Cheyney Goulding

Cheyney Goulding Solicitors

t: 01483 56 76 76   e: legal@cheyneygoulding.co.uk

Liam Meanwell

Ending Assured Shorthold Tenancies

by

The difficulties with seeking possession under the section 21 regime.

A section 21 notice is served under section 21 of the Housing Act 1988 and is used to provide notice to the tenant(s) that the landlord is seeking possession of the property, either after the fixed term of the tenancy ends or during a tenancy with no fixed end date.  

The Deregulation Act 2015

The Deregulation Act 2015 imposed a series of requirements on landlords of Assured Shorthold Tenancies (ASTs) in England, restricting the ability of a landlord to serve a section 21 notice.

The Deregulation Act 2015 provisions apply to all ASTs of property located in England, regardless of whenever the AST was granted, from 1 October 2018.

What requirements are imposed by the Deregulation Act 2015?

The Deregulation Act imposed the following requirements:

  • A prescribed form of section 21 notice – this is available from the Gov.UK website.
  • It is not possible to serve a section 21 notice within the first 4 months of a fixed term AST.
  • Possession proceedings must be commenced within 6 months of when the section 21 notice was given. If the tenancy requires more than 2 months’ notice to be given, then the possession proceedings must be brought within 4 months of the termination date.
  • The landlord must provide the tenant with an energy performance certificate and a gas safety certificate – the landlord cannot validly serve a section 21 notice if these requirements have not been complied with.
  • The landlord must also provide prescribed information to the tenant, set by the Government, which relates to the rights and responsibilities of the parties under the AST – again, a landlord cannot validly serve a section 21 notice if these requirements have not been complied with. This information is currently set out in the How to rent: the checklist for renting in England guide which is available for download from Gov.UK.
  • The Landlord must also comply with the tenancy deposit scheme legislation and Houses of Multiple Occupation legislation.

Can the landlord remedy a failure to adhere to the requirements?

Following the introduction of these provisions, there have been cases in the County Court where the question as to whether landlords can comply with the obligations in relation to providing gas safety certificates and energy performance certificates to the tenant has been debated. Each respective court found that the issues could not be remedied late and therefore the landlords were precluded from serving a section 21 notice.

Binding authority from the senior courts is awaited on this point, although it cannot be taken that Parliament’s intention was to preclude a landlord from serving a section 21 notice in these circumstances, so further clarification is awaited on this point.

The Tenant Fees Act 2019

The Tenant Fees Act 2019 (TFA 2019) has also had a profound effect on the ability of landlords to seek possession under the section 21 regime. The Act introduced protections for most residential tenants in the private rented sector in England.

The TFA 2019:

  • Restricts the type and amount of payments that landlords and letting agents can require from tenants of most assured shorthold tenancies, student accommodation and under licences to occupy.
  • Restricts the amount of tenancy deposit.
  • Restricts the amount of a holding deposit and sets a timetable for dealing with repayment of the same.
  • Imposes non-compliance sanctions.

The provisions came into force on 1 June 2019 and apply immediately to the grant of new tenancies, with a grace period of one year for existing tenancies.

Which payments are prohibited?

Payments are prohibited under the TFA 2019 unless they are expressly listed as a “permitted payment”. These include:

  • Rent payable.
  • Tenancy deposit (limited to five weeks’ rent if the annual rent is less than £50,000, or six weeks’ rent if annual rent is over £50,000).
  • Holding deposit (limited to one week’s rent).
  • Payments on certain default events (loss of key/security device, a failure to pay rent or other reach of the tenancy).
  • Fee for the variation, assignment or novation of the tenancy (limited to £50/reasonable costs).
  • Payment due to early termination of the tenancy.
  • Other payments including Council tax, Utilities, TV licence, landline phone, internet and cable/satellite TV.

What kind of tenancies do the restrictions apply to?

The tenancies included are Assured Shorthold Tenancies (not including social housing or long leases (i.e. more than 21 years)), student lettings and licences to occupy in relation to housing.

A landlord for the sake of TFA 2019 is a licensor and a person who is either proposing to be or ceased to be a landlord or licensor. A tenant for the sake of TFA 2019 includes a licensee and a person who is either proposing to be or ceased to be a tenant or licensee.

A letting agent for the sake of TFA 2019 encompasses a very wide definition and is a person who engages in letting agency work. This is defined as where, in the course of a business, a person acts on instructions from a landlord seeking to find someone to whom to let housing or from a tenant looking for housing to rent.

The prohibition

A landlord or letting agent must not require a tenant, a tenant’s guarantor or a person acting on behalf of the tenant to do any of the following actions “in connection with a tenancy”:

  • Make a prohibited payment to the landlord or to a third party.
  • Enter into a contract with a third party for the provision of a service or for insurance, other than a contract to provide a utility or communication service to the tenant.
  • Make a loan to anyone.

‘In connection with a tenancy’ includes the following scenarios for landlords:

  • In consideration of the grant, renewal, continuance, variation, assignment, novation or termination of a tenancy.
  • Pursuant to a provision in a tenancy agreement that requires, or purports to require, them to do any of those things listed above:
    • in the event of an act or default of a relevant person; or
    • if the tenancy is varied, assigned, novated or terminated.
  • On entry into a tenancy agreement that requires, or purports to require, them to do any of those things in any circumstances otherwise than in the event of an act or default of a relevant person or if the tenancy is varied, assigned, novated or terminated.
  • As a result of an act or default by a relevant person relating to the tenancy or the housing which is let by the tenancy unless pursuant to, or for the breach of, a provision of a tenancy agreement.
  • In consideration for provision of a housing reference for that person.

‘In connection with a tenancy’ include following situations for letting agents:

  • In consideration of arranging the grant, renewal, continuance, variation, assignment, novation or termination of a tenancy.
  • Pursuant to a provision of an agreement with the person relating to the tenancy in the event of an act or default by a relevant person, or if the tenancy is varied, assigned, novated or terminated.
  • As a result of an act or default of a relevant person relating to the tenancy or the housing which is let by the tenancy unless pursuant to, or for the breach of, an agreement entered into before the act or default.
  • In consideration for provision of a housing reference for that person.

Therefore, the definition of ‘in connection with a tenancy’ is widely drafted in respect of both landlords and letting agents.

What happens to a term in an agreement which breaches these rules?

A term in a tenancy agreement or letting agent agreement which breaches the prohibitions on requiring payments are not binding on the tenant, the tenant’s guarantor or anyone acting on behalf of the tenant. The rest of the agreement will continue to have effect so far as it is compatible.

What are the consequences?

A section 21 notice cannot validly given in respect of an AST if the landlord is in breach of the prohibitions applying to landlords and while a prohibited payment paid to the landlord or holding deposit held in breach of the prescribed terms has not been repaid to the relevant person, unless they have consented to the money being applied towards rent under the tenancy or towards the tenancy deposit.

Where a person has breached the prohibitions, repayment obligations or requirements for holding deposit monies, an enforcement authority can apply a financial penalty of up to £5,000 where they are satisfied beyond reasonable doubt. Usually the local trading standards authority is the appropriate enforcement authority, if not the local district council.

A landlord or letting agent is guilty of an offence if they commit a further breach of the prohibitions within five years of having had a financial penalty imposed or being convicted of an offence for an earlier breach. The penalty for the criminal offence is an unlimited fine and a banning order offence under the Housing and Planning Act 2016, meaning that these persons cannot make a transfer of an estate in land without the permission of the First Tier Tribunal.

As an alternative to prosecution, an enforcement authority can impose a financial penalty of up to £30,000 where it is satisfied beyond reasonable doubt that an offence has been committed.

This article is for general commentary only and does not constitute legal advice.  If you would like to discuss any of the issues discussed in this article, please contact Liam Meanwell – lmeanwell@cheyneygoulding.co.uk, or another member of our team.

Cheyney Goulding LLP, solicitors in Guildford, Surrey

GDPR

by

What is GDPR?

The General Data Protection Regulations replace the Data Protection Act 1998 on the 25th May 2018. GDPR gives people more control over how organisations use their data and consequently imposes a burden on all organisations who control and process data.

What steps should I take in order to be compliant with GDPR?

Awareness

Make key people in your organisation aware that the law is changing surrounding the retention and processing of personal data. They need to assess the impact of the new law and identify areas where compliance problems may arise.

Data audit

You should consider how data is handled in your organisation and answer the following questions:

  • What data do you hold and why?
  • How do you collect the data?
  • How and where is the data stored?
  • What do you do with the data?
  • Who owns and controls the personal data?
  • How long is data retained?
  • When and by what means is deleted?
  • Who is responsible for the data and processors associated with data?
  • Do you have adequate technology/process to adequately manage data processing?

What documents do I need to review or create?

When you collect personal data, the law as it stands requires you to give people certain information which is usually done via a privacy notice. The GDPR requires that additional information is provided, such as explaining the lawful basis for processing the data, the period you retain data for and that an individual may complain to the ICO if they believe there is a problem in the way you are handling their data.

You should initially create an internal policy document setting out how you will comply with the GDPR and base all other documents on these policies. You should review your contracts with your suppliers who are data processors to ensure they fulfil their obligations under the GDPR.

You will also need to update your website privacy policies, cookie policies and privacy notices for employees/workers where applicable.

What do I need to detail in my updated privacy notice?

Remember, you need to ensure the information is concise, transparent and easily accessible; written in clear plain language; and available free of charge. This information should be provided at the time the data is obtained.

You must set out:

  • Identity and contact details of the controller (and where applicable, the controller’s representative) and the data protection officer.
  • Purpose of the processing and the legal basis for the processing.
  • The legitimate interests of the controller or third party, where applicable.
  • Categories of personal data.
  • Any recipient or categories of recipients of the personal data.
  • Details of transfers to third country and safeguards.
  • Retention period or criteria used to determine the retention period.
  • The existence of each of data subject’s rights.
  • The right to withdraw consent at any time, where relevant.
  • The right to lodge a complaint with a supervisory authority.
  • Whether the provision of personal data part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data.

The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences.

Bear in mind that the privacy notice may come in several forms for each kind of interaction (to employees, to clients etc).

What rights do I need to provide for?

The GDPR confers the following rights on individuals:

  • The right to be informed.
  • The right of access.
  • The right of rectification.
  • The right to erasure.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object.
  • The right not to be subject to automated decision-making including profiling.

These rights represent an enhancement of the rights to individuals under current legislation. It is important to consider your procedures and evaluate whether you can fulfil the rights above given the systems and processes you currently use. Changes should be made to ensure these rights are able to be actioned by individuals.

What do I need to consider regarding subject access requests?

Any requests that are made by individuals must now be free of charge in most cases and the period for compliance is now one month, rather than the existing 40 days. Any request that is refused (such as for being manifestly unfounded or excessive) must be accompanied by reasons and state their right to complain to the supervisory authority and to a judicial remedy. This must be done as a matter of priority and within one month.

What is the basis for my processing activity?

Under the GDPR, you must identify the lawful basis for processing activity and document this in your privacy notices. You should review your processing activities and identify your lawful basis for doing so.

The lawful bases are as follows:

(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

(d) Vital interests: the processing is necessary to protect someone’s life.

(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

You should consider which of the lawful bases best fits the circumstances and set this out in your privacy notice. Bear in mind that this depends on the specific purposes and the context of the processing. You need to keep a record of which basis you are relying on for each processing purpose, and a justification for why you believe it applies.

Why do I need to think about consent?

The GDPR sets a new, high standard for consent which involves an unambiguous and clear, affirmative action. For example, there is a specific ban on pre-ticked opt-in boxes. You will need to review your consent mechanisms to ensure they meet GDPR requirements on being specific, granular, clear, prominent, opt-in, documented and easily withdrawn. The key points are as follows:

  • Unbundled – consent requests must be separate from other terms and conditions. Consent should not be a precondition of signing up to a service unless necessary for that service.
  • Active opt in – pre-ticked opt-in boxes are invalid – use unticked opt-in boxes or similar active opt-in methods (eg a binary choice given equal prominence).
  • Granular – give granular options to consent separately to different types of processing wherever appropriate.
  • Named – name your organisation and any third parties who will be relying on consent – even precisely defined categories of third-party organisations will not be acceptable under the GDPR.
  • Documented – keep records to demonstrate what the individual has consented to, including what they were told, and when and how they consented.
  • Easy to withdraw – tell people they have the right to withdraw their consent at any time, and how to do this. It must be as easy to withdraw as it was to give consent. This means you will need to have simple and effective withdrawal mechanisms in place.
  • No imbalance in the relationship – consent will not be freely given if there is imbalance in the relationship between the individual and the controller – this will make consent particularly difficult for public authorities and for employers, who should look for an alternative lawful basis.

There is not a requirement to refresh all existing consents for the GDPR implementation, but it is important to review these to ensure they meet the GDPR standard. Where there is non-compliance, it is imperative to seek fresh GDPR compliant consent, identify a different lawful basis for your processing (and ensure continued processing is fair), or stop the processing.

Do I need to consider preparing for data breaches?

Yes, you should ensure that the right procedures are in place to detect, report and investigate a personal data breach. The GDPR imposes a duty on all organisations to report certain types of data breach to the Information Commissioner’s Office and sometimes to individuals. You only need to report to the ICO where it is likely to result in a risk to the rights and freedoms of individuals. Procedures should be put in place to respond to such breaches.

Do I need to appoint a data protection officer?

Not necessarily. You only need to designate a DPO if you are carrying out regular and systematic monitoring of individuals on a large scale, a public authority or an organisation that carries out the large scale processing of special categories of data, such as health records. You should however designate someone in your organisation to take responsibility for data protection compliance.

What if I am operating internationally?

If your organisation operates in more than one EU member state or you have a single establishment in the EU that carries out processing which substantially affects individuals in other EU states, then you should determine your lead data protection supervisory authority. This is the location of the authority where your central administration is undertaken. You should map out where the organisation makes its most significant decisions to determine your main establishment to then lead supervisory authority.