26 May 2011

Tea and cookies

Should the law demand the impossible?  

Today the law on cookies changes [1].
Cookies are small files downloaded to a user’s computer or phone when they visit a website or use an online service. Most are completely harmless, and many are essential to the operation of the site, or improve the user experience by, for example, recognising you when you return.
The new law, based on a change to the underlying European directive, requires the user’s explicit consent before a cookie can be transferred to his or her computer. But how is that to work? Government advice confirms that relying on the site terms and conditions is not enough; nor can you rely on the user having set the browser to accept cookies, as that is not specific enough. You must actually ask and get informed, explicit consent.
Easy enough, perhaps, if you have a site that requires people to register or log in; you can get their consent as part of that process. But what about a straightforward information website? The ICO guidance offers a few possibilities, but none of them is satisfactory. Use of pop-ups, for instance, is defeated by users with pop-up blockers. Banners are technically difficult to implement and take up precious space on the site. Demanding consents will put people off using your site, and may drive them to competitors who do not comply. A small business with a website hosted on its ISP’s servers often does not have any facility for the necessary technical measures, or for storing users’ consents. It will simply have to stop using cookies (including inspecting cookies provided by other sites). Many small businesses use ready-made website packages or authoring software and will have no idea whether their sites use cookies; they may have to spend money finding out.
Technically, the exchange of cookie information happens as soon as a website has been accessed – before any information has been displayed. How do you get consent without displaying any text? How do you check if a user has consented to inspection of the cookie on his computer without inspecting the cookie?
The ICO has said that it will not rigorously enforce the new law in the first year, allowing businesses time to comply. That in itself is unsatisfactory – either the law is in force or it isn’t. The regulations were only published three weeks ago.
But the main concern is that it is impossible to comply fully with the regulations. It is this sort of legislative mess that brings business regulation into disrepute, and encourages the impression of thoughtless legislation from Brussels.
The other change made by the regulations is to introduce a new power for the ICO to fine businesses up to £500,000 for breach of the rules. No surprise there.

24 May 2011

Avoiding the Gotchas

Pitfalls in the execution of documents

I am strongly against the law introducing traps for the unwary by insisting on formalities you couldn’t comply with without detailed knowledge of the law. I’m also against documents being invalidated by minor errors in execution, which leads to injustice for innocent parties.
One such trap is section 44(6) of the Companies Act 2006, which did not exist in the 1985 Act. It says that if a document is executed by several companies, each signatory must sign separately for each company. A completely pointless formality, in my view. If, say, a pension scheme deed has to be executed by all 58 companies in a group, all with the same directors, why shouldn’t it be expressed to be executed by all of them and signed just once by each director?
In Williams v Redcard Ltd the Court of Appeal refused to extend this principle, holding that there was no reason why an individual could not sign both for the company and in a personal capacity, and that it was not necessary for the document to specify that the signatory was acting for the company. Good news so far, though the trap remains when you are dealing with several companies.
But the real worry in the case is the assumption that section 44 was relevant at all. The section 44 formalities (signature by two directors, or one director with a witness) apply to documents executed “by" the company. Usually this applies to deeds; most other forms of contract are simply signed or agreed by a director (or some other authorised person) as an authorised agent “on behalf of” the company, which is permitted by section 43(1)(b). No formalities at all are required to agree most contracts as agent on behalf of a company. The contract in the case was a contract for sale of land, so it had to be in writing and signed by or on behalf of the parties[1], but it did not have to be a deed. Property contracts are often signed just by one signatory on behalf of the company. Yet it was somehow assumed that the contract was not signed "on behalf of" the company by the two directors who signed it, and needed to satisfy the section 44 formalities for execution "by" the comapny.
The reasoning is unclear, but the assumption seems to have been that there must be some clear indication that a person is signing “for and on behalf of” the company before it is accepted that it has been signed by an agent. That creates all sorts of traps for contracts entered into informally. Let’s hope that it is not applied further.