We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.

Data breaches key concern in commercial contracts
Pic: Unsplash

25 May 2023 / general counsel Print

Data breaches a concern in commercial contracts

A survey of in-house lawyers has found that liability for data breaches remains a key concern in commercial contracts.

The survey of 150 lawyers, from the public and private sectors, was carried out by business-law firm Mason Hayes & Curran (MHC).

It focused on common contractual issues when negotiating commercial transactions.

According to the firm, the results showed a mismatch between supplier and customer expectations regarding data breaches.

Uncapped liability

Almost 70% of customers said that they asked for uncapped liability for data-protection-law breaches in all or most circumstances when negotiating a contract with a supplier.

Two-thirds of suppliers, however, said that they would not be prepared to take on uncapped liability, although just over a quarter said that they might concede a higher cap. Just over one-third of suppliers said that they would always or sometimes concede.

MHC partner Mark Fry commented: “A cap on liability is a contractual clause that limits the amount that a party is liable for, in the event of a breach of contract or other problem arising.”

He said the results highlighted that negotiations on the extent of a supplier’s liability for breaches of data-protection law could still be contentious, even five years after the introduction of the General Data Protection Regulation (GDPR).

“What we are seeing in the market is a trend towards a higher cap, rather than uncapped liability, for GDPR liabilities,” Fry stated.

AI concerns

The survey also showed that suppliers and customers had different concerns on contracting to use artificial intelligence (AI).

For suppliers, infringement of intellectual-property rights was the top concern, whereas customers were most concerned about regulatory compliance, followed closely by privacy issues.

When asked if their standard contracts committed their organisation to ESG (environmental, social and governance) compliance obligations, there was again a mismatch between supplier and customer responses, with 56% of customers saying yes, and 61% of suppliers saying no.

Binding ESG obligations

For suppliers, the ESG area of biggest concern was health and safety, followed by ethics.

For customers, climate change took top billing, with ethics also in second place.

Wendy Hederman (MHC commercial partner) said: “We are seeing a sharper focus on ESG in supply chains, with the market moving from a softer approach to one where there are binding contractual obligations on ESG, and contractual consequences for breach.”

She added that the introduction of the new Corporate Sustainability Reporting Directive would require companies to report on the environmental impact across the company's supply chain, meaning an increase in the monitoring of sustainability data for businesses and their suppliers.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland