The Court of Appeal has upheld a decision that, where personal devices belonging to the defendants’ employees and ex-employees potentially contained relevant documents within the defendants’ “control” for the purposes of disclosure, the court had jurisdiction to order the defendants to request the employees and ex-employees to deliver up those devices for inspection by the defendants’ IT consultants: Phones 4U Limited v EE Limited  EWCA Civ 116.
The decision illustrates the breadth of the court’s powers aimed at ensuring that relevant documents within the parties’ control are before the court so as to enable it fairly to decide the issues in dispute. The court cannot order a party to disclose documents that are not within the party’s control, but it can make orders directing how disclosure is to be given, including what searches are to be undertaken to locate documents within the party’s control. That can include requiring a party to make requests of third parties – though the third party cannot be compelled to disclose documents (unless the court exercises its powers to order non-party disclosure).
The court recognised the need to safeguard the privacy rights of the non-parties, but noted that they were not being compelled to deliver up the devices, and the searches were to be carried out by independent IT consultants subject to comprehensive undertakings as to the use of the documents. It was also significant that the case involved allegations of collusive behaviour, and in such cases the individuals involved may sometimes deliberately avoid using their work email or work devices so as to conceal their dealings.
While this decision was reached in a competition case, which fell outside the Disclosure Pilot and was therefore governed by CPR 31, similarly broad powers are likely to apply under the pilot rules at CPR PD 51U.
The Court of Appeal accepted that it would have been open to the claimant to seek disclosure via the alternatives of an application for specific disclosure against the defendants (who would then be required to take steps to obtain the documents from the third parties if they did not provide them voluntarily) or an application for third party disclosure, but commented that it was not necessary for the claimant to navigate that “obstacle course” if there was a simpler way. Those routes would however still be available to the claimant if the non-parties refused to hand over their personal devices voluntarily.
The court said it was not necessary to decide whether the devices themselves fell within the defendants’ control, since the work-related documents on them were within the defendants’ control. However, in the recent decision in Pipia v BGEO Group Ltd  EWHC 86 (Comm), the High Court ordered the defendant to disclose WhatsApp and text messages on a mobile phone belonging to an ex-employee on the grounds that the phone fell within the defendant’s control. In that case, the employment contract expressly authorised the defendant to access “any program or data held on any computer” used by the employee in performing his duties, regardless of whether the program or data was itself related to his duties of employment. The court found that the clause survived termination of employment and the mobile phone was a “computer” for these purposes.
The claim was brought by administrators appointed for Phones4U, who alleged that the defendant mobile network operators had colluded in terminating, or not renewing, their agreements with Phones4U for the supply of connections to retail customers. Phones4U alleged that it went into administration as a result and claimed £1bn in damages.
At a case management conference, Mr Justice Roth made various disclosure orders, including an order that the 2nd to 8th defendants write to certain of their employees and ex-employees (the “Custodians”) requesting that they give IT consultants engaged by the defendants access to their personal mobile phones and emails. This was to enable the IT consultants to search for work-related communications relating to their employer’s business so that they would be passed to the relevant defendant for a disclosure review to be undertaken.
The defendants appealed this order. The issues raised on appeal included:
- Whether the judge had jurisdiction to order a party to request the Custodians voluntarily to produce personal devices and emails stored on them (the “jurisdiction issue”).
- Whether the mechanism directed by the judge involving the IT consultants was appropriate and proportionate (the “proportionality issue”).
The Court of Appeal dismissed the defendants’ appeal. Sir Geoffrey Vos, Master of the Rolls, delivered the judgment of the court.
The jurisdiction issue
The defendants’ primary objection to the judge’s order was that, as the Custodians’ personal devices did not fall within the defendants’ control, they could neither be compelled to deliver their personal devices and emails to the IT consultants nor could the defendants be obliged to ask them to do so voluntarily. They relied on a dictum of Lord Diplock in Lonrho v Shell  WLR 627 to the effect that, even if a third party who holds documents is likely to give consent to disclosure, a party is not required to seek it.
The Court of Appeal disagreed: it left open the question as to whether the Custodians’ devices fell within the defendants’ ”control” for disclosure purposes. This was a “complex question” which did not need to be decided as the parties had already agreed that the work-related emails and messages on the personal devices fell within the defendants’ control. However, the court commented that it was “not immediately obvious” that the definition of “document” for the purposes of a party’s disclosure obligations was intended to include the device itself. It observed that in the modern world many documents are not actually stored on a device at all, but in cloud storage.
While the Court of Appeal accepted that a court cannot make an order for disclosure of documents that are not within a party’s control, it said that CPR 31 is written in broad terms so as to allow the court maximum latitude in ensuring that the relevant documents within a party’s control are placed before the court to enable it to make just decisions on the issues between the parties. It observed that disclosure is ”an essentially pragmatic process”; it “is not a straitjacket intended to create an obstacle course for parties seeking reasonable disclosure of relevant documents within the control of the other party”.
The Court of Appeal held that the judge’s order was within CPR 31.5(8) which allows the court to give directions at any point as to how disclosure is to be given, including “what searches are to be undertaken, of where, for what, in respect of which time periods and by whom and the extent of any search for electronically stored documents”. That was what the judge’s order did.
The court noted that there are no limitations in CPR Part 31.5 (or elsewhere) on who can be asked to participate in the search process. Third parties can only be compelled to do anything by an order under CPR Part 31.17 (which provides for orders for disclosure against non-parties) or another procedure to which they are party, but that does not preclude the court requiring the parties to the litigation to make requests of third parties by way of making a search for relevant disclosure.
The proportionality issue
The defendants submitted that the judge’s order required the highest possible levels of protection of privacy rights of the individuals concerned and the judge’s ruling was inadequate in foisting the entirety of that responsibility on to the IT consultants as the defendants’ agents.
The Court of Appeal acknowledged that the vast majority of the documents on the devices would be highly personal, but noted that it was the Custodians who had chosen to use the devices for business purposes. The court recognised that its task was to balance the efficient administration of justice against the individuals’ rights to privacy by working within the bounds of the CPR to find a solution that was reasonable and proportionate.
It had to be borne in mind that the present case concerned an alleged unlawful agreement, which by its nature was likely to be covert, and might involve individuals deliberately avoiding use of their work email or devices so as to conceal their dealings. The court could not be powerless to ensure that such hidden documents were disclosed to allow the issues to be justly resolved.
The judge could have made an order for specific disclosure against the defendants under CPR 3.12, leaving it to the defendants to try to recover the documents held by the Custodians that were in their control. However, that would likely have led to satellite litigation either through an application for non-party disclosure under CPR 31.17, or in separate proceedings brought against the Custodians. The only way to avoid that was to involve a third party to conduct the search of the devices.
While using a firm of independent solicitors would have been a reasonable alternative solution, the fact that the judge below decided to involve IT consultants did not render his order wrong, disproportionate or unreasonable, particularly as the Custodians’ privacy rights were protected by the comprehensive undertakings that the IT consultants were required to give.
The Court of Appeal therefore dismissed the appeal, concluding that the order made by the court below was appropriate and proportionate. It was pre-eminently a practical application of CPR Part 31.5(8)(a). If the custodians refused the request, as they were fully entitled to do, some other approach – which was likely to be more protracted and expensive – would have to be adopted.