Managing risk: A disputes perspective (2021)
Blog ADR Notes

MANAGING RISK: A DISPUTES PERSPECTIVE

CONFERENCE REPORT DECEMBER 2021

Introduction

This annual conference, held on 7 and 9 December, was chaired by our Managing Partner for Dispute Resolution Damien Byrne Hill and explored some key legal and compliance risks facing major corporates, and how those risks can be mitigated.

Sessions looked in particular at risks relating to climate change and Business & Human Rights, three areas of heightened class action risk (data, competition and transnational torts), and issues around dealing with distressed counterparties in light of recent changes to insolvency law following on from the Covid-19 pandemic.

Speakers also considered questions of procedure, focusing on how technology can be used to manage risk and create efficiencies in investigations, and how to manage litigation risks arising from recent reforms to disclosure and witness statements in the Business and Property Courts.

Contents

02 Climate change and Business & Human Rights 06 Distressed counterparties and litigation risk 09 Tech in investigations 12 Competition class actions 14 Data class actions 17 Transnational torts and parent company liability 20 How to manage litigation risks arising from recent procedural reforms 24Contacts

02

Climate change and Business & Human Rights

In recent years Environmental, Social and Governance (ESG) issues have been at the top of the agenda for global businesses, as well as governments. Within the wider ambit of ESG, climate change and business & human rights are giving rise to an increasing risk of disputes for corporates not only those in the extractive industries but across all sectors.

In this panel session, the speakers looked at the worldwide trends in climate change litigation, the role of business & human rights considerations in these claims and the broader implications of business & human rights standards for companies.

HERBERT SMITH FREEHILLS

Chair: James Baily Partner, dispute resolution

Ben Rubinstein Partner, dispute resolution

Jannis Bille Associate, global energy group

Gregg Rowan Partner, dispute resolution

Antony Crockett Partner, global head of business and human rights

HERBERT SMITH FREEHILLS

CLIMATE CHANGE AND BUSINESS & HUMAN RIGHTS

03

A global phenomenon

Climate-change litigation is a global phenomenon, though the types of claims differ from jurisdiction to jurisdiction.

The dominant targets of climate change litigation so far have been governments and businesses engaged in certain emissions intensive sectors (such as energy and the extractive industries), but no sector is immune.

The motivations behind the claims have varied. Sometimes claimants are seeking financial compensation, but often the goal is to advance policy objectives or influence the pace of change, including to encourage governments or corporates to "pedal faster" in their moves toward decarbonisation, or to galvanize public support for stronger measures to combat climate change.

The US

Consumer misrepresentation or "greenwashing" class actions and similar suits brought by US state governments alleging greenwashing are being brought with increasing frequency. Such class action claims allege that the company has made false, misleading or exaggerated statements about its climate or other environmental credentials, and that the claimant class members have suffered economic damage by paying the associated "green price premium". The price differential may be small for each individual consumer, but the claim may be very large if brought on behalf of millions of consumers. The reputational damage from being named in such lawsuits can also be significant.

Tort public nuisance suits have also been a major feature of US climate-related litigation. Typically such claims are brought by city or municipal governments against companies that are alleged to be responsible for a large share of historic fossil fuel emissions, seeking damages to abate the effects of climate impact on the local community. Courts in California and New York have dismissed such claims on the basis that they are displaced by federal law and better handled by the legislative and executive branches of government, but a number of other cases are still working their way through the US court systems.

To date securities fraud class actions have not been a major feature in climate change litigation in the US, but this may well be an emerging area of potential claims.

Australia

There are two significant class actions going through the Australian courts at the moment in which claimants are seeking to establish that the government owes them a climate change related duty of care:

In Sharma v Minister for Environment the court has held that the Minister for the Environment, when deciding whether to approve the extension of a coal mine, owed a duty to all Australian children to take reasonable care not to cause them harm in the form of personal injury that could result from the substantial carbon emissions the mine would produce. This novel duty of care operates alongside the Minister's duties under statute and raises obvious questions as to whether such a duty could be relied on by activists in other contexts. An appeal against the decision was heard a few weeks ago and a decision is awaited.

A second case, Pabai Pabai v Commonwealth of Australia, was brought a few weeks ago on behalf of Torres Strait Islanders, an indigenous people who inhabit low lying islands off the coast of Australia. The claimants are, again, seeking to establish that the Australian government owes them a novel duty of care to take reasonable steps to protect them from the impacts of climate change. The alleged duty is founded to a large extent on ordinary principles of knowledge and the foreseeability of harm and so, if successful, there may be attempts to argue that a similar duty is owed by the government, or even by companies, in other climate related contexts.

In terms of climate related cases against companies in Australia, there are two types of claim that illustrate how activists are using litigation strategically, not to establish liability for the effects of climate change but to hold companies to account for what they say (or don't say) in relation to climate change:

The first type is for an alleged breach of disclosure obligations. The main example we've seen so far in the climate context is a claim by a shareholder against a bank for an injunction on the basis that the bank's annual report failed to address the climate risks that the bank faced. The claim was ultimately withdrawn, because such risks were addressed in the following year's annual report. It is possible that, in due course, a shareholder class action may be brought seeking damages for inadequate climate related disclosures.

The second type is a claim for greenwashing, which has come to the fore recently in the context of the dieselgate litigation and in Australia, there is currently a claim being brought by a shareholder against an energy company for alleged greenwashing in the company's annual report.

04 CLIMATE CHANGE AND BUSINESS & HUMAN RIGHTS

Climate change and Business & Human Rights

HERBERT SMITH FREEHILLS

The EU

In the EU, we are seeing quite a few climate related cases. To date these have been mainly directed at governments, but we have started to see more cases brought against corporates also. Two cases in the Netherlands are particularly worthy of note.

What are the key climate change legal risks for your business?

13% Being the target of litigation

26% Increased regulatory intervention

In the Urgenda case, a Dutch environmental group and 900 Dutch citizens brought a class action against the Dutch government seeking to require it to take additional actions to prevent global climate change. The case went up to the Dutch Supreme Court, which held that the Netherlands must reduce greenhouse gas emissions by at least 25% compared to 1990 levels by the end of 2020.

Importantly, the court in Urgenda held that articles 2 (right to life) and 8 (right to respect for private and family life) of the European Convention on Human Rights place a positive obligation on the Dutch state to take reasonable and appropriate measures to protect residents from the life threatening consequences of climate change.

29% Reputational pressure

16% Investor pressure

16% None of these are material risks at this time

Business & Human Rights The trend towards the deployment of human rights based arguments in climate litigation is consistent with increasing scrutiny of corporate conduct in relation to human rights more generally, in particular by reference to the UN Guiding Principles on Business & Human Rights which have become the universally accepted international standard.

This approach of using human rights as an avenue of bringing climate change cases was also pursued in Milieudefensie v Shell. In this case, a climate related activist group and 17,000 individuals brought a claim against Shell seeking a declaration, rather than damages. The court ordered that Royal Dutch Shell is obliged to reduce the Shell group's CO2 emissions by net 45% by the end of 2030, relative to 2019, through the Shell group's corporate policy. This reduction obligation relates to the Shell group's entire energy portfolio and to the aggregate volume of all its emissions (Scopes 1-3).

The decision in Shell is merely a first instance decision, and under the Dutch system the case will be re-argued de novo on appeal. It is nonetheless significant, however, as the first case we are aware of in Europe where the court has held a corporate responsible for meeting the Paris Accord goals.

Reputational pressure and increased regulatory intervention are seen as key climate change risks

The Guiding Principles do not create legal obligations in and of themselves. However, many companies and particularly large multinationals have adopted human rights policies under which they commit to act in accordance with the Guiding Principles. This generally involves a commitment to implement human rights due diligence processes, which include both an assessment of the risks posed by their activities and a commitment to take steps to avoid or mitigate those risks.

In addition, various governments around the world have moved to introduce regulations which reflect aspects of the Guiding Principles, such as human rights and other non-financial reporting standards, and supply chain due diligence laws.

Importantly, the standards adopted by businesses, including their own human rights policies, have become relevant to litigation in at least three ways:

First, the contents of these policies and related statements, such as sustainability reporting, may be argued to evidence the existence a duty of care owed to third parties.

Second, corporate policies may be relevant evidence in determining the standard of care (if a duty is established) and whether that standard has been breached.

HERBERT SMITH FREEHILLS

CLIMATE CHANGE AND BUSINESS & HUMAN RIGHTS

05

Thirdly, such policies and related reporting may be relied on in aid of discovery and document production applications.

It is key for corporates to ensure that their policies and commitments are carefully thought through and, just as importantly, are properly implemented in the organisation.

The UK

A lot of the climate-related litigation we have seen to date in the UK has been in the context of planning applications or challenges to government policy. Much of the focus has been on administrative law challenges, particularly to decisions in relation to the grant of licences in the energy sector for example, for new offshore drilling or onshore fracking licences. Shareholder activism and investors disrupting AGMs have also been features of climate-related pressure for corporates here.

We can expect this to continue, and for there to be more claims against government in relation to administrative decisions, including based on human rights arguments. At this stage, there does not seem to be an immediate prospect in the UK of the sorts of mass tort claims being brought in the US, or the human rights based claims we are seeing in Europe.

Over time, however, it seems likely that there will be more attempts to hold corporates to account for what they say about climate change and how they deal with climate change. We can certainly expect shareholder activism in the context of climate issues to continue and probably to grow, and we could start to see claims along the lines of those that have been brought against corporates in Australia in this area.

Does your organisation have a human rights policy and/or carry out human rights due diligence?

33% Yes, it is a key part of our business

11% Yes, but it is not viewed as key to our business

15% No, because it is not considered relevant to us

4%

No, because it is not something we have considered

37% I do not know

Many organisations see human rights policies as a key part of their business, but there is still a lack of awareness among some

06 PANEL 2: THE GLOBAL REGULATORY LANDSCAPE

Distressed counterparties and litigation risk

The Corporate Insolvency and Governance Act 2020 introduced sweeping insolvency reforms in response to the business impacts of Covid-19, which were designed "to give companies breathing space and keep trading while they explore options for rescue". The Pension Schemes Act 2021 also introduced significant changes for companies with defined benefits schemes, resulting in increased risks for company directors, advisers and counterparties.

In this session, the speakers considered these provisions and their implications for businesses dealing with distressed counterparties.

HERBERT SMITH FREEHILLS

John Whiteoak Partner, dispute resolution

Natasha Johnson Partner, dispute resolution

Andrew Cooke Partner, dispute resolution

HERBERT SMITH FREEHILLS

DISTRESSED COUNTERPARTIES AND LITIGATION RISK

07

Governments around the world responded to the economic pressures resulting from the Covid-19 pandemic in similar ways, by injecting cash into the economy and by passing legislation to suspend much of their insolvency law and protect struggling businesses.

In the UK, at the same time as introducing temporary measures to deal with the effects of the pandemic, the government took the opportunity to make permanent changes to UK insolvency law. These changes, under the Corporate Insolvency and Governance Act (CIGA), have transformed the UK from perhaps the most creditor friendly jurisdiction in the world into a much more debtor friendly jurisdiction.

The measures introduced generally give additional control to the directors of the debtor company, to enable them to keep the business going and avoid going into an insolvency process though often at considerable expense to some creditors.

In parallel, the UK also introduced new pension schemes legislation, the Pension Schemes Act 2021, which increases the potential liabilities for directors of a company with a defined benefit scheme, as well as for lenders, suppliers and advisers to such a company.

New statutory moratorium

CIGA introduced a new statutory moratorium designed to give companies breathing space from their debts, for a short period, so they can get their financial affairs in order without the company going into an insolvency process.

The moratorium gives a payment holiday from pre-moratorium debts, with certain exceptions including employee wages and certain financial services contract obligations. It also prevents various legal processes being launched against the company, including commencing a claim, commencing insolvency proceedings, crystallising a floating charge and forfeiture.

The moratorium has not been used very often in the 15 months or so since it was introduced. This may be because the exclusion of employee and financing debts means it is of relatively limited benefit to a lot of companies, as these sorts of payments are often what tips a struggling company into insolvency. So the moratorium may be more useful for companies that owe significant sums to their suppliers, rather than to their banks or employees.

New restructuring plan

CIGA also introduced a new restructuring plan, similar to a scheme of arrangement, which permits a company to promote a compromise with its creditors.

However, a scheme of arrangement must be approved by 75% of the creditors overall and by 75% of each class of creditors. In contrast, the restructuring plan includes a "cross-class cram down" provision, which effectively permits a judge to override the votes of classes of creditors that do not approve the compromise, as long as at least one class of creditors has approved it.

The question for the court is whether the compromise results in every creditor within the dissenting class being better off under the restructuring plan than they would be under the relevant alternative ie whatever the court considers most likely to occur if the compromise is not sanctioned. In most circumstances that will be a liquidation.

So in other words, the court has to look at what the valuation of the business might be on a liquidation basis and decide whether the distribution proposed in the restructuring plan puts the creditors in a better position.

If a creditor wishes to argue that it would be better off in a liquidation, it is likely to be very difficult to prove that. The creditor will not have access to the company's documents or financial records, and the time frame between the creditor votes and the hearing to approve the restructuring plan may be as little as a few weeks, so it will be very difficult for a creditor to get expert evidence to support any challenge to the valuation of the business put forward by the company.

Recent changes to insolvency legislation have transformed the UK from a creditor friendly jurisdiction into a much more debtor friendly jurisdiction

08 DISTRESSED COUNTERPARTIES AND LITIGATION RISK

Distressed counterparties and litigation risk

HERBERT SMITH FREEHILLS

"Suspension" of wrongful trading

For certain periods during 2020 and 2021 the government suspended liability for wrongful trading, which applies where directors knew or ought to have known there was no reasonable prospect of avoiding insolvent liquidation or administration, and failed to take all reasonable steps to minimise losses to creditors.

New UK pension schemes legislation significantly increase the potential liabilities for directors of companies with defined benefit schemes, as well as for lenders, suppliers and advisers to such companies

The courts are required to assume that the directors were not responsible for any worsening of the company's financial position during the periods of suspension. However, particularly as the periods of suspension were not continuous, there are likely to be difficulties in determining whether the company's worsening financial position occurred during the periods of suspension. So directors may still carry some risk despite the suspensions.

End of ban on winding up petitions

The government also introduced temporary restrictions on winding up petitions, thereby removing one of the tools that is normally available to creditors to encourage a distressed debtor to pay. There was not a complete ban, but creditors were required to prove that the company's financial difficulties were not caused by the pandemic which is very difficult for a creditor to prove, without access to details of the company's financial affairs.

The government has now removed those restrictions, but until March 2022 there are other restrictions on presenting a winding up petition, namely: the unpaid debt must be at least 10,000 (rather than 750 as previously); it must be a liquidated debt; and the creditor has to give notice to the debtor, including inviting proposals.

Changes to landlords' remedies against commercial tenants

The new Commercial Rent (Coronavirus) Bill, introduced in November, will introduce a legally binding arbitration process for commercial landlords and tenants where there are rent arrears for businesses that were forced to close during the pandemic.

The provisions are expected to take effect by 25 March 2022 but at the moment there is much that is up in the air in terms of the process including, for example, what test will be applied by the arbitrators.

Pension Schemes Act 2021

The Pension Schemes Act introduces a number of new measures including new tests for contribution notices and new information gathering powers for the Pensions Regulator. Perhaps most significant, however, is the introduction of new criminal offences relating to defined benefit pension schemes in summary:

Avoidance of employer debt: intentionally acting so as to prevent recovery of a debt due from the employer, or prevent the debt becoming due, or otherwise compromise, settle or reduce the debt, without a reasonable excuse.

Conduct risking accrued scheme benefits: acting so as to detrimentally affect in a material way the likelihood of accrued scheme benefits being received, where the person knew or ought to have known that would be the effect, without a reasonable excuse.

The Pensions Regulator has said that "a professional person, acting in accordance with their professional duties, conduct, obligations and ethical standards applicable to the type of the advice being given, is likely to have a reasonable excuse".

However, these offences are significant for those dealing with distressed counterparties both because they can give rise to direct liabilities for third parties, and because they are likely to influence the behaviour of the directors of the counterparty, who are most at risk of incurring liability.

The new provisions will need to be considered by investors, lenders, trustees and advisers when contemplating any significant transaction involving a company with a defined benefit scheme, for example where a lender is advancing additional funding and taking first ranking security, or where a private equity firm plans to implement a pre-pack to buy the business without taking on scheme liabilities.

More information

For more information on the CIGA provisions you can access our series of short webcasts on the key aspects here. For more information on the new Pension Schemes Act, please see our Pension teams soundbite series here.

HERBERT SMITH FREEHILLS

Tech in investigations

The growing universe of electronic data, together with the increase in types of data, and data being held in less traditional places, bring new challenges to conducting investigations. In this session, the speakers looked at how technology can be used in investigations to manage risk and create time and cost efficiencies.

SECTION TITLE

09

Jenny Stainsby Partner, global head of financial services regulatory practice and regional head of disputes for EMEA

Hywel Jenkins Partner, financial services regulatory

Stephanie Barrett Head of eDiscovery and legal technology for UK, US & EMEA

Caoimhe Powell Head of disputes, UK, US & EMEA, alternative legal services

10 TECH IN INVESTIGATIONS

Tech in investigations

HERBERT SMITH FREEHILL10S

This session looked at situations that commonly arise in the three core stages of data management in an investigation: data collection; data analysis; and review and production, as well as considering some evolving data challenges.

Which one of these tools are you most familiar with? 13% Data analytics tools such as Brainspace

13% Predictive coding

4% Enhanced redaction tools such as Exolution

21% Machine translation

Before any data is collected, it is important to collaborate with the business's IT team to prepare a data map. This helps ensure that all potential data sources are covered off and everything that's in scope is collected. It also helps surface some of the potentially challenging issues up front, eg data held in other jurisdictions; "deleted" data; data held by third parties; or devices where passwords are not available.

An audit trail should be kept of what has been collected, including the sources (custodians etc), any criteria applied to the collection (eg date ranges or search terms) and any judgements made along the way. This is not only for the organisation's own benefit, eg if memories fade or individuals leave, but it can also be helpful to show to a regulator down the line.

50% None of the above

The results of our audience poll suggested that half of respondents were not familiar with the tools and techniques available to make the document collection, analysis and review processes more efficient, which means there is scope for those involved in investigations to save time and costs by exploring the benefits of technological solutions.

Data collection

There are many different challenges associated with how data is identified, collected and made available. One issue that has arisen with increasing frequency is how to deal with communications other than emails (eg WhatsApp).

The use of these alternative services gives rise to risks, particularly because they are generally on individuals' personal devices, with control of the communications in their hands, rather than on a centralised system with archiving.

It is important to have policies and processes for dealing with these services, and consider how they interact with the organisation's document retention policies. For example, are individuals responsible for adhering to standard document retention policies in respect of communications on non-work systems, as well as any document hold notices which are in place? If so, how will that be enforced?

There is also a potential issue when employees leave the organisation. Businesses should ensure there are continuing co-operation and document retention obligations, or otherwise put in place requirements for outgoing employees to hand over copies of business communications sent on non-work systems or devices.

Before collecting data, a good data map should be prepared to ensure all potential data sources are identified and any difficult issues flagged

Data analysis

Once the data is collected, the organisation will often want to know, as a matter of urgency, what the data set shows before a full review is conducted.

It is often difficult in the early stages of an investigation to understand what the key issues might be or to focus in on what is important, either in terms of topics or individuals. Key word searches can help to hone in on what might be relevant, but it can be difficult to know what key words to use, and just relying on key word searches can mean important documents are missed. It is generally important to have a good understanding of the data set before starting to filter data out.

This is where analytics, conceptual searching and clustering can be very useful. Dashboards can be created which can provide information on the data set as a whole, or can drill down to custodian level, answering questions such as: Who has the most data? What are the most common terms and topic areas? Who is talking to whom? What is the data timeline? What file types are there?

Such dashboards can help determine where you might want to target an initial review identifying for example if there is data clustering around certain dates or certain individuals, or if there is anything that immediately stands out that should be looked at straight away.

HERBERT SMITH FREEHILLS

TECH IN INVESTIGATIONS

11

They can also help spot gaps in data sets, and identify whether there is further material that needs to be collected. Or, conversely, if you are confident that the data set is complete, such tools may identify time period that are less important and can perhaps be ignored.

Review and production

An issue that often arises at the review stage, with a large data set and a looming deadline, is how to meet the deadline without materially increasing the size of the review team.

Various tools can be used to reduce the data set for review, and save time and cost, including email threading, predictive coding and in particular the application of Continuous Active Learning (or "CAL") technology. As a review team codes documents, CAL learns what is likely to be responsive and not responsive, so that documents can be eliminated from the review while ensuring an acceptable margin of error for potentially missing a responsive document. Such technologies can significantly reduce the number of documents to review.

Evolving data challenges

The recent explosion in the use of video conferencing apps like Zoom and Microsoft Teams have presented additional challenges for an investigation. Again, this underlines the importance of a good data map, to ensure all potential data sources are identified.

The key is not so much at the collection and review stage, but in the organisation of the data itself and how it is being preserved. Organisations need to consider for example: whether meetings are being recorded; where they are stored and how they are organised; how easy it will be to identify meetings in scope without having to trawl through every recording; and what is the retention policy for storing data in the cloud.

Once the material has been identified and collected, there is technology available to support the review of media files, either by generating transcriptions for the purposes of searching, or by searching the actual audio without the need for a transcription.

Regulators are often open to the use of these sorts of technology, so long as the process is explained clearly. Similarly, with an independent third party investigation, the use of such technologies can be explained to and agreed with the third party.

Analytics, conceptual searching and clustering can be very useful to help identify the key issues and focus the initial review on what is most important

12

Competition class actions

The Supreme Court decision in Merricks v MasterCard in December 2020 confirmed the less restrictive approach to certification set out by the Court of Appeal in that case, leading ultimately to the Competition Appeal Tribunal's decision to grant certification for the 14 billion claim in August 2021. Since that decision, further applications for class actions have been certified. This session looked at the impact of these decisions on other competition class actions which were waiting in the wings or which may now be brought under the "opt-out" regime introduced by the Consumer Rights Act 2015.

HERBERT SMITH FREEHILLS

Kim Dietzel Partner, competition, regulation and trade

HERBERT SMITH FREEHILLS

COMPETITION CLASS ACTIONS

13

Competition class actions in England and Wales are different from other sorts of group action because there is a dedicated procedure for bringing them, on either an opt-in or opt-out basis, in the Competition Appeal Tribunal (CAT). This regime was introduced in 2015 and involves a certification process known as a "collective proceedings order" (CPO) in which the CAT decides whether the case should be allowed to proceed.

The Supreme Court's decision in Merricks v Mastercard, handed down just before the end of 2020, clarified various aspects of the regime and confirmed a relatively permissive approach to the grant of a CPO.

A look at recent headlines shows that competition class actions are hitting the news, relating to matters such as train fares affecting commuters or charges for landline phone customers. These actions are now being taken forward and raise a lot of public interest.

The competition class action regime has a lot of momentum, with class representatives, law firms and funders keen to use the regime

Certification applications to date

Since the regime came into force there have been 16 CPO applications, quite a few of which have been brought since the Supreme Court decision in Merricks provided greater clarity. These include both "follow-on" actions, ie damages actions that follow on from a finding of infringement by a competition authority, and (particularly more recently) "standalone" actions, where the infringement has to be established as part of the case.

Most have been brought as opt-out cases, meaning that the class representative brings the claims on behalf of the whole defined class, and class members do not need to take steps to opt in to be part of the class. This is quite similar to a "US-style" class action which will be familiar to many.

The vast majority of the cases brought to date are brought on behalf of consumers rather than businesses.

Four CPOs have now been granted, and there are a number of pending applications, but so far there is little precedent beyond the certification stage. Therefore many issues around managing these cases in practice have yet to be tested eg what level of disclosure can be expected so we expect significant further developments over the coming years.

The test for certification

The Supreme Court's decision in Merricks significantly clarified the relevant conditions for certification, and that decision has since been applied by the CAT in granting several CPO applications.

There are two conditions for a CPO: the authorisation condition and the eligibility condition.

The authorisation condition focuses on whether it is just and reasonable for the proposed class representative to act on behalf of the class, having regard to the interests of the class members or future class members. This condition also involves considering whether there is adequate funding to cover the whole litigation and any adverse cost order.

In the cases we have seen so far, questions have been raised around the funding structure, but ultimately each of the cases has comfortably passed the authorisation condition sometimes with some amendments to the funding arrangements.

The eligibility condition is made up of a number of elements, including whether the claims in question raise the same, similar or related issues of fact or law, often referred to as common issues. What is becoming clear from the case law is that a common issue has to be a common question but it does not necessarily require a common answer, so it is possible that a CPO will be granted despite significant differences between the positions of class members.

Another element of the eligibility condition relates to whether the claims are suitable to be brought in collective proceedings. The CAT has clarified that this is a relative assessment: the court has to consider whether the claim is more suitable to be brought in collective proceedings than in individual proceedings which is likely to be the case in most consumer claims.

The CAT also has to consider whether it is appropriate for the case to be brought on an opt-out or opt-in basis, even if the class representative only applies on an opt-out basis. A key questions the CAT has considered in the cases to date was whether class members were likely to opt in proactively. Where class members were elderly and unlikely to want to get involved with litigation, for example, that was considered to be a factor in favour of an opt-out class. Or if the class is very large, the CAT may consider that in practice requiring members to opt in separately would not be practicable.

The regime is very costly, with one recent costs ruling showing that the applicants' costs up to grant of the CPO were already 1.7 million

14 PANEL 4: BIG DATA, CYBER SECURITY AND IP

Data class actions

In its high profile decision in Lloyd v Google, the Court of Appeal found that an action for loss of control of data arising from alleged data breaches could proceed on behalf of some four million iPhone users under a hitherto little-used "representative action" procedure, as an "opt out" class action without having to identify those represented in the case. The Supreme Court has now overturned that decision, but has left the door ajar for damages actions to be brought on a representative basis in certain circumstances both for data breaches and in other types of case. In this session, the speakers considered the implications for businesses, and the practical steps that can be taken to mitigate the risks.

HERBERT SMITH FREEHILLS

Julian Copeman Partner, dispute resolution

Kate Macmillan Consultant, intellectual property

Andrew Moir Partner, intellectual property and global head of cyber & data security

HERBERT SMITH FREEHILLS

DATA CLASS ACTIONS

15

There has been a blizzard of new laws and regulations relating to data, and there are significant differences in approach in different parts of the world including for example emerging divergence between the UK and Europe.

Against that background, and as part of a recent trend toward growth in class actions generally, driven in part by claimant law firms and litigation funders, data class actions have been a growing phenomenon.

An opt-out procedure?

There has recently been a lot of focus on whether it is possible to bring data class actions on an "opt-out" basis using the representative action procedure under CPR 19.6, which requires all those represented to have the "same interest" in the claim.

The question is significant because, where claimants are required to take steps to opt in to an action, participation tends to be quite low as for example in the Morrisons case where only about 10% of the potential class took part in the proceedings.

In its high profile decision in Lloyd v Google, the Court of Appeal held that a claim under the Data Protection Act 1998 (DPA) on behalf of some 4 million iPhone users, relating to the defendant's alleged secret tracking of their internet activity, could be brought as a representative action.

To seek to meet the "same interest" requirement, the claimant sought damages on a uniform "tariff" basis to compensate the represented class simply for their loss of control of data ignoring any factors which might differentiate them and might mean some of them had larger damages claims.

The Supreme Court overturned the decision, finding that a claim cannot be brought under the DPA simply for the unlawful processing of data. There must be proof of damage in the form of either material damage (such as financial loss) or mental distress. Therefore, the court needs to consider individual cases: how were people affected, for how long, in relation to what sort of data? That means the "same interest" requirement cannot be satisfied.

The Supreme Court's decision in Lloyd v Google suggests that a "bifurcated process" could be used to bring data and other class actions on a (partly) opt-out basis

The Supreme Court decision does not, however, close the door on bringing such claims as representative actions. Firstly, the decision considers the position only under the DPA, and not under the GDPR (as retained in UK law), and there are questions to be raised about whether that might be different. And secondly, and perhaps more significantly, the Supreme Court put forward another way in which such claims might be pursued using the representative action procedure.

The Supreme Court decision suggests that there could be a "bifurcated process" in which the representative action procedure is used to determine common issues (such as whether there has been an actionable breach), leaving damages to be dealt with in individual claims or groups of claims thereafter.

The question will be whether litigation funders might be able to make such claims work from a financial perspective. We know the funders are looking at this, and we will have to see how that develops.

Data class actions following a cyber breach

Although Lloyd v Google did not involve a cyber-related data breach, a lot of the class actions that are progressing at the moment follow on from such breaches.

As part of responding to a cyber incident, it is necessary to conduct a risk assessment as to how data subjects may be affected, for example whether it is only email addresses that have been compromised or whether it is more sensitive data such as banking details. If the risk to data subjects is high, they will need to be notified about the incident, and what needs to be included in any notification will need to be considered.

We may start to see pre-action or early disclosure applications to try to get this information out of prospective defendants, to assess the viability of the claim, both in terms of the numbers of people affected and how seriously, but also whether any initial trial as to liability (as part of the bifurcated process envisaged by the Supreme Court) might be successful and hence viable from a costs perspective.

In a cyber context, a key issue in the liability trial will be whether the defendants had "appropriate technical and organisational measures" in place prior to the incident. This is not a standard of perfection; the measures have to ensure a level of security appropriate to the risk and take into account the state of the art in cyber and data security. Also relevant will be how well the defendants responded to the incident, and whether they followed best practice to reduce the claimants' risks and prospective losses.

16 DATA CLASS ACTIONS

Data class actions

HERBERT SMITH FREEHILLS

If liability is established, we would expect to see claimant law firms building opt-in groups of claimants based on the type of loss suffered, advertising the successful liability finding as a means of increasing uptake.

Dealing with data class actions will often require a cross disciplinary and in some cases multi-national approach

Misuse of private information

In addition to data protection statutes, such as the DPA and (UK) GDPR, claimants in data class actions may seek to rely on the common law tort of misuse of private information. There are significant differences in the way the statutory and common law regimes work, as illustrated in part by the Supreme Court's decision in Lloyd v Google (though the court's comments about misuse of private information were obiter dicta).

In contrast to a claim under the DPA, in a claim for misuse of private information, general damages can be awarded for the commission of the wrong itself as well as to compensate for distress, hurt feelings and loss of dignity.

Because damages may be awarded on the basis that the defendant's conduct prevented the claimant from exercising their right to control the use of their information, the Supreme Court pointed out that a claim for misuse of private information would naturally lend itself to an award of user damages, based on a hypothetical fee to allow the relevant use of the information.

The wider landscape

As well as the claims considered above, we could start to see data class actions being brought which springboard off of regulatory findings or other legislative breaches.

For example there may be regulatory action by Ofcom for breach of legislation resulting from the new Product Security and Telecommunications Infrastructure (PSTI) Bill, which will impose obligations on manufacturers, importers and distributors to ensure that consumer "Internet of Things" devices (eg smart TVs and internet cameras) comply with minimum security requirements.

Another example is the Network and Information Security Regulations, which are principally directed to operators of essential services such as critical national infrastructure but the regulations also talk extensively about the security and confidentiality of data. Responsibility for enforcement is devolved to different regulators for different sectors, such as BEIS for energy.

With cyber incidents involving financial services firms the FCA will be involved in investigating any incident, including where there is a data breach.

All of these examples raise the prospect of enforcement action or other findings being made by a variety of different regulators, any of which could be used to form the basis for a data related class action. And since data issues often transcend jurisdictional boundaries, regulators in other countries may also be relevant.

This suggests that the representative action procedure may be suitable for misuse of private information claims seeking compensation for loss of control of personal information, without the need for a bifurcated process.

In order to establish a claim for misuse of private information, however, a claimant must establish both: (i) a reasonable expectation of privacy; and (ii) misuse, which requires a positive interference by the defendant. Such a claim is therefore unlikely to be available in cases following cyber and data security incidents, where very often there will be no positive action on the part of the business.

HERBERT SMPITAHNFERLE5E: IHNIFLLRSASTRUCTURE AND SMART CITIES

Transnational torts and parent company liability

The English court has seen numerous mass tort claims brought by large groups of claimants against UK companies, often in the energy or extractive industries, relating to the activities of their subsidiaries overseas, and the Supreme Court has dismissed jurisdiction challenges in a number of these claims.

This session looked at the risks for businesses arising from these types of action, and how the theory of tortious liability involved may transposed to impose liability on UK companies in other contexts.

SECTION TITLE

17

"I think [National Grid] have some reasonably sensible concerns about whether or not the existing network will be suNfefilicBileaknet to support a large influx of autoPnaortmnero, duisspauntedreesoleluctitornic vehicles"

ABBIE POKORNY, HERBERT SMITH FREEHILLS

18 TRANSNATIONAL TORTS AND PARENT COMPANY LIABILITY

Transnational torts and parent company liability

HERBERT SMITH FREEHILLS

"Transnational tort" refers to a claim brought in the English courts, against an English domiciled parent or holding company and its overseas subsidiary, in respect of alleged wrongdoing in the country of that subsidiary's operations.

A number of these cases have been brought in the English courts alleging that the parent company owes a common law duty of care, or its foreign law equivalent under relevant statute, to those affected by the acts or omissions of the subsidiary overseas.

The English courts are attractive for such claims in part due to a number of claimant law firms actively pursuing these claims, and in part due to jurisdictional rules which have made it relatively easy to bring such claims in the English courts.

A duty of care?

The key question for corporates is: when will a parent company owe a duty of care to third parties in respect of the acts or omissions of its subsidiary? There have been two leading Supreme Court decisions on how the courts will approach this question at the jurisdictional stage: Lungowe v Vedanta and Okpabi v Shell, both of which were concerned with alleged environmental damage (in Zambia and Nigeria respectively).

Recent Supreme Court decisions make it difficult for defendants to transnational tort claims to argue at the jurisdictional stage that there is no duty of care, since the court will not conduct a mini-trial of the issue

Because they were jurisdictional challenges, the court considered whether the alleged duty was arguable, rather than whether it existed. But the decisions are nonetheless significant, making it clear that there will not be a mini-trial on the merits at the jurisdictional stage, and therefore it will be difficult for defendants to challenge jurisdiction on the basis that no duty is owed.

Whether and when such a duty will arise in a corporate context will depend on the facts, including the day-to-day interactions of the parent company and subsidiary, including such factors as:

i. Has the parent taken over the management or joint management of the relevant activity of the subsidiary?

ii. Has the parent provided defective advice or promulgated defective group-wide safety/ environmental policies which were implemented by the subsidiary as a matter of course?

iii.Has the parent promulgated group-wide policies and taken active steps to ensure their implementation within the subsidiary?

iv. Has the parent held itself out in its corporate literature as exercising a particular degree of supervision and control over its subsidiary in respect of relevant matters?

This is not a definitive list, but it identifies important points for corporates to consider.

Managing the risks

Businesses looking to manage the risks that come out of this line of authority should carefully consider their policymaking processes and implementation. What policies are being made? Where are they being made in the group? How are they being implemented?

There should be a focus on proper corporate governance arrangements and making sure corporate personalities are respected, rather than having policy enforced throughout a group merely by virtue of its appearance on the corporate website, or an edict from the parent company.

Businesses should also think carefully about their corporate literature and how they report on the ESG matters that are generally the subject of these claims.

Businesses looking to manage the risk of such claims should carefully consider how their policies are made and implemented

HERBERT SMITH FREEHILLS

TRANSNATIONAL TORTS AND PARENT COMPANY LIABILITY

19

Where we are going from here

This is quite a fast moving area of tort law, and there are two areas that are particularly worth watching:

Firstly, whether a business can be liable for the acts or omissions of parties in its supply chain, even when there is no direct contractual nexus between them. This principle is currently being tested in the courts against certain tobacco companies, where it is said that their supply chain contained child and/or forced labour.

Secondly, whether a business can be liable for disposing of corporate assets which may be said to give rise to dangers to third parties. A case before the Court of Appeal last year found that a seller of a tanker owed an arguable duty of care to the widow of a man killed in breaking up that tanker in a Bangladeshi shipyard, where the seller knew it was likely to end up being broken up in unsafe conditions. The court said that it was foreseeable, given the circumstances of the disposal, that harm could be caused to third parties and it was arguable that this gave rise to a duty to mitigate the danger.

In terms of future jurisdiction challenges, in light of the Vedanta and Shell judgments it seems likely that defendants will focus more on arguments as to whether England is the appropriate forum for a dispute, rather than whether there is an arguable duty of care.

Brexit has meant that EU rules on jurisdiction no longer apply to the English courts, and so for cases started since the end of the Brexit transition period (at the end of 2020) the court has a discretion to stay an action where it considers that another forum is more appropriate (and the parties can obtain substantial justice in that forum). That was not previous the case, since under the EU regime the English court was obliged to hear claims against English-domiciled defendants regardless of whether there was a more appropriate forum elsewhere.

This will, however, have to be balanced against the willingness of the parent company to submit to the jurisdiction of the courts where the subsidiary is based, which may also bring risks depending on the jurisdiction in question.

20 SECTION TITLE

HCEORBNECRLTUSMIOITNH FREEHILLS

How to manage litigation risks arising from recent procedural reforms

The past few years have seen major changes to two of the most important stages in any English litigation, with the introduction of the disclosure pilot and the new practice direction on trial witness statements in the Business and Property Courts.

In this session the speakers considered the extent to which these have changed the litigation landscape, and looked at practical tips for commercial parties dealing with the new procedures.

Sarah McNally Partner, dispute resolution

Chris Bushell Partner, dispute resolution

Ajay Malhotra Senior associate, dispute resolution

HERBERT SMITH FREEHILLS

HOW TO MANAGE LITIGATION RISKS ARISING FROM RECENT PROCEDURAL REFORMS

21

Disclosure and witness evidence are two of the most important and most costly aspects of any piece of major commercial litigation in the English courts.

More than 60% of respondents to our audience poll believe the disclosure pilot has increased costs

In recent years the courts have sought to reform both aspects with a view to either improving quality or saving costs or both with the aim for the disclosure reforms being more about saving costs (without a dramatic impact on quality), and the aim for witness evidence being more about improving quality (without a dramatic impact on costs).

Disclosure

There has been a compulsory disclosure pilot running in the Business and Property Courts since the beginning of 2019, under Practice Direction 51U. It was originally set to run for two years, but has been extended twice and is now due to finish at the end of 2022, at which point it may well be made permanent.

The pilot introduced a new list of issues for disclosure, to be agreed between the parties, with the aim of focusing disclosure on the issues where it is really needed. It also introduced five disclosure "models" which are matched to particular disclosure issues. The most important of these is "model D" which is essentially the equivalent of old-style standard disclosure, with each party conducting a reasonable search for documents which support or adversely affect any party's case.

Another feature of the pilot is that parties cannot escape having to disclose a "smoking gun" just because disclosure is ordered on a narrow basis for particular issues. There is an over-arching requirement to disclose "known adverse documents" regardless of the basis on which disclosure is ordered.

What effect do you think the disclosure pilot has had on the costs of English litigation?

23% Increased costs substantially

38% Increased costs to some extent

23% Made no real difference

15% Reduced costs to some extent

In our experience, the disclosure pilot has led to a significant frontloading of both effort and cost when it comes to disclosure, particularly in agreeing issues for disclosure and matching them to appropriate disclosure models. It can also lead to disputes, and potentially costly satellite litigation, where the parties cannot agree on these matters. But at the same time, there is the potential for real benefits if the pilot process is handled well.

The pilot processes mean that parties have to get to grips with the case at a very early stage, in order to consider how issues should be defined, with what granularity, and what sort of disclosure they should be offering to provide, or seeking from the opponent, on each issue.

Once the disclosure order is made and the document review is conducted, the process becomes a much more detailed one of considering how the documents relate to the particular issues identified rather than a more high level exercise, as you might have seen pre-pilot, of tagging to "relevant" or "not relevant".

The result should be that, by the end of the disclosure stage, there is a much better grasp than there would have been of the key documents affecting particular issues in the case which overall should allow for more efficient and effective case preparation.

The obligation to disclose known adverse documents is something that needs to be considered as well. For corporate clients, the relevant knowledge for these purposes is that of any person with accountability or responsibility for the events or circumstances which are the subject of the case, or for the conduct of the proceedings.

There is also an obligation to check the position with any person who used to have such accountability or responsibility but has since left the organisation. In practice, this is unlikely to cause difficulties since, if there are such individuals, they are likely to be sufficiently important to the case that you would expect to be getting in touch with them anyway.

0% Reduced costs substantially

22 HOW TO MANAGE LITIGATION RISKS ARISING FROM RECENT PROCEDURAL REFORMS

How to manage litigation risks arising from recent procedural reforms

HERBERT SMITH FREEHILLS

One issue that we are seeing come up increasingly on disclosure though it is not specific to the pilot is the question of how businesses should deal with documents on employees' personal devices, either because of a "bring your own device" policy or because employees have been creating relevant documents (eg WhatsApp messages) on their personal mobiles or laptops.

Aspects that confirm best practice include: that witness interviews should be conducted using open questions, and leading questions should be avoided, particularly on important contentious matters; and that a witness statement should set out the witness's own recollection of events and not merely a narrative based on the documents, or arguing the case from the documents.

Those documents are likely to be in the employer's control for disclosure purposes if the employment relationship is governed by English law, though the position may well be different if the relationship is governed by some other law. This can cause difficulties if the employer can't get hold of the documents easily, without an application for delivery up particularly if the employee has left the company.

Businesses should be thinking about this in advance, and making it clear to employees what they need to do and making sure the process for transferring documents to the employer's systems is as seamless as possible.

Witness statements

New requirements apply to trial witness statements signed since 1 April this year in the Business and Property Courts, under Practice Direction 57AC. The impetus for the reforms was a concern on the part of judges that witness statements were often "over-long" and "over-lawyered".

Some aspects of the Practice Direction are novel, while others really confirm existing best practice. The main aspects that are new are:

The statement has to include a list of the documents the witness has referred to or been referred to for the purpose of providing the evidence set out in the statement.

It has to state, for important disputed matters of fact, how well the witness recalls those matters and whether that recollection has been refreshed by reference to documents and, if so, say how and when that happened, and identify the documents.

Both the witness and the legal representative have to confirm, or certify, essentially that the requirements for the preparation of witness statements have been explained to the witness and the witness understands them, and that the statement complies with those requirements.

What impact do you think the new requirements for witness statements will have?

Improve quality of witness evidence 7% substantially

Improve quality of witness evidence to 57% some extent

36% Make no real difference

Reduce quality of witness evidence to 0% some extent

Reduce quality of witness evidence 0% substantially

Two thirds of respondents to our audience poll think the new requirements for witness statements will improve the quality of witness evidence

The reforms give rise to some challenges, particularly where a witness has to be involved in other aspects of the case perhaps to give instructions in relation to the statements of case, or because there is a related investigation or inquiry, or parallel proceedings in other jurisdictions. In these circumstances, it may be difficult to capture the witness's "untutored" recollection, as you would in an ideal world.

There are ways to manage these challenges, such as considering taking an early proof of evidence, or trying to make sure witnesses don't search through their emails or documents at least without keeping a record of what they have seen and when. But one hopes that judges will be sympathetic to the fact that a witness doesn't exist in a vacuum, and may have to have other involvement in matters relating to the case.

HERBERT SMITH FREEHILLS

HOW TO MANAGE LITIGATION RISKS ARISING FROM RECENT PROCEDURAL REFORMS

23

In any case, it is often a difficult balance as to how much to try to test the witness's "cold" recollection, before showing them documents. In some cases, the witness may remember nothing at all without having seen some documents, or may feel like you're trying to "catch them out" if you start quizzing them with open questions and no documents. The key is to make sure the witness understands the process being adopted, and why.

There is also some debate as to how widely the requirement to list documents the witness has seen actually extends, particularly where the witness has had other involvement in the matter. The requirement may arguably be interpreted very narrowly, as encompassing only those documents reviewed specifically for the proofing session.

But that may be a dangerous stance to take, particularly if the witness has seen other documents soon before the session for example to give instructions in relation to the defence. It may be quite artificial to exclude these, though of course there must be limits. The obvious risk in taking too narrow a view is that it may come out in cross-examination that the witness has seen other documents, which are not listed, and this may reflect badly on the witness's credibility.

Thought also needs to be given to how the judge will get "the story" from the documents, since it can no longer be set out in the witness statements. So far our experience is that there is likely to be greater use of agreed factual narratives to tell the background story and assist the judge's reading in in addition to a more detailed chronology based on the documents. But practice is still developing on this and different judges may have different views as to what is helpful.

24 CONTACTS

Contacts

Damien Byrne Hill Managing Partner, Dispute Resolution T+44 20 7466 2144 [email protected]

James Baily Partner, Dispute Resolution T+44 20 7466 2122 [email protected]

Ben Rubinstein Partner, Dispute Resolution T+1 917 542 7818 [email protected] com

Silke Goldberg Partner, Global Head of ESG and Climate Change T+44 20 7466 2612 [email protected]

Jannis Bille Associate, Global Energy Group T+44 20 7466 6314 [email protected]

Gregg Rowan Partner, Dispute Resolution T+44 20 7466 2498 [email protected]

Antony Crockett Partner, Global Head of Business and Human Rights T+852 2101 4111 [email protected]

John Whiteoak Partner, Dispute Resolution T+44 20 7466 2010 [email protected]

Natasha Johnson Partner, Dispute Resolution T+44 20 7466 2981 [email protected]

Andrew Cooke Partner, Dispute Resolution T+44 20 7466 7566 [email protected]

Jenny Stainsby Partner, Global Head of Financial Services Regulatory Practice and Regional Head of Disputes for EMEA T+44 20 7466 2995 [email protected]

Hywel Jenkins Partner, Financial Services Regulatory T+44 20 7466 2510 [email protected]

Stephanie Barrett Head of eDiscovery and Legal Technology for UK, US & EMEA T+44 20 7466 2536 [email protected]

Caoimhe Powell Head of disputes, UK, US & EMEA, Alternative Legal Services T+44 28 9025 8235 [email protected]

Kim Dietzel Partner, Competition, Regulation and Trade T+44 20 7466 2387 [email protected]

HERBERT SMITH FREEHILLS

Julian Copeman Partner, Dispute Resolution T+44 20 7466 2168 [email protected]

Kate Macmillan Consultant, Intellectual Property T+44 20 7466 3737 [email protected]

Andrew Moir Partner, Intellectual Property and Global Head of Cyber and Data Security T+44 20 7466 2773 [email protected] Neil Blake Partner, Dispute Resolution T+44 20 7466 2755 [email protected]

Sarah McNally Partner, Dispute Resolution T+44 20 7466 2872 [email protected]

Chris Bushell Partner, Dispute Resolution T+44 20 7466 2187 [email protected]

Ajay Malhotra Senior Associate, Dispute Resolution T+44 20 7466 7605 [email protected]

HERBERT SMITH FREEHILLS

25

For a full list of our global offices visit HERBERTSMITHFREEHILLS.COM

Herbert Smith Freehills LLP 2021 7018A_/V1511221