Please see below our corporate insights for May from our business law experts.
Our clients often seek advice on how to protect their unique product or invention from copying by their competitors. Depending on what you wish to protect, you can register a trade mark, a patent, a design right; or, you can rely on intellectual property rights that don’t require registration.
The recent attempt by Nestle to register the shape of its four-fingered KitKat bars, is a reminder of the necessary elements of a registrable trade mark.
Trade marks can consist of product shapes or their packaging (for example, the Coca Cola bottle), the colours associated with a trading style (such as the BP green petrol stations), as well as sounds, smells and slogans. However, it is more difficult to register these marks, as Nestle has found to its cost.
Nestle first tried to trademark the shape of its four-fingered KitKat bars in 2010 and has been involved in a battle with Cadbury, which has, ever since, opposed the application. In 2013, Nestle succeeded in blocking Cadbury’s attempt to trademark the distinctive purple colour that it has been using for the packaging of its Dairy Milk Bars since 1914.
Why did Nestle lose this round, and what can you learn from it? To be registrable, a trade mark must be:
– capable of being represented graphically;
– capable of distinguishing goods or services; and
– not excluded by statute.
Nestle tried to persuade the court that the shape of a KitKat had “acquired distinctiveness.” The Court of Appeal rejected this argument. It agreed with the High Court that it was not enough for Nestle to show that consumers merely associated the shape of the bar with the Kit Kat product. Instead, the company would need to show that consumers relied upon the shape to indicate where the product came from, irrespective of any other brands that appeared on it.
This decision shows how difficult it is to register the shape of a product as a trade mark. The courts’ view generally is that consumers tend to rely upon the brand or even packaging design to correctly identify the product; but a considerable weight of evidence is required to show that it is the shape that is the defining identifier in the minds of consumers.
We are also holding our next corporate insights seminar in June. Graham will be joined by an expert panel who will guide you through a case study revealing some effective ways of protecting and exploiting your IP. To register your interest please click here.
The issue of employment status has been thrust into the public eye recently as a result of individuals bringing claims about their own status against well-known companies, such as Uber, City Sprint and Deliveroo.
Generally employment law recognises three main types of employment status: employees, workers and the genuinely self-employed.
Correctly identifying the employment status of an individual is important because it determines what employment rights (if any) that person has. For example, ‘workers’ have protection from unlawful deduction from wages and the right to be paid a national minimum wage. ‘Employees’ have additional rights including protection from unfair dismissal, family leave rights and a right to statutory redundancy payments.
Unfortunately for employers there is no clear set of defining criteria against which the individual’s status can be determined and whilst you can look at factors such as:
– the obligation to offer/accept work;
– the element of control;
– the power to appoint a substitute;
– the provision of equipment; and
– holiday and sickness absence arrangements,
the recent highly publicised cases show that there is still a great deal of uncertainty in this area, particularly in the so-called ‘gig-economy’. Further criticism is that the law in this area is out of touch with modern working practices.
What makes matters more confusing is that HMRC has a different way of assessing ‘status’ for tax purposes meaning that one person may be liable for income tax but not an employee for the purposes of employment law. Getting it wrong may result in a demand for back payment for underpaid NICs and income tax as well as the imposition of a large fine and interest due on the back payment.
Where does that leave employers?
In March 2017, HMRC made available a new online employment status service to help employers determine status for tax purposes. HMRC have said it will stand by the results given if the information provided by the employer is accurate and not contrived.
It seems also that the Government has listened to the concerns of employers about status from an employment law perspective. It has asked Matthew Taylor, the Chief Executive of the Royal Society of Arts and former policy chief, to lead an independent review of employment practices, including those on employment status.
The results of the ‘Taylor Review’ are expected in summer 2017 and though unlikely to lead to a substantial overhaul of the law in this area it is at least expected to result in clarity and further guidance from the Government.
The results of the Taylor Review are likely to receive a lot of media coverage bringing this issue back into the mind of the individuals you engage. It is key for businesses therefore to ensure that they are prepared and clearly define service relationships at the outset, assessing the practical arrangements of the working relationships and ensuring that the documentation is in place and supports that position.
Should you have any questions or require help or assistance in relation to these issues please feel free to contact your usual Morrisons’ advisor or Emma McLoughlin by phone 0208 971 1088 or by email Emma.McLoughlin@morrlaw.com
The 25 May 2017 marks one year until the General Data Protection Regulation (GDPR) comes into effect. The GDPR will introduce a number of new obligations on data controllers and, for the first time, assign obligations to data processors. It is fair to say that almost all businesses will need to comply with these obligations and, with some breaches carrying fines of up to €20m or 4% of turnover (whichever is the higher), businesses need to start taking steps now.
The Information Commissioner’s Office (ICO) has made it clear that GDPR is coming to the UK despite Brexit and it appears to have been ramping up its enforcement of the current legislation to show that it needs to be taken seriously. It has been carrying out investigations of specific sectors, including an investigation of data protection practices adopted by charities, leading to fines being issued to 11 charities. Monetary penalties quite regularly exceed £100,000.
We will be exploring the changes over the next few months and setting out the practical considerations for businesses in our GDPR blog series, which will focus on the following new rights, obligations and concepts:
1. Obligations on data processors (those who process personal data on behalf of a data controller)
Currently, direct statutory responsibility falls on data controllers, which are required to impose controls on data processors through contract. Data controllers are those who decide the purposes and means of processing personal data. Under GDPR, data processors will also be directly regulated and will owe new statutory obligations to data controllers.
Many businesses process personal data on behalf of other organisations as part of their service and these organisations are likely to find that their customers will be tightening up their contractual documents and looking more closely at their supplier’s practices.
2. Privacy impact assessments
Where data controllers or data processors use new technologies that result in a high risk to the rights and freedoms of individuals, they must carry out a privacy impact assessment of the envisaged processing. Where there is a high risk, they must consult the relevant data protection authority (DPA) (i.e. the ICO in the UK).
3. New data subject rights
New rights include a right for individuals to have their personal data transferred to another data controller. Subject access requests will now be free of charge in most cases and the right to be forgotten has been formalised.
4. Notification of breach
GDPR introduces mandatory reporting of data breaches to the relevant DPA. Reports must be made without undue delay and, where feasible, within 72 hours of becoming aware of the breach. Businesses must also notify affected individuals without undue delay where the breach is likely to result in a high risk to the rights and freedoms of the individual.
5. Fair processing information and consent
There has been a considerable tightening up of what constitutes consent. Additional safeguards have been included for children in the context of consent given online by a child. A more prescriptive list of information that will need to be included in privacy notices.
These are by no means the only changes and we recommend you carry out a review of your personal data processing, policies and procedures as soon as possible in order to bring your business into compliance.
At Morrisons, we offer a step by step process, data protection review and assistance package, which we can tailor to needs, size and budget. If you would like our assistance bringing your data protection practises, policies and procedures into compliance with GDPR, please contact Natalie Wood from Morrisons Solicitors on 01737 854 544 or at firstname.lastname@example.org
Look out for details on our upcoming GDPR seminar in November – click here to register your interest and to receive details once available.