This month in summary:
- The Data Trap: Are you stuck between breaching your licence or breaching data protection law?
- MUP is coming to Scotland whilst Wales watches from the wings. Is England slightly further behind the curtain?
Royal Wedding alcohol licensing extension (on trade only) announced
Following the end of consultation, the Government has announced its intention to extend licensing hours for on-sales of alcohol in England and Wales from 11am to 1am on the nights of Friday 18 and Saturday 19 May 2018.
The extension will apply to any premises already licensed to sell alcohol on the premises. The extension will not apply to provision of regulated entertainment and therefore any premises wishing to provide music other than background music or wishing to provide any other form of regulated entertainment outside of their normal hours (or after 11pm if relying on the live music or recorded music exemptions to provide such entertainment up until 11pm) will need to apply for a TEN. The last date for submission of a TEN to begin at 11pm on Friday 18 May will be Wednesday 2 May, with the last date for a late TEN being Thursday 10 May.
The Order permitting the extension will be made by the Secretary of State prior to the first date.
Full details can be found here.
Radical re-think of Zero-Tolerance Drug Policy proposed
The All Parliamentary Group for Drug Policy Reform, along with Durham University, The Loop and Volteface have jointly released a report suggesting a radical re-think in how best to safeguard people from the harmful effects of illegal substances on nights out.
Rather than a hardening of the 'zero tolerance' approach, which they suggest is the prevailing attitude of club and bar operators following high-profile venue closures where incidents relating to drugs have been reported, they want premises to focus on harm reduction. They have suggested that late night premises should follow a '3 P's' principle that has been used in relation to UK festivals.
The change seeks to refocus efforts around 'prevent', 'pursue', 'protect'; specifically introducing measures such as drug safety testing, independent drug information services and awareness training for staff. This, they say, will better serve the community as a whole including police and ambulance services, than the current system where premises would risk being closed for taking sensible measures to prevent persons intent on taking drugs from harming themselves and others.
Jeff Smith MP, Co-chair of the All Party Parliamentary Group for Drug Policy Reform said: “Keeping people safe requires more than zero-tolerance rhetoric around drugs and out-dated licensing laws. This report offers credible and tested solutions to help protect people attending events. I hope that venues, local authorities, and the Government will work together to make these recommendations a reality.”
The report can be found here.
The Data Trap: Are you stuck between breaching your licence or breaching data protection law?
With the General Data Protection Regulation ('GDPR') coming into force on 25 May, now is the time to check whether the conditions on your premises licence comply with the new rules on data protection.
Whilst GDPR recognises that conditions on a premises licence are a legal requirement, and therefore the capture and storage of data can be justified on this ground, there is still plenty of scope for the wording of those conditions to require a licence holder or data controller to act illegally when it comes to handling data belonging to customers, staff and others.
Under GDPR, individuals have rights in relation to any personal data of theirs that you hold. In addition, the person or company responsible for capturing the data has a duty to those individuals in relation to holding and using their personal data. This can cause conflict where the condition requires actions to be taken that would breach the rights of the individuals.
The examples below are not legal advice in relation to whether specific licence conditions breach or are potentially in breach of GDPR. They are simply intended to highlight the potential difficulties in reconciling GDPR with you licence obligations.
Premises licences more often than not contain CCTV conditions. The wording of these conditions is often the standard wording insisted upon by police licensing officers to give them as much right to view and download CCTV as possible.
CCTV footage captures personal data and therefore the duties to the individuals caught on camera, be they customers, staff or passers-by, apply.
The problems usually arise in relation to whom CCTV can be provided, what should be provided and the obligations of the person handing over the CCTV footage. Many licensing conditions stipulate that licensees should provide CCTV images to the police “on request”; however, the disclosure should be necessary for investigating or preventing a crime or apprehending or prosecuting an offender. As such the police must be able to justify their requests for CCTV images to be disclosed to them before they are handed over. Worse, conditions can require CCTV footage to be provided to officers other than police officers on request. Handing over CCTV top comply with such a condition is almost certainly a breach of GDPR.
Conditions relating to body-worn cameras often appear within premises licence CCTV conditions, especially for clubs, and often subject to the same conditions in relation to storage and handing over to various parties as regular CCTV. Body worn cameras can capture an awful lot of data not relevant to a crime or investigation, so there are more chances for capturing incidental personal data. If the images are uploaded to the premises CCTV, then it will be the responsibility of the premises to safeguard that information. Extra care therefore is required to ensure that personal data for unrelated bystanders is not disclosed accidentally or without justification. As such, handing over body cam footage immediately on request, without considering what is being handed over and for what purpose- including blurring images of incidental bystanders- is likely to be a breach.
In all cases where CCTV is to be handed over, then the data controller must ensure they know to whom the footage is going, where it will be held and agree a requirement for returning or destroying the footage once it has been used for the identified purpose.
Clubscan/ ID Scan systems
The central philosophy behind GDPR is that a data processor must have a lawful basis for processing data. To comply, processing must be ‘necessary’. If you can reasonably achieve the same purpose without the processing, you won’t have a lawful basis for doing so.
One lawful basis for processing personal data is a legal obligation created by condition. You should be able to identify the specific legal provision or an appropriate source of advice or guidance that clearly sets out your obligation to rely on this lawful basis for processing. As such, going further than the condition requires in terms of storage or use of data would require a separate and independent justification.
If 'legal obligation' is your lawful basis you should document it. Your privacy notice should include your lawful basis for processing as well as the purposes of the processing.
Taking personal data via club/ ID scan needs to be explained to customers at the time the information is taken, whether by notice or in person. This explanation must include the right of the individual to see what information is being held and what will be done with their data in future.
However, you must not process information in a way that goes further than is necessary. As such, requirements in conditions to hand over personal information 'on request' without it being made by a police officer in the investigation of an offence would probably breach GDPR, although not doing so would breach the condition of your premises licence.
Other possible conditions
There are a number of other conditions that might appear on a licence that may have data protection implications. For instance:
- Training records for staff where it includes personal information;
- Refusal or incident logs that specifically identify individuals;
- Private function bookings where full details of the person booking are taken;
- Personal number of a manager being displayed for neighbours to call and complain;
- SIA door supervisor registers with the details of each doorman.
In each case, whether there is a potential breach of GDPR would depend on what was done with the data and in particular if the person who provides the personal information has consented to it being used as required by that condition.
Display of Summary licence
Some premises licence summaries still show more personal detail than simply the name of the DPS. It is a legal requirement to display this document in public, but there is a potential breach if other personal details are included, especially address or date of birth. In this case, you would be better redacting this information and keeping an un-redacted copy of the summary with the licence to show officers if asked.
What can I do if I suspect I am being required to do something that breaches GDPR by a condition?
Ideally, get the conditions amended to resolve any conflict. The reality is that the law in relation to data protection is changing dramatically and therefore conditions should change to reflect this.
If in doubt, you might want to consider a 'catch-all' condition stating that where any request made or action required by condition is considered by the data controller of the premises to breach data protection legislation, then the data protection legislation supersedes the condition. It might be that the authority would want to see a written explanation as to why the request/condition cannot be complied with, but in providing that, you will be undertaking your general duty of care in handling personal data of customers and others on your premises.
Breaches of data protection carry potentially huge financial penalties. Fines of up to 20 million Euros or 4% of a company's global turnover can be levied for the most serious breaches.
Breaches of conditions upon conviction can carry unlimited fines and up to 6 months in prison. However, there would need to be a public interest in prosecuting. Non-compliance with those parts of a condition obviously in breach of data protection legislation, especially where the rest of the condition is complied with, is unlikely to be in the public interest.
MUP is coming to Scotland whilst Wales watches from the wings. Is England slightly further behind the curtain?
Minimum unit pricing in Scotland, the scheme introduced after a five year delay whilst the Courts adjudicated on its legality, is set to come into force from 1 May 2018.
The proposal will make it illegal to sell alcohol at a price of less than 50p per unit of alcohol. The change will mostly affect off-licences and in particular the sale of super- strength beers and ciders, often associated with street and problem drinking. However, there will be other products that see a dramatic price rise and retailers are looking closely at what product lines will no longer be profitable once the change comes into force.
Wales, meanwhile, introduced the Public Health (Minimum Price for Alcohol) (Wales) Bill to the Welsh National Assembly on 23 October last year. The Assembly moved forward with the proposal in March 2018, where it passed its first significant legislative hurdle on the journey to becoming law. The proposal is similar to the Scottish scheme in that it would seek to allow the Assembly to set a minimum unit price for all alcohol sold.
It is likely that any Welsh attempt to introduce minimum unit pricing would face legal challenges and may therefore be delayed, but what is clear is that there is the intent to press ahead and look to raise alcohol prices in the Principality in line with Scotland.
The Home Office, ostensibly speaking on behalf of England and Wales, given that sales of alcohol for both are regulated under one piece of legislation (the Licensing Act 2003), have been slightly less committed in their response. The House of Lords select committee report on licensing suggested that if MUP works in Scotland, it should be introduced in England and Wales. However the Government response was a somewhat diluted 'wait and see' what happens in Scotland before any decision is made. Whether the Welsh Assembly can force the issue by introducing their own legislation, we will need to wait and see; but in the meantime, all eyes will be on Scotland and whether the measure has any effect on curbing problem drinking.
Top licensing tip: Don't forget S.57
S.57 Licensing Act requires that the premises licence holder nominates someone in writing to have custody of/ control of the premises licence (or the certified copy) held at the premises. This notice must be in writing and must be prominently displayed. Although this provision is often overlooked, it is a criminal offence not to comply.
Gambling Commission publishes review of gaming machines and social responsibility measures
The long-awaited report from the Gambling Commission on gaming machines and social responsibility has been released. The advice to Government is that action is needed to reduce the potential harm to consumers.
Significantly the GC has concluded that there is not enough information available for all parties to fully understand what measures would support safer gambling. Measures based around tracking play have been proposed, alongside more immediate measures for curbing problem gambling related to machines. The GC consider that this will assist:
- consumers to understand and manage their own gambling
- gambling operators to identify when players are at risk of harm, so that they can intervene at an early stage to help
- policymakers to get a better understanding of risks to consumers and to understand how effective any policy changes are at making gambling safer.
Other recommendations from the report include:
- FOBT (B2) slots stakes should be limited to £2
- The stake limit for FOBT (B2) non-slot games (which includes roulette) should be set at or below £30 if it is to have a significant effect on the potential for players to lose large amounts of money in a short space of time
- Banning the facility for machines to allow different categories of games to be played in a single session
- There is a strong case to make tracked play mandatory across machines categories (B1, B2 and B3)
- Extending to category B1 and B3 machines the kinds of protections, such as player limits, that are in place on FOBT (B2 machines)
- Working with the industry and others on steps to make limit-setting more effective – this could include ending sessions when consumers reach time and money limits.
Whilst these are only recommendations and it is for the Government to determine what action to take, it is likely that the Government will look closely at which of these measures it can implement quickly. In particular, given the press surrounding FOBT and the current £100 staking limits, it is distinctly possible that this limit will be greatly reduced in the near future.
The full report can be found here.
Out and about
A little snow in March has not prevented us getting out and about representing clients at various hearings, providing training and attending various meetings. There have been trips to Leyland, Liverpool, Manchester, Saffron Walden, Cardiff, Huddersfield and various London boroughs to keep us warm. We have also seen an upsurge in applications relating to temporary or fixed bars in pub gardens, as well as pavement licence enquiries; so spring is clearly uppermost in the minds of operators. For many, it cannot come too soon.