14 minute read
Supreme Court clarifies calculation of limitation periods in midnight deadline cases
the supreme court in matthew v. sedman [2021] 2 WLr 1232 has provided much needed clarification on the calculation of limitation periods in cases where the cause of action accrues at midnight. the decision provides a salutary warning to claimants on the importance of seeking legal advice and issuing proceedings well before a limitation period expires.
Advertisement
The Facts
the Appellants were the trustees and beneficiaries of a trust established under the 1948 will of mrs evelyn Hammond, who died in 1952 (the “Trust”). the Appellants were appointed on 1 August 2014, replacing the respondents who were the former trustees.
the trust held shares in cattles plc (“Cattles”), a company listed on the London stock exchange. In 1994, cattles acquired Welcome Financial services Ltd (“Welcome”). In 2007, cattles published an annual report, information from which was included in a rights issue prospectus released to potential investors in April 2008. the Financial services Authority subsequently found that information in the annual report and the prospectus had been misleading. trading in cattle’s shares was suspended. In December 2010, cattle and Welcome each issued proceedings for court-sanctioned schemes of arrangement. both schemes were approved by the court on 28 February 2011. the terms of each scheme included provision for claims to be submitted by shareholders. the rules for the Welcome scheme provided that:
“in order to be entitled to any scheme
Payment, scheme creditors must, on or prior to [thursday 2 June 2021], submit a claim Form.”
Unfortunately, the respondent former trustees failed to submit a claim for the Welcome scheme in time. It seems that they made a late claim after 2 June 2011 which was refused by the scheme’s administrators. the respondents then retired as trustees on 1 August 2014. On monday 5 June 2017, the claimants issued proceedings against the former trustees for breach of trust and negligence for their failure to make a claim in time under the Welcome scheme (the “Claim”).
In response, the former trustees applied for summary judgment on the claim on the basis that it had been issued out of time and was statute barred under the six-year time limit in sections 2, 5 and 21(3) of the Limitation Act 1980, which apply respectively to actions founded in tort, actions founded in contract, and actions by a beneficiary in respect of any breach of trust. the key wording in each of those sections is identical, namely:
The issue for the Supreme Court
Lord stephens, who gave the lead judgment of the supreme court, summarised the question which arose on the appeal as follows: does Friday 3 June 2011, the day which commences at or immediately after the midnight hour, count towards the calculation of the six-year limitation period? If Friday 3 June 2011 was included for the purposes of calculating limitation, then the limitation period expired 6 years later at the end of Friday 2 June 2017 – on that basis the claim (issued on monday 5 June 2017) would have been statute-barred.
If, however, Friday 3 June 2011 was excluded from the calculation, then the limitation period expired at the end of saturday 3 June 2017. since the court office is closed over the weekend, then (applying the court of Appeal’s decision in Pritam Kaur v. s. russell & sons Ltd [1973] Qb 336) the time for issuing proceedings is extended until the next day when the court office is open, namely monday 5 June 2017, in which case the claim would not be statutebarred. A similar provision appears in a procedural context in cPr rule 2.8(5). Determination of this short but important point was confused by conflicting decisions at both High court and court of Appeal level stretching back to the 18th century. Accordingly, the supreme court decided it was time to settle the matter.
Judgments at first instance and in the court of Appeal At first instance, Judge Hodge Qc (sitting as a judge of the High court) agreed with the former trustees and granted their application for summary judgment, holding that the claim was time-barred. the Judge found that the claimants’ cause of action arose at the first moment of Friday 3 June 2011, noting that “at any moment during that day the [appellants] can bring a claim” and therefore the Judge included this day for the purposes of calculating the limitation period. the Judge relied in particular on the decision of channell J in Gelmini v. moriggia [1913] 2 Kb 549 (discussed below). However, recognising that there were conflicting authorities on the point, the Judge granted the claimants permission to appeal on this issue. the court of Appeal (Irwin and Underhill LJJ) (matthew v. sedman [2020] ch 85) dismissed the claimants’ appeal, however their Lordships’ reasons differed both as between each other and from the first instance Judge. Irwin LJ held that in a “midnight deadline” case such as this, the cause of action had accrued by midnight. Accordingly Irwin LJ did not consider the cause of action arose on 3 June 2011. Underhill LJ’s reasoning was
Supreme Court decision
After reviewing four principal authorities relied upon by the claimants, Lord stephens accepted that there was a general rule that when calculating a limitation period, any part of a day happening after the cause of action accrues is excluded from the calculation of the limitation period. However, Lord stephens noted that none of the claimants’ authorities were ‘midnight deadline’ cases. Instead, the only midnight deadline case before their Lordships was Gelmini v. moriggia. Although acknowledging that there were some potentially confusing passages in that judgment, the clear principle which arose from Gelmini was that:
“a person who has to pay has the whole of the day upon which payment is due in which to pay” and the cause of action is complete (and the claim can be brought) at the start of the next day. crucially, Gelmini was not a ‘fraction of a day’ case.
Supreme Court’s conclusion Lord stephens acknowledged the
What does NHS data sharing mean for our data privacy?
Among the many lessons to be learned from the covid-19 pandemic is the inextricable link between health and data: effective use of the latter has undoubtedly helped save many lives over the past year. However, long-term use of NHs data is more contentious, not least the issue of data sharing with third parties and protection of that data. In may, the General Practice Data for Planning and research scheme was announced by the government, under which GP health data for everyone registered in england would be made available to researchers and companies for healthcare research and planning, with people’s identities partially removed.
but according to privacy campaigners, the process to remove identities could be reversed, which led to a widespread online campaign encouraging people to opt out. In August, the Observer revealed that nearly 1.4 million people had opted out of NHs datasharing in may and June, following a huge backlash against the plan to make patient data available to private companies. As a result, the plan has now been put on hold with no new implementation date yet fixed.
Privacy campaigners can also point to the NHs having a chequered history in data sharing and protection. In 2016, the UK’s Information commission (IcO) censured the royal Free NHs
general rule which applied to ‘fractions of a day’ cases that the day of accrual of the cause of action should be excluded from the calculation of time for the purposes of limitation. this was because the law rejects a fraction of a day and to do otherwise would prejudice a claimant and interfere with time periods stipulated by Parliament. the principle is longstanding and can be seen in the House of Lords’ judgment in mercer v Ogilvy in 1796 where Lord thurlow referred to the Latin maxim dies inceptus pro completo habetur (a day begun is treated as completed). However, the case before the supreme court was a ‘midnight deadline’ case, which Lord stephens explained was an exception to this general rule. the concept of an undivided day has no application to midnight deadline cases because the cause of action accrues at the very start of the day after performance ought to have been completed (in contact) or the breach occurred (in breach of trust). It is not permissible to exclude a whole day as that would (unduly) distort the applicable statutory limitation period and prejudice a defendant by effectively lengthening the statutory limitation period by one day. Lord stephens neatly explained:
“I consider it would impermissibly transcend practical reality if the stroke of midnight or some infinitesimal division of a second
after midnight, led to the conclusion that the concept of an undivided day was no longer appropriate…” Lord stephens concluded by saying: “the rule is that any part of a day (but not a whole day) happening after the cause of action accrues is excluded from the calculation of the limitation period.” Accordingly, the appeal was dismissed.
Discussion
the judgment is to be welcomed. Ironically, the result was that in bringing proceedings against the former trustees for failure to make a claim in time, the current trustees themselves had narrowly missed a limitation period. more widely, the effect, in fractions of a day cases, is that the statutory limitation period will be extended by a few hours. this is plainly better than the alternative which is to see the limitation period being shaved back by a few hours and which would cause greater uncertainty. raj Arumugam, barrister, 5 stone buildings, Lincoln’s Inn
Foundation trust in relation to data on 1.6 million people, which it handed over to Google’s Deepmind division (an AI company) during the early stages of an app test to enhance their machine learning capability. the IcO ruled that the royal Free did not do enough to protect the privacy of patients, and that it was “inexcusable” that they had not been told about what had been happening to their data. the information commissioner, elizabeth Denham, said that attempts to make creative use of data had to be carefully managed. “the price of innovation does not need to be the erosion of fundamental privacy rights,” she added.
since the GDPr came into force in may 2018, NHs Digital has had further significant issues securing the appropriate consents to data record sharing in an It project that had glaring failures. meanwhile, the NHs is working on AI projects via NHsX to use machine learning in research and development projects. Again, questions exist around data transparency and public consent with regards to personal data use within that project.
In may, big brother Watch reported that NHs Digital’s management of covid vaccination status data had failed to deliver even basic safeguards, which could lead to information being exploited by insurers, companies, employers or even scammers looking to defraud individuals. Director of big brother Watch, silkie carlo, said: “this is a seriously shocking failure to protect patients’ medical confidentiality at a time when it could not be more important. this online system has left the population’s covid vaccine statuses exposed to absolutely anyone to pry into. robust protections must be put in place immediately and an urgent investigation should be opened to establish how such basic privacy protections could be missing from one of the most sensitive health databases in the country.” After it was revealed that the system leaked people’s vaccination status, NHs Digital then altered its covid vaccination booking website.
Potential or actual data misuse is the big issue when the NHs shares confidential patient data with a thirdparty organisation. If that personal data is provided as part of an overall AI project, what happens to it, where does it go, where does it sit, and how many times does it get processed? Ultimately, the key questions for the people concerned are: what does a data subject, as an individual, know about the consent they have given for the processing of that data, where it is then going to be used and how many times is it going to be used?
the number of external suppliers to the NHs is substantial: 28 million lines of picked goods are delivered to the NHs annually with consolidated orders from over 930 suppliers. Information relating to the number of supply chain partners operating with the NHs Digital commercial team of procurement professionals is not itemized.
the NHs Digital team states: “Our supply chain partners are fundamental to our on-going success, creating significant value through the delivery of new thinking and innovative solutions. through the deployment of strategic supplier relationship management (ssrm) we are focused on creating an effective and collaborative relationship with our most important suppliers, creating additional value and innovation that goes beyond our contracts.” It adds the following in relation to the collection and dissemination of data: “We ensure that external organisations can access the information they need to improve outcomes, and the public are confident that their data will be stored safely by NHs Digital.”
What happened with royal Free, combined with more recent events, demonstrates that public confidence in NHs Digital’s commercial relationships with external organisations is open to question. the Data Protection Act of 2018 and the GDPr are designed to ensure that an individual data subject - the person giving consent - should be fully appraised of all of uses of that data, where that data is going to end up, how it is going to be treated, and ultimately, if it is going to be retained or disposed of.
Post-GDPr being implemented, an element of mystery still exists concerning AI projects as to how often that data is utilised in the machine learning process, and where it ultimately ends up. the overarching aspect is that the designers of AI and machine learning programmes closely guard information about how the algorithms underpinning these programmes work. Once data has been provided so that individual data subjects do not know what has happened to it, there is very little transparency in the process. moving forward, the concern for any individual is that once they have given consent, is it possible to withdraw it and remove that data from the from the AI tank? If not, then it does not accord with the principles of GDPr and data subjects.
the eU is now looking at AI regulation comparable in many ways to GDPr. but the UK’s direction of travel appears to be that this is one area where we will not keep alignment in place. GDPr and the protection of data rights is an area where which will probably evolve more by judicial intervention than by additional regulation. Over time, UK divergence from the eU will lead to judicial divergence of laws created by When considering the future relationships of NHs Digital with thirdparty companies, there is cause for concern. based on its track record, it is reasonable to assume that state-owned entities like the NHs simply do not have the technical capabilities to understand what exactly AI projects can and will do. the NHs is buying an outside resource which, necessarily, sometimes has its own agenda. An objective look at some Us tech companies operating in the NHs market reveals a very fixed, well-established agenda around the provision of services and understanding of what services will be required in the future, and how they can monetise them.
the problem lies less with the technical capability of NHs Digital, and rather more with a lack of understanding of the core objectives of some tech companies with which they are doing business. these core objectives do not necessarily align with those of the NHs. essential process changes need to be made to the NHs but it is simultaneously floundering in terms of how to achieve that technically: the more the NHs relies on outside agencies, the greater the risk that it will not have the appropriate level of compliance, particularly where interests do not align.
Against this background, significant data misuse seems inevitable and will ultimately lead to litigation. the key driver will be consumer understanding and a demand for greater transparency in how individuals’ information and data is dealt with. At present, most people do not appreciate the value of their personal and medical data. In some instances, it’s probably worth more than gold. Over the next few years, there will be greater investigation into some of these tech and AI products.
Dissemination of such information will enable the public to understand and regain control of their personal data. It is inevitable that this will provoke litigation – not against the NHs, but against some of the organisations with which they have commercial relationships. the motives and monetary gain that is sought by thirdparty suppliers will lead to actions against them, and the implementation and processing of data will be key. the public will not sue the NHs for dealing with personal data when seeking to improve their services. the tech companies responsible for handing the data will be the ones in line of sight.
