Welcome to the Dillon Eustace corporate bulletin. We have set out some of the recent legal developments which we feel may be of interest to you and/or your business.
In this edition we examine the legal uncertainty for all companies currently relying on the Safe Harbour arrangements as a legitimate means of transferring personal data to the U.S. In light of the European Court of Justice Data Protection Ruling giving rise to that uncertainty, the European Commission issued a guidance note which is discussed below. We discuss further data protection topics such as the Agreement reached on new Data Protection Regulation. We also look back on the Increase in Mergers and Acquisition Deals in 2015 and the role played by the Competition and Consumer Protection Commission.
We discuss recent developments to the ECB's Monetary Policy, namely the ECB's decision to cut key interest rates to below zero.
We also provide an update on the European Supervisory Authority's guidelines on the Fourth Money Laundering Directive ("MLD4") risk based supervision and risk factors.
In highlighting new legislation, we look at the implications of the new Companies Act 2014 giving a breakdown with respect to the conversion of an existing private company. Finally, we discuss The Work Place Relations Act 2015 and certain aspects thereof for example the offences it creates as well as the role of the Workplace Relations Commission.
European Court of Justice Data Protection Ruling Data Protection
(i) Safe Harbour principles declared invalid by the European Court of Justice
As mentioned in our previous bulletin, on Tuesday 6 October, 2015 the Court of Justice of the European Union ("ECJ") ruled, in the case of Schrems v Data Protection Commissioner, that the 'Safe Harbour' arrangements between the United States and the European Commission are invalid.
Arrangements, agreed between the United States and the European Commission, allowed companies based in the U.S. to store personal data about European citizens on U.S. based computer servers without breaching EU data protection law (which in Ireland have been implemented by the Data Protection Acts 1988 and 2003). This has allowed Irish subsidiaries of U.S. companies, or even Irish companies which use service providers based in the U.S. to transfer personal data to the U.S. without breaching data protection laws.
This case is the culmination of an action brought against Facebook in the Irish High Court by an Austrian student, Max Schrems. Mr Schrems argued that personal data processed by Facebook is unprotected because it is transferred to the United States, where it is not treated in accordance with EU data protection laws. The ECJ found that the European Commission had neither the legal means to police the Safe Harbour agreement nor the power to prevent U.S. intelligence from collating EU citizens' data. Rather than wait for a successor agreement, the ECJ dismissed the existing arrangement as a breach of EU data protection rules and the fundamental rights of EU citizens. The ECJ also found that the Data Protection Commissioner was not precluded from investigating the original complaint.
Until a new transatlantic agreement is put in place, the outcome of this ruling creates legal uncertainty for all companies currently relying on the Safe Harbour arrangements as a legitimate means of transferring personal data to the U.S.
In light of the ruling, the European Commission issued a guidance note (the "Guidance"). According to the Guidance the Commission's top priorities are:
- To ensure a high level of protection of personal data when transferred outside of the E.U.;
- The continuation of transatlantic data flows with adequate safeguards; and
- A coordinated response with national Data Protection Authorities to ensure the uniform application of EU law in the internal market and clear guidance for European businesses.
The Guidance can be assessed at the following link:
Dillon Eustace has published an article on this topic which can be assessed at the following link:
(ii) European Commission welcomes EU-wide legislation on cybersecurity
On 8 December 2015, the European Commission issued a press release (the "Release") welcoming the first EU-wide legislation on cybersecurity. According to the Release, information systems are affected by an increasing number of security incidents and therefore it is a priority for the Commission to help prevent these incidents.
The proposed legislation aims to ensure a high common level of cybersecurity in the EU by:
- Improving Member States' national cybersecurity capabilities through setting out strong policies to maintain a level of network and information security;
- Improving cooperation between Member States, and between public and private sector bodies against risks and incidents affecting network and information systems;
- Requiring companies in critical sectors, such as energy, transport and banking to adopt risk management practices.
Commenting on the proposed legislation, the European Commission Vice President for the digital single market, Andrus Ansip stated:
"Trust and security are the very foundations of a Digital Single Market. If we want people and businesses to use and make the most of connected digital services, they need to trust them to be secure in the case of attack or failure. The internet knows no border – a problem in one country can have a knock-on effect in the rest of Europe. This is why we need EUwide cybersecurity solutions. Last night's agreement is an important step in this direction, but we cannot stop here: we plan an ambitious partnership with the industry in the coming months to develop more secure products and services."
The Release is available at the following link:
(iii) Agreement reached on new Data Protection Regulation
On 15 December 2015, trialogue negotiations between the EU Commission, the European Parliament and the EU Council concluded with agreement being reached on the new General Data Protection Regulation (the "GDPR"). Agreement was also reached on a new data protection directive for the police and criminal justice sector (the "Directive").
The draft agreements were passed by the Committee on Civil Liberties, Justice and Home Affairs on Thursday 17 December 2015. The final texts of the GDPR and the Directive are expected to be agreed in early 2016 and should become applicable in Member States in 2018.
More information can be found at the following link:
Increase in Mergers and Acquisition Deals in 2015
(i) Competition and Consumer Protection Commission
There has been a substantial increase in mergers and acquisitions deals notified to Ireland's competition agency in 2015. A total of 78 mergers and acquisitions were notified. The rate of deals being notified has grown exponentially with 41 deals notified in 2014 compared to 27 deals notified back in 2009. In Ireland, mergers, acquisitions and some joint ventures must be filed with the Competition and Consumer Protection Commission ("CCPC") if:
- the combined turnover of the businesses involved is more than €50m and two or more of the businesses involved each has a turnover in Ireland of more than €3m;
- or the deal is in the media sector irrespective of the turnover of the parties.
The CCPC was created in 2014 to take over from the Competition Authority and the National Consumer Agency which were established in 1991 and 2007 respectively. The Competition Authority reviews deals to see whether they would "substantially lessen competition" in Ireland. This exemplifies good practice in accordance with EU competition laws.
Legislation enacted in 2014 saw media deals having a longer and more complex review process by the CCPC. Media transactions so far have been at the simpler end of the scale in competition law terms. It is not yet clear whether the new regime is working. The deals which have been notified to date have not tested the system very much.
It is noteworthy that the CCPC did not block or prohibit any deal in 2015. However, this is not unusual. For example, the European Commission has had over 337 deals notified in 2015 and 304 in 2014 but did not block a deal in either year.
The CCPC's review of deals took longer in 2015 than was historically the case by the Competition Authority. This may be that deals are more complex or that the new legislation simply gives the CCPC more time to review deals than the old Competition Authority.
European Central Bank's Monetary Policy
(i) The ECB decides to cut key interest rates to below zero
On 3 December, 2015, ECB President Mario Draghi and the governing council decided that the key deposit rate, which was already in negative territory, would be lowered further to -0.30%. This controversial decision has coincided with the ECB's efforts to supplement its unconventional Quantitative Easing Programme.
The ECB's target rate for inflation is 2% however inflation was recorded to be only 0.1% in November 2015. This new strategy to meet the target rate could backfire and adversely distort the financial markets. However, due to other options being exhausted, this ought to be viewed as an innovative attempt to reinvigorate an economy.
In theory, reducing interest rates below zero should reduce borrowing costs for corporations in Ireland, driving demand for loans. In practice, there's a risk that the policy might do more harm than good. For the time being, as long as retail banks internalise the costs assosciated with negative interest rates and do not pass those on to their customers, negative interest rates should have a positive for corporations in Ireland.
Anti-Money Laundering ("AML")/Counter-Terrorist Financing ("CTF")
(i) Joint Committee of European Supervisory Authorities ("ESAs") consults on the Fourth Money Laundering Directive ("MLD4") risk based supervision and risk factors Guidelines
On 21 October 2015, the Joint Committee of the ESAs published two consultation papers on guidelines required under MLD4. As previously reported in our last update Member States are obliged to transpose MLD4 into national law by 26 June 2017.
The consultation paper (JC 2015 060) on the risk-based supervision guidelines focuses on the characteristics of a risk-based approach to anti-money laundering ("AML") and counter financing of terrorism ("CFT") supervision, and the steps supervisors should take when conducting supervision on a risk-sensitive basis. The aim is to create both a common understanding of risk-based supervision and to establish consistent and effective supervisory practices across the EU, complaint with the Financial Action Task Force's ("FATFs") standards.
The consultation paper on the guidelines (JC 2015 061) covers simplified and enhanced customer due diligence and the factors which companies should consider when assessing the AML/CFT risk associated with individual business relationships and occasional transactions. The aim is to promote the development of a common understanding by firms and competent authorities across the EU of what the risk-based approach to AML/CFT entails and how it should be applied. The proposed guidelines which are contained in the consultation paper are divided into two parts; Title II is generic and applies to all firms whereas Title III is sector specific and complements the generic guidance in Title II. Title III sets out risk factors that are of particular importance in certain sectors and provides guidance on the risk-sensitive application of Customer Due Diligence measures by firms in those sectors.
The Central Bank as a member of ESA's AML Committee has inputted into the drafting of both consultation papers. Comments on the consultation papers should be received by 22 January 2016. It is intended that the guidelines will be finalised in early 2016 and that they will be updated as necessary on an on-going basis. It is hoped that once finalized the guidelines will help firms identify, assess and manage the money-laundering and terrorist financing risk associated with individual business relationships and occasional transactions in a risk-based, proportionate and effective way.
The consultation papers are available at the following links:
Companies Act 2014
(i) Conversion of an existing private company
The Companies Act 2014 (the "Act") became law on 1 June 2015 with a transition period of 15 months for certain elements. The Act represents a significant reform of Ireland's company law regime by consolidating, reforming and amending existing company law legislation. The Act impacts every Irish company together with all directors and shareholders. As the transition period for converting to a new form of company under the Act expires this year, we would like to take this opportunity to remind you of remind your obligations in this regard.
All existing private companies will need to make a decision whether to convert to:
- A company limited by shares ("LTD"); or
- A designated activity company ("DAC"); or
- Another type of company (public limited company, Societas Europaea).
It is likely that most companies will choose to be either a LTD or a DAC therefore we have set out the key features of both these company forms below.
The key features of an LTD are:
- An Ltd can have between 1 and 149 shareholders;
- The liability of shareholders in an LTD is limited;
- An LTD may have just 1 Director;
- An Ltd must have a Company Secretary. If there is only one Director, the sole Director cannot also act as Company Secretary;
- An Ltd must have a one-document constitution (to replace the current memorandum and articles of association);
- An LTD cannot have an objects clause (which is a clause which limits the objects and business of the company to those listed in the clause). This means an LTD has full unlimited capacity to carry on and undertake any business or activity, to do any act or enter into any transaction;
- The board (including a sole director) of an LTD will automatically be deemed to have authority to bind the company;
- An LTD cannot list any securities (including debt). If your company needs to list securities, then the DAC option should be chosen; and
- An LTD may dispense with holding an Annual General Meeting even where it has more than one member.
The Act sets out a clear framework for the conversion process to an LTD, however the most efficient way in which to do this is for the shareholders of the company to pass a special resolution to adopt a new constitution replacing the existing memorandum and articles of association.
However, it should be noted that a DAC is the closest of the new company types to an existing private company.
Some of the key feature of a DAC are:
- A DAC will be suitable where the company is, or needs to be, limited to carrying on a specific activity;
- A DAC will also be suitable for those who want to list debt securities on a stock exchange or publish an offering document;
- Existing credit institutions and insurance companies are also obliged under the Act to convert to a DAC;
- A DAC will have a two-document constitution;
- A DAC will have an objects clause, so the company's corporate capacity will be restricted;
- A DACs name must end with "designated activity company" or the Irish equivalent; A DAC must have at least two directors; and
- Single-member DACs may dispense with holding an Annual General Meeting, multimember DACs may not.
The Act also sets out a clear framework for the conversion process to a DAC. The most efficient way in which to do this is for the shareholders to pass an ordinary resolution adopting a new constitution to replace the existing memorandum and articles of association and changing the company name within 15 months of the commencement date of 1 June 2015 (i.e. before 31 August 2016).
The Act provides for an 18 month transition period, commencing on 1 June 2015, for companies to convert to an LTD. Until a company converts to an LTD, it will be treated as a DAC during the 18 month transition period.
It should be noted that, in circumstances where the shareholders fail to take the necessary action to convert the company, the directors are obliged to convert the company to an LTD before the end of the transition period. At the end of that transition period, where an existing private company fails to elect to convert to some other type of company, that company will be deemed to have become an LTD. However, the LTD legal form may not be appropriate for the company in question and certain companies may be obliged to register as a DAC based on their regulatory status (for example insurance companies).
The Act makes provision for relief where a company does not re-register as a DAC before the end of the 18 month transition period. Essentially, one or more of a company's shareholders holding not less than 15% of its issued share capital, or one or more creditors meeting certain qualification criteria, may apply to the Irish courts for an order directing the company to re-register as a DAC.
Work Place Relations Act 2015
(i) The Work Place Relations Act 2015
The Workplace Relations Act, 2015 ("the Act") came into operation on 1 October 2015 and applies to employment legislation and equal treatment legislation and provides for the resolution, mediation and adjudication of employment disputes and complaints. The Act will remove the existing dispute resolution infrastructure of the Employment Appeals Tribunal and the Equality Tribunal and replace them with a new Workplace Relations Commission ("the Commission"). The Labour Court will hear any appeals from the Commission.
The Act creates a number of offences and provides that where an employee is employed by a corporate entity, a prosecution may be brought against a director, manager, secretary or other officer where the offence is committed with their consent or connivance. As to sanctions, in addition to any fine, a convicted person will have to pay the Commission's costs and expenses unless there are special and substantial reasons.
Under the Act, the Commission is given a wide role in promoting good workplace relations, providing guidance, doing research, and providing advice and information. The Chief Executive of the Commission will be called the "Director General" ("DG") and will hold office for an initial term of 5 years (with a maximum of up to 10 years) and will report to the Minister for Jobs, Enterprise and Innovation ("the Minister"). The Commission may furnish draft Codes of Practice to the Minister (except in respect of the Employment Equality Act 1998) and, once approved, a Code of Practice will be admissible in any proceedings.
Further information is provided in an article on this topic published by Dillon Eustace, which is available at the following link:
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.