TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

In a long-term outsourcing, software as a service (SaaS), or other services agreement, the customer will typically push for a termination right relating to the service provider’s breach, and perhaps for an insolvency event or change in control of the service provider. However, the customer should also consider including the right to terminate for its convenience (without cause), which could cover any of the following situations:

  • The customer is not satisfied with the service provider’s performance under the contract even though the provider is meeting its service level and other performance requirements under the contract.
  • Many alleged breaches by the service provider are initially “black and white” in the view of the customer, but they turn “gray” when the service provider pushes back and alleges nonperformance, nonresponsiveness, lack of cooperation, and the like on the part of the customer. Adding the customer’s right to termination for convenience can avoid the potential dispute over whether the customer has the right to terminate on other grounds.

Are you about to sign a service agreement with a third-party service provider under which it will access and use technology of your company? Have you checked your applicable third-party contracts to see if you need any consents? The contracts under which your company uses technology every day, from the mundane to the critical, may contain hidden restrictions on the third party’s access and use for your benefit under the services contract.

There is an endless number of arrangements a customer could have with its third-party service providers, but this Contract Corner will discuss the case where the customer authorizes a service provider to access and use licensed software either while remaining at the customer site, or by moving it to the service provider’s site. More specifically, it explores just some of the issues and language in the customer’s license agreements with those third-party software providers to be checked during pre-signing due diligence.

Open Banking is an initiative mandated by the UK’s Competition and Markets Authority (CMA) in 2017. It is intended to facilitate better competition in the banking sector by mandating protocols that facilitate the secure sharing of customer-related data of the nine largest banks in the United Kingdom (CMA9) with third-party providers (TPPs).

Open Banking is developed and delivered in the United Kingdom by the Open Banking Implementation Entity (OBIE). The OBIE was established by the CMA and is funded by the CMA9. The CMA’s UK Retail Banking Market Investigation Order 2017 (Order), which applies only to the CMA9, requires the CMA9 to provide their customers with the ability to access and share their account data on an ongoing basis with TPPs through the use of specified application programme interfaces (APIs). This compliments the reforms under the EU’s Second Payment Directive (as transposed in the United Kingdom primarily by the Payment Services Regulations 2017), which requires all payment account providers to permit open access to payment accounts for authorized TPPs, but which does not specify the means of access or prescribe the scope of access in any detail.

As a follow-up to our recent post on third-party contract due diligence in outsourcing deals, this post focuses on how customers in outsourcing deals handle the disposition of legacy third-party contracts—one of the thorniest and most work-intensive work streams—once diligence has concluded.

The due diligence review of existing third-party contracts is a critical component of any outsourcing deal. For the company that is outsourcing part of its business functions to a third party, reviewing existing third-party contracts for certain key terms is an important part of the outsourcing process. Organization, attention to detail, and diligence are keys to a successful third-party contract review process.

The terms that need to be reviewed will be based on the scope of the outsourcing agreement, e.g., will contracts be assigned, terminated, or made available for the outsourcing provider to use. Once the deal constructs are established, Excel can be a useful tool to guide the review of the third-party contracts, by allowing the reviewer to insert the applicable language from each contract into the appropriate row or column. The Excel chart will become a reference guide for the key provisions and provide an overview and comparison between the third-party contracts.

In this month’s Contract Corner, we are highlighting considerations for drafting an up-to-date privacy policy. In Part 1 of this series, we provided background on the general legal landscape for privacy policies in the United States and general issues that need to be addressed for an up-to-date policy. In this Part 2, we will provide some specific pointers on drafting, updating, and disclosing such policies.

Additional Information to Include

In addition to the list of items that should generally be covered in every privacy policy we provided in Part 1, the following are additional items you may need to set out in your specific privacy policy:

  • Directions for customers to access and update data (e.g., password resets, contact information updates, and mechanisms for unsubscribing)
  • Contact details or other means of reaching persons in your organization that can address user queries or concerns
  • Information regarding notifications when the privacy policy is updated (see below for considerations when reviewing and updating your policy)
  • Mechanisms for users to agree to and accept the terms of the privacy policy, as well as means for users to opt out

Drafting and posting a clear, concise, and accurate privacy policy is one of the most important tasks when creating a company’s website, particularly given today’s legal and regulatory environment. Privacy policy legal requirements are becoming more stringent and shortcomings less tolerated, and consumer sensitivity to privacy concerns are at an all-time high.

Despite these concerns, many companies’ policies are seemingly insufficient. A recent opinion piece published as part of the New York Times’ Privacy Project assessed 150 privacy policies from various companies and found that the vast majority of them were incomprehensible for the average person. At best, these seem to have been “created by lawyers, for lawyers” rather than as a tool for consumers to understand a company’s practices.

In this month’s Contract Corner, we will highlight considerations for drafting an up-to-date privacy policy. Part 1 of this month’s Contract Corner will provide background on the current legal landscape for privacy policies in the United States and general issues that need to be addressed.

Does your website or application collect user data? Does your company sell that user data to other third parties, such as advertisers? Does your company disclose this practice to your users in a privacy policy or terms or use? If you answered yes to these questions, you are most certainly not alone. But is your disclosure sufficient? That is the question a new challenge is poised to answer.

As 2018 comes to a close, we have once again compiled all the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips. If you don’t see a topic you are interested in below, please let us know, and we may feature it in a future Contract Corner.

In Part 1 of this series, we provided an overview of data (or knowledge) commons and some key issues to consider, but how does one actually create and manage a data commons? To find your feet in this budding field, build on the theoretical foundation; address the specific context (including perceived objectives and constraints); deal with the thorny issues (including control and change); establish a core set of principles and rules; and, perhaps most importantly, plan for and enable change.