relief to employers worried about the circumstances in which they can be held liable for the acts of employees (Morrisons) and independent contractors (Barclays). But there’s at least a slight sting in the tail of the Morrisons judgment, which anyone responsible for keeping an organisation on the data protection straight and narrow would do well to recognise.

I don’t propose here to go into huge detail. If you want a really in-depth look at Morrisons – and it pains me to point you to another Chambers, of course – 11KBW’s Panopticon blog does a lovely job, while the estimable UKSC Blog’s writeup of Barclays will give you what you need in just a few paragraphs.

But these cases are so interesting that I couldn’t let the day pass without at least a quick note.

On the vicarious liability front, the main lesson from Barclays appears to be that nothing dilutes the fundamental question where the wrongdoer is in fact an independent contractor, which is to determine whether their role and their actions are akin to an employment relationship. In doing so, it’s important not to get hung up on the five “incidents”, factors identified in the Christian Brothers case ([2012] UKSC 56) such that one loses sight of that central question. If the independence of the contractor is clear, there’s no need to waste time going through the incidents. They’re a guide, not a test.. So the incidents aren’t a test; they’re a guide.

Unsurprisingly I find Morrisons even more fascinating. Just to recap the facts: Andrew Skelton, a Morrisons employee with access to payroll data as part of his job was disciplined for misconduct in 2013. In retaliation, in early 2014 Skelton put a copy of payroll data for the supermarket group’s entire workforce online, and tried to leak it to the papers – who, thankfully, instead told Morrisons. (Skelton is now in jail for having done this.)

Some of Morrisons’ employees sought to hold the company vicariously liable for the leaker’s breach of their data protection rights. At first instance and appeal, they won.

The Supreme Court has now decided otherwise. Critically, the Court points out that just because Morrisons gave Skelton access to the data, making him a data controller, that doesn’t make them responsible for everything he did with it. In this case the Christian Brothers incidents aren’t relevant – no-one argues Skelton wasn’t an employee. But his misuse of the data wasn’t sufficiently part of the task he was entrusted with (which was to send it to Morrisons’ auditors) to make Morrisons responsible for his actions. The fact that he had a strongly personal motive – to retaliate against Morrisons – was highly relevant to the analysis too.

Before everyone starts getting too comfortable, though, Morrisons doesn’t leave companies with a free pass for their employees’ data protection errors:

  • For one thing, the Data Protection Act and the GDPR (for as long as it remains applicable…) can impose direct liability on organisations if the wrongdoing is in practice on the employer’s behalf, or if the organisation’s slipshod controls played a part in enabling it.
  • For another, and this is the real sting in the tail: Morrisons sought to argue that the DPA excluded vicarious liability, whether for common law or statutory wrongs, limiting liability only on data controllers and even then only if they’d acted without reasonable care. The Supreme Court had little time for this. It drew the comparison with vicarious liability for an employee’s negligence: assuming the normal test for vicarious liability was met, there was no reason why, if strict employer liability applied to that, there was no reason absent explicit statutory language (which there isn’t), it shouldn’t apply to employee data protection wrongdoing too.

So a big day for employers, a fascinating one for employment lawyers – and good times for the data protection geeks as well.