As part of our ongoing investment in the business, we are delighted to announce that we are growing and strengthening our team through a merger with a long-established commercial and property practise in Dublin; Peter Morrissey & Company,
O’Connor Solicitors are delighted to be instructed by the Trustees of the Milltown Park Charitable Trust in the sale of this prime site of just over 10 acres in Ranelagh, Dublin 6. Mr Jack Devlin and Patrick Kirwan of GVA Donal O’Buachalla are agents for the sale.
O’Connor Solicitors have been selected as finalists for the Irish Law Awards 2019 in two categories :
Leinster Litigation Law Firm/Lawyer of the Year
Leinster (including Dublin) Employment Law Firm/Team/Lawyer of the Year
The award winners will be announced at a black tie event in the Clayton Hotel, Burlington Road, on the 14th of June 2019
O’Connor Solicitors are delighted to sponsor the Naomh Mearnóg Under 8’s Boys Hurling and Football Teams for the 2019 season. The boys were invited to take part in the Go Games Mini Tournament in Croke Park on the 14th April – a fantastic experience for the lads, mentors and all associated with the teams and it was a real privilege to be there. Thanks to the GAA, Littlewoods, Naomh Mearnóg and all those involved in organising and sponsoring such a super event.
Peter Benson, Ruth O’Connor, John O’Connor and Niall Enright, have authored the chapter on employment law in Thomson Reuter’s Practical Law Global Guide 2019 : “Employment and employee benefits in Ireland : Overview.”
This is a comprehensive article outlining the most up to date developments in Irish employment law which both employers and employees may find of interest. Please click here to review the article in full. If you have any queries in relation to any aspect of this article, please contact :-
It is a principle of the law relating to the payment of rates that properties are rateable unless specifically exempted. Under the Valuation Act 2001 only certain limited exemptions were available to Charities and Charitable Organisations as reflected in several decisions of the Valuation Tribunal. In particular, religious Charitable Organisations could only avail of an exemption where the building or part of a building was used exclusively for the purposes of public religious worship. Although there was an exemption for lands or buildings occupied by a Charitable Organisation using same exclusively for charitable purposes, what constituted a “Charitable Organisation” was defined and interpreted narrowly, advancement of religion not being considered as a basis for exemption unless it involved public worship. The definition of a “Charitable Organisation” was recently amended by the Valuation (Amendment) Act 2015 (the 2015 Act) which now defines a “Charitable Organisation” by reference to Registered Charities under the Charities Act 2009 (the 2009 Act).
Following the introduction of the 2015 Act the Jesuit Missions Trust sought an exemption from Rates on the basis that it was a Charitable Organisation, a position opposed by the Commissioner of Valuations. Upon appeal, the Valuation Appeals Tribunal held in favour of the Jesuit Mission Trust, determining that advancement of religion was covered under the definition of a Charitable Organisation introduced in 2015, reference being required to the 2009 Act. Charities for the advancement of religion and those using land exclusively for charitable purposes (otherwise than for private profit) may now, depending on the facts of their particular case, be able to avail of a broader exemption from rates and, as such, should review their position regarding their activities and the payment of rates.
The Jesuit Mission Trust was represented by O’Connor Solicitors, Mr. Paul Gallagher, S.C., Mr. Jonathan Miller, B.L., and advised by Messrs. GVA Donal O’Buachalla Limited.
Queries to John O’Connor
“Delighted to be part of what was a great contract case. Thanks to the IMO and the Doctors for their instructions and to our whole team including Counsel Michael Cush SC and Barra Faughnan BL, our witnesses, and to Johnson Hana and Reveal Data on the Discovery.”
John O’Connor, Managing Partner
The firm’s managing partner, John O’Connor, expresses his thanks to everyone involved in the breach of contract litigation involving Ireland’s Hospital Consultants, the HSE, Minister for Health, Minister for Finance and the Minister for Public Expenditure and Reform. John has led the team through this lengthy and complex litigation which culminated in the matter being successfully settled on Friday 15th June. Click on the link below to read the Irish Times report on the case.
An article by Peter Benson, John O’Connor, Ruth O’Connor and Antonia Melvin of O’Connor Solicitors
The prohibition on a company offering financial assistance for the acquisition of its own shares represents one of the easiest ways in which a company can inadvertently breach the rules and regulations provided for in the Companies Act 2014. Careful consideration of this rule is required as a company acting in breach of the rule exposes itself to a range of both criminal and civil consequences.
The rule is provided for in section 82 of the Companies Act 2014 and prohibits a company from directly or indirectly giving any financial assistance for the purpose of acquiring any shares in the company. Where a company is a subsidiary company this rule applies equally to parent companies. In practice this rule operates so as to cover almost any form of loan, guarantee or the provision of security.
An example of this rule in operation can be seen in the prosecution of two former Directors of Anglo Irish Bank where the directors approached ten of the bank’s top customers and offered them loans to purchase shares in the bank so as to stabilise the bank’s share price.
The Summary Approval Procedure
A transaction which would otherwise fall foul of the rule can be validated by the Summary Approval Procedure (SAP) which replaces the older validation process sometimes referred to as a ‘whitewash’. The SAP process requires a meeting of the board of directors, resulting in the directors making a declaration as to the nature, circumstances and purpose of the transaction as well as the solvency of the company. This declaration is then attached to a notice for a shareholder meeting at which the transaction is approved of by the passing of a special resolution (75% or more in favor) of the members which is then delivered to the Registrar of Companies.
In addition to the SAP the Companies Act provides for a number of exceptions to the rule. Section 105 allows a company to acquire its own shares by purchasing them out of the distributable profits of the company. This action must be authorised by either the constitution of the company, the rights attaching to the shares in question or by a special resolution of the company. Once the company has acquired it’s own shares it may cancel them or hold them as treasury shares. An important distinction must be drawn between a company acquiring it’s own shares, which is an important aspect of capital maintenance and is regulated by the Companies act, and a company offering financial assistance to another for the acquisition of it’s own shares as prohibited by the rule in section 82.
The Act provides for certain exceptions in the cases of:
- Discharging lawfully incurred debts or refinancing.
- Lending money as part of the ordinary business of the company (not applicable in the prosecution of the Anglo Irish Bank Directors as the primary purpose of the transaction was to stabalise the share price).
- Representations, warranties or indemnities.
- The payment of fees, commissions or expenses.
- Where the primary purpose of the transaction is not the purchase of shares, for example where it is incidental to some larger purpose of the company and is done in good faith.
Criminal and Civil Consequences
Where a company contravenes this rule the company and every officer of the company who acted in contravention will be guilty of a category 2 offence which can result in up to five years imprisonment. For example, the Directors of Anglo Irish Bank were sentenced to 240 hours of community service. This light sentence was justified on the basis that the financial regulator had essentially given the “green light” to the transaction.
A Director who makes a declaration as to the solvency of the company for the purposes of engaging the in SAP process without having reasonable grounds for the making of the declaration exposes himself to personal liability for any and all of the debts of the company under section 210 (1) of the Act in addition to the usual rules for reckless trading.
Where a transaction is entered into by a person who has notice of the fact that they have received the financial assistance for the purpose of acquiring shares in the company the company can seek to void the transaction. This may be of particular relevance if a company goes into liquidation, the liquidator (on behalf of the company) could seek to set aside the transaction so as to maximise the assets of the company.
For further information concerning Company Financing please contact:
Guide to the GDPR – Outline of Stringent New Data Protection Obligations
The EU General Data Protection Regulation (GDPR) comes into force across the EU on 25th May 2018. The Regulation dramatically increases the obligations and responsibilities of businesses and organisations which control or process data. As these new obligations and responsibilities are paired with severe new sanctions, businesses should take the time to ensure their compliance in advance of the Regulation coming into force.
Who is Affected
The Regulation is binding on businesses and organisations that are involved in controlling or processing the personal data of individuals in the EU regardless of the location of the company or the location of the data processing. Although the situation is somewhat complicated by Brexit, the UK government has indicated that it will implement equivalent or alternative regulations that will largely follow the GDPR.
Personal data is defined so broadly as to cover any information that can be used to directly or indirectly identify a person. This can be anything from genetic or economic data to social media posts, computer IP address or cookie identifiers. The definition even includes data that is protected by a pseudonym, where identifying data is held separately, for example, in a hospital where samples are labelled with numbers rather than patient names before being sent for testing. Notable exceptions apply to national security activities and law enforcement.
The Regulation is applicable to data controllers and data processors. A data controller is any person or body which collects data and determines how that data is to be processed, for example an employer, a bank or a medical practice. Data processors are persons or bodies which process the data on behalf of the controller, for example a payroll company, accountant or “cloud” provider. A business or company may be both a data controller (in relation to its own employees’ personal data) and a data processor.
Personal data held in both electronic format and in hard copy is covered by the Regulation.
Increased Administrative Responsibilities
The GDPR builds on obligations under existing data protection legislation and will increase the administrative responsibilities owed by data controllers and processors. Given the scope and size of the Regulation it is not possible to give an exhaustive list, but below are some of the most important requirements:
- Data controllers are obliged to implement “appropriate technical and organisational measures” to both ensure and demonstrate that processing is performed in accordance with the Regulation.
- Records of processing activities and to demonstrating how the data protection principles have been complied with, (for example by demonstrating consent as the basis of legal consent) will need to be kept. This is one of a significant number of new requirements to keep detailed records. Records will also need to be kept of all technical and organisational measures taken to show what has been done by controllers to safeguard the privacy of data subjects at all stages.
- Additional resources will also be required to facilitate the new and expanded rights granted to individuals such as the right to be forgotten, the right to have incorrect data rectified and the right to more extensive information about how an individual’s own personal data is processed.
- Where there has been a personal data breach there is a requirement to report it to the Data Protection Commissioner (“DPC”) not later than 72 hours unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. Ideally, data controllers and processors should have policies in place for dealing with breaches to ensure that they can take efficient and appropriate action where necessary. A lack of such a policy would in all likelihood be viewed unfavourably by the Office of the Data Protection Commissioner in the event that Office was called upon to investigate a breach or in the course of an audit of data protection compliance within the controller/processor organisation at large.
- A Privacy Impact Assessment is required where a business carries out data processing, in particular using new technologies, which is likely to result in a high risk to the data subject’s rights. Examples of those covered by this requirement could include online marketing companies or insurance companies who use automated processing or profiling, or any business extensively using CCTV, such as retailers or licensed premises.
Consent and Terms and Conditions
A business or organisation must have a legal basis for controlling or processing personal data. The Regulation makes important changes in the way in which this legal basis is obtained/determined. Companies that justify data processing by virtue of an individual’s consent will face more demanding requirements. Consent must be “freely given, specific, informed and unambiguous” and must be expressed “by a statement or by a clear affirmative action”. This means that consent cannot be given by pre-ticked boxes, silence or inactivity, nor can it be inferred from certain actions such as visiting a website. It must also be as easy to withdraw consent as it is to give it.
When processing data (by consent or for any other legitimate reason) an individual must be provided with certain information such as:
- how long the data will be kept;
- who will be receiving the data;
- the purpose of the data processing;
- the right to withdraw consent; and
- the right to lodge a complaint with the Data Protection Commissioner.
Importantly, this must be provided in “a concise, transparent, intelligible and easily accessible form, using clear and plain language”. This aims to bring an end to long incomprehensible terms and conditions full of legalese.
Businesses that process or control data with the consent of the data subject should review the way in which this consent is obtained and also review the standard and form of the information they provide to data subjects.
New Obligations for Data Processors
Under the current system, data processors’ obligations are based on their contract with the data controller and the controller is the party responsible for any data breaches. For example, if a bank stores customers data with a cloud service provider and there is a data breach for which the cloud service provider is responsible, it is the bank that bears legal responsibility. Under the new Regulation controllers and processors are jointly and severally liable for data breaches.
The GDPR places increased responsibilities on data processors by imposing direct obligations such as prohibiting sub-contracting without the consent of the controller, prohibiting the processing of data other than in accordance with the instructions of the controller and requiring that processors assist the controller in ensuring compliance with the Regulation. Additionally, the new Regulation introduces mandatory terms that must be included in the contract between the data controller and data processor such as an obligation on the processor to delete or return data at the request of the controller once the service is complete.
In addition to agreeing all future contracts in accordance with the Regulation, businesses and organisations should assess existing agreements, and if necessary revise them, to ensure compliance.
Data Processing Officer
One of the more onerous and expensive requirements of the new Regulation is the requirement to appoint a Data Protection Officer (“DPO”). The appointment of a DPO is mandatory for (a) public authorities, (b) companies and organisations in the private sector that engage in large scale regular and systematic monitoring of data subjects, or (c) organisations that engage in large scale regular and processing of sensitive personal data. If a company is unsure whether it falls into any of the above categories it can consult the “Guidelines on Data Protection Officers” produced by the European Commission which provide a more detailed analysis of the requirement to appoint a DPO.
A DPO can be hired as a staff member or can be an external service provider and a single DPO can be appointed for several organisations. The Regulation requires that a DPO must have expert knowledge of data protection law. They must also have a good understanding of IT processes and cyber security. The Office of the Data Protection Commissioner (“DPC”) has also published “Guidelines on appropriate qualifications for a DPO”.
It is also important to note that although a DPO may be an employee they are required to operate with a certain degree of independence and autonomy in ensuring compliance with the Regulation. The Regulation specifically prevents a DPO from undertaking tasks which constitute a conflict of interest.
As a Regulation, the GDPR is directly effective and does not require transposition into Irish law and as such will be enforceable from 25th May 2018. It increases the investigatory powers of the DPC and also provides for administrative fines of up to €20,000,000 or 4% of annual global turnover, whichever is greater. Fines of up to €10,000,000 or 2% of global turnover can be imposed for administrative oversights such as failing to appoint a DPO or failing to notify the DPC of a personal data breach. Fines will be issued not by a court but by the DPC directly.
The Regulation also introduces the idea of a ‘one stop shop’ which means that multinational companies engaged in data processing and controlling will be regulated by the supervisory authority (in Ireland the DPC) where the company has its main establishment, thus removing the need to engage with multiple national supervisory authorities.
The GDPR also has the effect of making it easier to bring cases for compensation against data controllers and processors in national courts as it allows compensation to be awarded in cases where there has been no material damage suffered, for example compensation can be awarded for distress or damage to reputation.
It is anticipated that these changes will lead to an increase in litigation in this area. Firstly, by increasing the number of claims for compensation against data controllers and processors and secondly through the DPC exercising her new and expanded powers potentially leading to an increase in the number of appeals and judicial reviews.
For further information concerning the GDPR contact:-
8 Clare Street