When stylist Law Roach publicly claimed that Tom Holland and Zendaya had already tied the knot, the internet went into overdrive. The couple’s response? Silence. No confirmation, no denial, just the same disciplined commitment to privacy they have maintained throughout their relationship. It is a masterclass in ‑‑information control and it raises a question UK lawyers and businesses should be paying attention to: how do you keep sensitive information under wraps when the pressure to disclose is enormous?
The headlines may be celebrity-focused, but strip away the glamour and the legal principles at play are exactly the same ones UK businesses rely on every day to protect commercially sensitive and reputation-critical events.
Controlling the narrative: why NDAs matter beyond Hollywood
Celebrity weddings often use NDAs for guests, suppliers and venue staff to prevent leaks, unauthorised images and other confidential details. This trend reflects the use of NDAs to safeguard privacy, control publication and manage media sensitive information. Holland and Zendaya’s limited public disclosure shows the same strategy: tightly controlling what information is released.
For UK organisations, swap “wedding” for product launch, joint venture, M&A deal, internal investigation or investor event, and the playbook is identical. The information is sensitive, the stakes are high, and a single leak can cause serious commercial or reputational damage.
UK law: how NDAs work and their limits
Under English contract law, an NDA is enforceable provided it is clear, specific and proportionate. Updated Solicitors Regulation Authority (SRA) guidance makes clear that no NDA may prevent or deter a person from:
- reporting offences to the police,
- engaging with regulators, or
- making whistleblowing disclosures under the Public Interest Disclosure Act 1998.
From 1 October 2025, NDA clauses that purport to restrict certain legally protected disclosures, including disclosures to law enforcement or professional advisers will potentially be unenforceable. If your organisation is still using pre-2025 templates, now is the time to update them with the required statutory carve-outs. These rules apply whether the NDA is a standalone agreement or embedded within a wider contract or arrangement.
Privacy: when misuse of private information also applies
NDAs operate alongside the UK tort of misuse of private information (MPI). Since Campbell v MGN, UK courts balance Article 8 privacy against Article 10 expression, recognising that photographs and sensitive personal details, even in public places, may be protected if disclosure would cause substantial distress to a person of “ordinary sensibilities.”
In reputation sensitive scenarios, including celebrity events, MPI and breach of confidence can support urgent injunctions preventing publication. UK firms note that injunctions require evidence that the information was confidential, subject to an obligation of confidence, and at risk of misuse.
Getting it right: how to draft an NDA that stands up
A well-drafted NDA for a UK business should:
- Define confidential information precisely, including whether images, recordings or event details are covered.
- Include SRA‑compliant carve‑outs, making clear that legal or regulatory disclosures are permitted.
- Avoid blanket bans that could mislead signatories about statutory rights (any such impression breaches SRA rules).
- Provide proportionate remedies, including injunctions and return/deletion obligations.
Do not overlook the practical side. Operational controls, access restrictions, device-free meetings, clear briefings on what is and is not confidential serve a dual purpose. They reduce the risk of leaks and, critically, they help demonstrate that the information carried the ‘quality of confidence” required for enforceability under UK law. For a real‑world example of how confidentiality obligations can unravel in practice, and the commercial consequences when confidential information is misused, see our analysis of the Nomi Beauty v Estée Lauder dispute: https://www.beyondcorporate.co.uk/newsroom/when-confidentiality-fails-what-uk-businesses-can-learn-from-nomi-beautys-claim-against-estee-lauder/
The business takeaway: what Holland and Zendaya get right
You do not need to be a celebrity to benefit from this approach. Even without a public-facing NDA, the couple’s disciplined silence and tight information control reflect genuine best practice. For organisations handling sensitive projects or information, the lessons are straightforward:
- Plan confidentiality early for any sensitive project or event.
- Use NDAs alongside privacy and reputation strategies, including MPI considerations.
- Review and update NDA templates ahead of the October 2025 statutory carve‑out.
- Ensure NDAs are realistic and UK‑compliant, avoiding language that could mislead or overreach.
When properly drafted and embedded into wider governance, NDAs remain one of the most effective tools for controlling information, whether you are safeguarding a confidential business venture or, like certain celebrities, a private milestone.
Need to review your NDA framework?
Our Commercial team advises organisations on NDA frameworks, breach of confidence risks, and emergency reputation‑protection measures. If you’d like support reviewing your NDA templates or confidentiality strategy or any urgent confidentiality breaches, contact us at: [email protected]
