15/09/2023
Welcome to the Autumn 2023 edition of Higher Education Today, looking at current topics and questions facing higher education.
In each edition we feature content from key members of our Higher Education legal and regulatory team. If you would like further details about these individuals or information about the wider Higher Education team please see our Higher Education brochure.
We are delighted in this edition to feature a data privacy update from the first speakers in our #WednesdayWebinar series running in September / October 2023 as well as a technology update from members of our litigation team.
We hope you find the newsletter interesting and helpful.
Virginia and Ashley
Joint Department Heads for Higher Education
University IT Contracts: what to do when the wheels fall off
The recent case of Topalsson v Rolls-Royce raises issues that are likely to be familiar to those at UK Universities who scope, procure and ultimately manage large IT services contracts including: delayed delivery, missed milestones, where the fault for the delay lie, the difficulties involved in identifying which document amounts to the contractual implementation or project plan, and when and on what ground to terminate.
The consequences of getting things wrong for both the Higher Education Institution (as the customer) and IT supplier side can be very serious. So, what can Universities learn from this case?
Background
In 2019, Topalsson agreed to develop and supply to Rolls-Royce software for a new car configurator. The contract provided that Topalsson would “deliver the Deliverables… on time and in full by any applicable milestone or delivery date” and that “time shall be of the essence”. The contract incorporated a “high level project roadmap” which provided that Topalsson would achieve certain steps by certain quarters (eg. “web configurator” by partway through Q2 2020). In December 2019 (shortly after the contract was signed), the parties agreed a “plan” which set out the dates by which Topalsson would achieve certain steps (the first of those being in March and early April 2020). However, in March 2020, the parties agreed revised dates including new dates for certain “Technical Go Live” milestones.
In mid-April 2020 Rolls-Royce purported to terminate the contract on the basis that Topalsson had failed to meet the milestone dates set out in the plan agreed in December 2019. Topalsson rejected the termination notice and affirmed the contract. Rolls-Royce tried again in late April 2020 and served a second termination notice, this time relying on Topalsson’s failure to achieve the dates set out in the plan agreed in March 2020. In May 2020 Topalsson stopped all work on the project telling Rolls-Royce that Rolls-Royce’s attempt to terminate the contract was unlawful and amounted to a repudiatory breach of the contract which entitled Topalsson to treat the contract as at an end.
Topalsson then sued Rolls-Royce for repudiatory breach of the contract seeking €6 million in damages for lost profits or alternatively €2.5 million for work undertaken but not paid. Rolls-Royce counter-claimed seeking €20 million in damages for loss including wasted staff time and the cost of sourcing replacement software.
The Court’s decision
The Court determined that:
- The high level project roadmap in the contract did not contain any contractual milestones / delivery dates because the plan was labelled “high level” and “anticipated timeline” and did not include specific dates (days and months), and the contract referred to the dates in that plan as estimated dates which needed to be refined.
- Topalsson was under a contractual obligation to comply with the December 2019 plan, which was then superseded by the March 2020 plan.
- The contract was clear that time was of the essence regarding Topalsson’s obligation to deliver the service by the delivery dates. This meant the delivery dates were conditions. A breach of a condition is a repudiatory breach that entitles the other party to terminate the contract under common law.
- While “Technical Go Live” was not defined in the contract, parts of the contract were clear that Technical Go Live meant the solution had been delivered, installed, passed Systems Integration Testing and User Acceptance Testing, and be on the production environment that had gone live.
- Topalsson had failed to achieve Technical Go Live under the March Plan by the dates set out in that plan. Topalsson’s ability to meet the deadlines was not impeded by Rolls-Royce – in other words, the delay was not Rolls Royce’s fault.
- The first Termination Notice was invalid because it relied on the deadlines in the December 2019 Plan, which had been superseded by the March 2020 Plan.
- The second Termination Notice was made after the contract had been affirmed by Topalsson, and referred to the March 2020 Plan and entitled Rolls-Royce to terminate the contract (under the terms of the contract, or under common law for repudiatory breach).
- The Court held that Rolls-Royce was entitled to damages up to the contractual limit of €5 million plus interest for the loss caused by Topalsson’s repudiatory breach of the contract.
The full judgment (which was handed down in July 2023) can be found here.
What can we learn from this?
The judgment contains some valuable learning points for both Universities and suppliers of software / IT contacts in the Higher Education sector, which include:
- If you require the other party to be achieve milestones on time, ensure that the dates are exact – ie. day, month and year.
- If the contract includes a process for agreeing a detailed implementation or project plan, ensure that plan is agreed early on, as there is a risk that a high level or outline plan (if included in the contract) may not have contractual force. Keep the plan under constant review and, if necessary, agree and properly document those changes via the contractual variation or change control process.
- Ensure terms, particularly regarding milestones, such as “go-live”, and “technical go-live” are clearly defined.
- Have full and frank conversation prior to entering into the contract, to ensure, whenever possible, all parties are confident and fully invested in the development method chosen (in this case, Topalsson alleged that Rolls-Royce’s decision to adopt a waterfall (and not an agile) method led to delay).
- Make sure that you rely on the correct grounds when exercising your rights to terminating the contract. If you rely on an incorrect ground, the other party can treat this as a repudiatory breach, terminate the contract, and claim damages from you. Further, it is very important to consider whether to rely on a contractual right and/or a common law right to terminate, as this may impact the measure of damages you can claim.
- Consider whether the contract includes a “time of the essence” clause, and whether that works in your favour.
- Ensure that you are complying with your own obligations in order that you can rebut any attempt by the other party to blame you for any delay.
How we can help
Our specialist team of technology lawyers advise and support clients in the Higher Education sector on the procurement, delivery and management of ICT projects and systems both on the customer and supplier side, helping to avoid the sorts of issues that arose in this case.
If you have a project that is going wrong (or has already gone wrong), we can help with that too – our specialist technology disputes lawyers have substantial experience in disputes relating to IT architecture, hardware supply and maintenance, data centre and hosting agreements, software and licensing arrangements, telephony services, and IT consultancy, including issues around projects delays, missed milestones, missing functionality, and demands for additional charges.
For more information about IT litigation and contractual disputes please contact Wesley O’Brien, Senior Associate and Katie Harris, Solicitor.
ICO statements: next steps for Data Controllers
Since August 2023, the ICO has released three statements relating to concerns raised about the use of technology and the impact on privacy that are important for those working in and with the Higher Education sector to be aware of.
Concerns about smart watches harvesting data, fertility apps and a lack of transparency, and data scraping on social media sites have all prompted the ICO to release statements detailing their position and confirming how they propose to respond to the concerns raised. All three statements, plus a number over the last year, demonstrate how the benefits of using technology must not outweigh the impact on user privacy and data protection rights.
With Artificial Intelligence barely out of the news this year and the uptake of technology from all sectors and, in particular, in Higher Education showing no sign of slowing, all Universities looking at harnessing technology must ensure that data protection considerations are factored in to their decision making process. The UK GDPR requires organisations to consider “privacy by design” and how data will be used in the delivery of tech solutions is a vital consideration if organisations are to reduce risk.
All Universities that are acting as Data Controllers may wish to take the following steps:
- Conducting a Data Protection Impact Assessment can assist in identifying how technology will impact on data subject rights and ways to mitigate any risks.
- Seeking absolute clarity from any third party providers as to how personal data is used by the solution, whether it is shared and where it is held. This conversation should take place at the outset of any discussion to ensure the impact on data subjects can be assessed in full and contracts can be drafted accordingly.
- Transparency with data subjects as to their data will be used and why will be vital in increasing confidence in the use of tech. Being open as well as setting out individual rights will go a long way to demonstrating transparency.
The use of technology in all walks of life will continue to grow at pace, and Universities need to continue to assess the benefits of new tech alongside the impact on privacy.
James Cassidy, Ben Pumphrey and Elizabeth Dunford from our Information Law & Privacy team will be exploring a number of related data protection issues at our #WednesdayWebinar series this Autumn.
Higher Education Webinar series
We'll also be hosting our higher education #WednesdayWebinar series in September/October. Each week we'll be addressing a different key topic for the Higher Education sector in 2023.
Details of our webinars and links to our sign-up pages are below:
- Data protection compliance for higher education in an evolving technology landscape – Wednesday 20 September – 12:00-13:00
- Healthcare professional students and fitness to practice: how should universities deal with conduct concerns? – Wednesday 27 September – 12:00-13:00
- One year to go to the new Procurement Bill – how should higher education institutions prepare? – Wednesday 4 October – 12:00-13:00
Say hello to us
Our Higher Education team is attending and speaking at a number of in-person and online events over the next few months, please follow the links for details. If you are also at these events, please come and say hello to us.
- Education Investor UK Summit 29 September – Rachel Soundy is attending
- Universities Safety and Health Association (USHA) Conference 11 October – Louise Mansfield is attending and presenting an we are sponsoring
- University & Healthcare Estates (UHEI) 15 November – Mark Paget Skelin is attending
- Independent Higher Education Conference 28 November – Rachel Soundy & Virginia Cooper are attending
If you would like to discuss any of these topics in more detail, or to find out how we can help your organisation, please contact our Higher Education team.