On 1 March 2022, the European Commission (“Commission”) published drafts of the revised Research & Development Block Exemption Regulation (“R&D BER”) and Specialization Block Exemption Regulation (“Specialisation BER”, together the “Horizontal Block Exemption Regulations” or “HBERs”) as well as the accompanying Horizontal Guidelines for stakeholder comments.  The current HBERs are due to expire on 31 December 2022.

The HBERs set out how competitors can work together on projects and enter into horizontal agreements without breaching collusion-related prohibitions.  During the Commission’s evaluation of the current HBER rules and horizontal guidelines, the Commission identified a number of areas for improvement, including the need to update the rules in line with the Commission’s policies on digitalization and sustainability (see our previous blog post here).

Three things for you to know about the recent amendments to the HBERs:

  1. There is a strong focus on sustainability, and how sustainability agreements may comply with EU competition law, which provides greater scope for companies to enter into sustainability agreements (which is detailed in this blog post).
  2. Data sharing and information exchange is at the forefront of the HBER update, with additional guidance on identifying and sharing commercially sensitive information and the use of algorithms.
  3. The competition rules for research and development agreements and specialisation agreements have been explained and clarified, including new definitions of key competition terms (e.g., active and passive sales, unilateral specialisation agreements).

Sustainability agreements.  The Commission has dedicated a separate chapter in the revised horizontal guidelines to analyze the conformity of sustainability agreements with EU competition law, thus underlining the increasing importance such agreements can play in achieving the European Green Deal objectives.  It is worth noting that the analysis of “agreements between competitors that pursue one or more sustainability objectives” would be assessed each time in line with the relevant chapter of Horizontal Guidelines specifically dealing with the type of cooperation concerned (e.g., information exchange, joint production etc.) – i.e., the Commission has not created a separate methodology for examining sustainability agreements.

  • Scope. While the draft guidelines make clear that sustainability-related agreements would generally fall within the scope of Article 101 TFEU (dismissing proposals from national authorities  that were calling for a wholesale exemption), they confirm that “agreements that do not affect parameters of competition, such as price, quantity, quality, choice or innovation, are not capable of raising competition law concerns”.  For example, (i) agreements that concern internal corporate conduct; (ii) industry-wide awareness campaigns; and (iii) agreements to create databases containing information about sustainable suppliers or distributors would not be infringing the competition rules.
  • A “soft” safe harbor – sustainability standardization agreements. The draft guidelines envisage certain standard-setting sustainability agreements, such as agreements to phase out non-sustainable products or harmonizing packaging sizes and product content to reduce waste fall.  Even though sustainability standards have distinct features compared to traditional technical standards (g., they would not require interoperability or describe in detail a method to achieve a goal)the draft guidelines draw parallels to previous practice to create a “safe harbor” for sustainability standard-setting agreements meeting certain conditions, involving transparency, openness, non-discrimination, effective compliance monitoring, and voluntary participation.
  • Article 101(3) TFEU exemptions. The guidelines confirm the Commission’s historically strict interpretation of Article 101(3) TFEU, which stipulates that agreements which prima facie restrict competition can benefit from an exemption if (i) restrictions are indispensable to the agreements’ benefits and (ii) consumers get a fair share of the resulting benefits.  The interpretation by the guidelines of the notions of “consumers” and “fair share of benefits” seems to reflect a compromise between traditional competition law and ambitious sustainability policy objectives.

To avoid potential “greenwashing” (an issue that has already been spotted in the green bond market), the guidelines seek to narrow down the scope of “consumers” as beneficiaries, providing that sustainability agreements should lead to a direct or indirect benefit to consumers paying for the goods or services, rather than the broader general public.  On the other hand, “fair share of benefits” is constituted of three cumulative criteria:

    • Individual use value benefits, reflecting traditional efficiency considerations which seek to quantify direct benefits related to the intrinsic characteristics of a product, e.g., improved quality or price decrease.
    • Individual non-use value benefits (indirect qualitative benefits), which attempt to capture the “feel-good” effect of a product.  In this case, parties seeking a 101(3) TFEU exemption would rely heavily on feedback from consumers (e.g., through consumer surveys) indicating that consumers would be willing to pay a “sustainability premium” for the products’ beneficial impact on others or the environment.
    • Collective benefits, focusing on positive externalities to society instead of looking at an agreement through the individual consumer’s perspective. Even while acknowledging the existence of “collective benefits” (e.g., contribution to climate change mitigation or the reduction of large scale pollution), para. 603 of the Guidelines provides that only “where consumers in the relevant market substantially overlap with, or are part of the beneficiaries outside the relevant market”, can the collective benefits be taken into account, thus potentially “weakening” the breadth of this prong.  Also, the apportioning of benefits to consumers of the relevant market will probably require a challenging quantification exercise.

The German approach.  Germany’s Federal Cartel Office (“FCO”) has been an active national regulator in the field of sustainability.  It has provided guidance for the implementation of sustainability initiatives in the food retail industry and has also recently examined agreements in the banana and milk sectors.  In particular, the FCO recently reviewed two similar sustainability initiatives within the milk sector.  Both initiatives were based on a proposed scheme of surcharges that ultimately led to price increases for consumers, but the objectives of the initiatives differed.  The first initiative did not include clear sustainability elements and only related to the fact that low milk prices cannot cover the cost of production for farmers – this “economic” rationale was rejected by the FCO.  The second initiative related to compliance with animal welfare and sustainability criteria, providing for a uniform “sustainability” labelling of products – it was approved by the FCO.  The FCO’s different views and outcomes on these initiatives could inform the practical enforcement of the horizontal guidelines in the field of sustainability, by identifying the agreements that “genuinely address sustainability objectives”, even if there may be an effect on price.

The HBERs and accompanying Horizontal Guidelines were open for public consultation until 26 April 2022.  Following the public consultation period, the European Commission may make further changes to the HBERs and Horizontal Guidelines to address stakeholder feedback.  The new rules would then come into effect by 1 January 2023.

The UK is not alone in feeling the effects of the Russia-Ukraine crisis which compounded an already tight energy market, in which the post-Covid economic recovery caused demand to outstrip supply. But the UK does appear to have been perhaps more heavily affected by this combination of factors, which has led to a steep rise in energy costs. With an average UK family’s energy bill increasing by 54% so far this year and inflation nudging the double-digit mark, the ONS declared earlier this month that the squeeze on living standards was the worst since the 1950s.

The EU has belatedly realized the dangers of its over-reliance on Russian hydrocarbons and is urgently seeking to source gas and oil supply elsewhere. In the short to medium term, this will force global gas prices higher as the EU competes on global gas markets for a constrained resource. In the longer term, countries view the war in Ukraine as a clear indication that reliable, clean, domestically-produced renewable energy bolsters national security by removing dependence on volatile international hydrocarbon markets. The PM’s comments in the foreword – “We need a power supply that’s made in Britain, for Britain” – underline how that sentiment also applies in the UK, whilst at the same time hint, perhaps worryingly, at a less globalized future energy market.

It is against this backdrop that on 7 April, almost unnoticed, the UK Government published its long-awaited Energy Security Strategy (ESS). The ESS was supplemented by the announcement in this week’s Queen Speech of the proposal for an Energy Security Bill, building on last year’s COP26 Summit in Glasgow and designed to deliver the transition to cheaper, cleaner, and more secure energy in the UK.

UK Energy Security Strategy

Immediate Support on Energy Bills

The ESS sets out a new Energy Bills Support Scheme that will see a £200 reduction in energy bills from October 2022, to be offset against a Government levy on domestic energy bills over 5 years from FY23. To mitigate the high cost of industrial electricity, the Government will extend the Energy Intensive Industries Compensation Scheme for a further three years, and increase the intensity of the aid to up to 100 per cent, representing 1.5 per cent of Gross Value Added. It will also consider increasing the renewable obligation exemption to 100 per cent. These measures will enable businesses to apply for greater relief for part of their electricity costs. The Government has since announced that the total level of compensation under the Scheme will increase from roughly £130 million to up to £280 million.

Energy Efficiency

Building on existing efforts to promote the energy efficiency of UK homes, the Government will make the installation of energy-saving materials zero-rated for VAT purposes for the next five years. A new £450 million Boiler Upgrade Scheme will facilitate the uptake of heat pumps, alongside a Heat Pump Investment Accelerator Competition being run in 2022, worth up to £30 million. Later this year, the Government will aim to publish proposals incentivising electrification, which aims to ensure that heat pumps are comparatively cheap to run. The Government will increase innovation funding for the development and piloting of new green finance products for consumers from £10 million to £20 million. Early 2023 will see a formal consultation on new minimum standards and labelling requirements for a range of energy-using products.

Oil and Gas

The ESS sets out the Government’s vision for the North Sea, noting that in order to reduce reliance on imported fossil fuels, the UK must fully utilise North Sea reserves; use empty caverns for CO2 storage; and encourage the use of hydrogen as a natural gas alternative, alongside using North Sea offshore expertise to support the offshore wind sector. The ESS argues that there is no contradiction between the UK’s net zero commitment and its commitment to a strong and evolving North Sea industry, but rather that one depends on the other. Continue Reading The UK’s New Energy Security Strategy

On 28 April 2022, the Subsidy Control Bill (the “Bill”) received Royal Assent, becoming the Subsidy Control Act 2022 (the “Act”).  The Act lays the basic framework for the new UK-wide subsidy control regime, which is now expected to come into force in Autumn 2022.  Although the Act primarily addresses UK public authorities and their legal obligations relating to the awarding of domestic subsidies, the new regime will be of particular interest to companies wishing to benefit from the more flexible post-Brexit subsidy regime moving forward.

The three most important things for you to know about the Subsidy Control Act:

  • public authorities will need to self-assess a proposed subsidy or subsidy scheme for compliance against the subsidy control principles. This self-assessment must take place prior to award.  Interested parties can apply to the Competition Appeal Tribunal (“CAT”) to challenge any subsidy award on judicial review grounds;
  • the Government has issued guidance on categories of subsidies that will be eligible for swifter, streamlined assessment routes or those that require a more thorough assessment; and
  • many of the principles and basic tenets of the new UK regime align with the EU State aid rules. However, there are notable procedural differences mainly because there is no need for pre-approval from a central enforcement authority.

Key aspects – self-assessment, no need for pre-authorisation

The regime is a decentralised framework granting public authorities the right to self-assess their proposed subsidy or subsidy scheme’s compliance with a set of “subsidy control principles”. These principles are largely derived from the EU-UK Trade and Cooperation Agreement (“TCA”)  and in-line with basic EU State aid principles. Certain types of subsidies are prohibited (e.g. unlimited debt guarantees, export performance subsidies) or subject to conditions (e.g. rescuing or restructuring subsidies, services of public economic interest), while others are excluded outright or exempt from the regime’s more stringent requirements (e.g. subsidies that respond to natural disasters or exceptional circumstances, de minimis assistance).

Public authorities must self-assess compliance of the subsidies against the subsidy control principles prior to award.  Although no pre-authorization is required, the new Subsidy Advice Unit (“SAU”) established within the Competition and Markets Authority (“CMA”) will retain an oversight and advisory role.  Public authorities can seek voluntary non-binding guidance from the SAU for certain types of subsidies or must do so for certain others (see “Guidance, policy statements, and consultation” section below). The Government can also issue a “call-in direction”, i.e. require the public authority to refer a subsidy to the SAU for a non-binding review, pre- or post-award.

Any interested party will be able to challenge a public authority’s subsidy award by applying to the Competition Appeal Tribunal (“CAT”) within a short (often 30-day) window from publication of the award on the central subsidy database.  The CAT will consider the case on judicial review principles, meaning the award can only be overturned on illegality, procedural unfairness or irrationality – e.g. if the process involved in making the decision was improper, or the correct procedures were not followed.  The CAT will have in its arsenal the right to grant relief (including recovery).

Guidance, policy statements and consultation on the upcoming regime

In recent months, the Government has been giving glimpses of what to expect, issuing “illustrative guidance” on how public authorities should comply with the subsidy control principles and policy statements on “Streamlined Routes” and “Subsidies or Schemes of (Particular) Interest”, as well as launching a consultation on draft regulations for establishing the latter.

Streamlined Routes (“SRs”) are voluntary, swifter routes for public authorities to demonstrate compliance with the subsidy control principles for subsidies that are at low risk of causing market distortions.  SRs will be established by the UK Government and laid before Parliament, for subsidies relating to certain activities, e.g. Research, Development & Innovation.  Subsidies that are assessed via the SR will not need to be referred to the SAU nor be subject to the Government’s call-in powers.

Subsidies or Schemes of Interest or Particular Interest (“SSoI” and “SSoPI”) attract greater scrutiny by virtue of their value, sector, or design features. Authorities will be able to voluntarily request the SAU to review SSoIs for compliance, whereas SAU referral will be mandatory for SSoPIs.

Main differences to EU State aid – Enforcement of subsidy control principles

Although many aspects of the forthcoming UK regime borrow from the EU State aid framework, the two systems have significant procedural differences.

  • First, there is no pre-authorization requirement as there is under EU State aid rules. This reflects the UK Government’s post-Brexit vision of introducing a “more agile and more flexible”, “less bureaucratic” subsidy control regime.  It is uncertain whether the self-assessment model will necessarily result in more timely and/or better outcomes than the more centralised EU model.
  • Second, although the SAU provides a means to review the lawfulness of any subsidy, there is no requirement to seek SAU guidance and it is, in any event, non-binding. This arguably increases the pressure on interested parties to monitor closely any subsidy granted and, where there is an appropriate level of concern as to the compliance of any such subsidy with the Act, to issue a judicial review challenge to the CAT as soon as practicable following grant of the subsidy.  It remains to be seen whether such reliance on judicial reviews as the sole enforcement mechanism will be sufficient to ensure compliance, especially in light of the short challenge window.

Background to the Subsidy Control Act

The content of the Act has not seen significant changes on its way through Parliament (read our blog highlighting the content of the draft Bill here), though most notably, the threshold for application of the transparency requirements has been lowered and deadline shortened. The Government will be introducing further secondary legislation to provide more flesh to the bones of the framework, but the passing of the Act is a long-anticipated crucial first step towards establishing a statutory system that builds on the current patchwork regime based on World Trade Organisation (“WTO”), Free Trade Agreement (“FTA”), and EU-UK TCA commitments.

 

On 4 May 2022,  the European Parliament (the “Parliament”) adopted its position on the proposal of the European Commission (the “Commission”) for a Regulation on foreign subsidies distorting the internal market (the “Foreign Subsidies Regulation”) (see our alert on the proposal). It confirms the Commission’s powers to investigate and remedy the potential negative effects of foreign subsidies. It further approves a number of amendments adopted by the committee on international trade “to make the tool more effective and improve legal certainty”, according to the Committee’s press release.

The five most important things for you to know about the recent amendments to the Foreign Subsidies Regulation:

  • The possibility for the Commission to consider an equivalence for a third country regime.
  • The thresholds above which companies are obliged to inform the Commission about their foreign subsidies have been reduced, extending the scope of the new rules to a larger number of acquisitions, mergers and public procurements.
  • The period in which the Commission has to investigate foreign subsidies in large public procurements is reduced.
  • The list of remedies to distortive foreign subsidies is further expanded and made open.
  • Some concepts are clarified or made more explicit and their application, made subject to further guidance by Commission.

Equivalence consideration for third countries’ subsidies regimes 

The Commission may consider in its assessment of a distortion the existence of an equivalent subsidy control mechanism in the third country. Such equivalence would make subsidies granted by the third country less likely to distort the internal market.

Reduction of thresholds

The Parliament reduced from 5 to EUR 4 million the level of “de minimis” foreign subsidies that are considered unlikely to distort the internal market and therefore escape the Commission’s scrutiny.

With its amendments, the Parliament  further intends to extend the Commission’s power to scrutinize foreign subsidies granted to companies involved in EU transactions, by equally lowering the thresholds above which a foreign subsidy must be notified to the Commission for review. The thresholds are lowered from EUR 500 million turnover of the EU target to EUR 400 million for notifiable concentrations and from EUR 250 million contract value to EUR 200 million for notifiable public procurements.

Reduced time limits

Following concerns expressed that the Commission’s proposal involves a lot of red tape, the Parliament reduced the deadlines for investigating the subsidy. The time limit to complete a preliminary review of a foreign subsidy in a notified public procurement is reduced from 60 to 40 days from the notification, and the indicative time limit to close an in-depth investigation has been lowered from 200 to 120 days from the notification.

The initial 10 years review time limit of foreign subsidies has also been reduced. Under the amended text, only foreign subsidies distorting the internal market granted seven years prior to the date of application of the Regulation may be investigated.

Remedies

The Parliament further makes the list of remedies that can be imposed by the Commission or proposed by the foreign subsidy recipient, open-ended. Remedies may also consist of subjecting future public procurements to Commission scrutiny for a certain period of time (even for contracts with values below the notification thresholds) or adapting the governance structure of the foreign subsidy recipient.

Additional clarifications

Within 24 months from the entry into force of the Regulation, the Commission will have to provide guidelines on the criteria for opening an investigation on its own motion, on the assessment of distortions on the internal market and on the test to balance the market-distorting effects of foreign subsidies against their potential wider benefits.

In this latter respect, the Parliament specifies now that only the positive effects on the internal market may be taken into account. Some terms are further clarified or made more explicit in the articles of the Foreign Subsidies Regulation. That is the case for instance of “financial contributions” amounting to a foreign subsidy that covers now also explicitly tax exemptions or transfer pricing.

Next steps

As we anticipated when the Commission issued its proposal, the regime has not been materially modified. The Foreign Subsidies Regulation is endorsed and the amendments of the Parliament are relatively limited compared to some more radical proposals submitted during the legislative process.

The Council of the EU has also adopted its position on 4 May. With these positions adopted, the inter-institutional talks (“trilogue”) between the European institutions will start and with it, the final stage of the adoption process.

 

 

The Connecticut legislature passed Connecticut SB 6 on April 28, 2022.  If signed by the governor, the bill would take effect on July 1, 2023, though the task force created by the bill will be required to begin work sooner.

The bill closely resembles the Colorado Privacy Act, with a few notable additions.  Like the Colorado Privacy Act, the bill adopts “controller” and “processor” terminology, provides consumers with rights to access, correct, delete, obtain a copy, and opt-out of certain types of processing of their personal data, and requires consent for certain activities.

Scope of the Bill’s Requirements

The bill’s requirements would apply to persons conducting business in Connecticut or persons that produce products or services that are targeted to residents of Connecticut that meet certain thresholds:

  1. Controlled or processed the personal data of not less than 100,000 consumers, excluding personal data controlled or processed solely for the purpose of completing a payment transaction, or
  2. Controlled or processed the personal data of not less than 25,000 consumers and derived more than 25% of their gross revenue from the sale of personal data.

The bill explicitly exempts nonprofit organizations, institutions of higher education, financial institutions or data subject to the GLBA, or HIPAA covered entities or business associates.  The bill also exempts business-to-business and employee data from the definition of “consumer.”

Consumer Rights

The bill would provide consumers with the ability to (1) confirm whether or not a controller is processing personal data, (2) access their personal data in a portable format, (3) correct inaccuracies in their personal data, (3) delete personal data “provided by, or obtained about,” them, and (4) obtain a copy of the consumer’s personal data processed by the controller in a portable format.  Controllers must also establish a process for consumers to appeal a denial of their rights request.  However, the bill includes some exceptions to these consumer rights, including where compliance with an access or portability request would require the controller to reveal a trade secret.

The bill would provide consumers with a right to opt-out of the processing of the consumer’s personal data for “targeted advertising,” “sale,” or “profiling,” with these terms defined in a way that tracks the Colorado Privacy Act.  Additionally, controllers would be required to obtain consent prior to processing sensitive data, and consent may not be obtained through acceptance to terms and conditions or through the use of dark patterns.  Notably, the Connecticut bill would require that controllers provide consumers with an “effective mechanism” to revoke consent, which must be ‘at least as easy as the mechanism by which the consumer provided consent.”

13-16 Year Olds

Unlike the Colorado Privacy Act, the Connecticut bill would require that a controller “not process the personal data of a consumer for purposes of targeted advertising, or sell the consumer’s personal data without the consumer’s consent,” where a controller has actual knowledge, and willfully disregards that the consumer is at least 13 years old, but under 16 years old.

Enforcement

The bill would be enforced by the attorney general.  Although there is no rulemaking authority created by the statute, the bill would require a task force that must study certain topics including, information sharing among health care providers and social care providers, algorithmic decision-making and bias, age verification for social media accounts, among other topics.

 

On May 3, 2022, the Office of the U.S. Trade Representative (“USTR”) announced that it is initiating a statutory four-year review of necessity for the tariffs imposed on Chinese imports under Section 301 of the Trade Act of 1974 (“Section 301 Tariffs”). USTR’s review will examine whether to extend the tariffs currently in place on over $360 billion in Chinese imports.

Background

The Section 301 Tariffs were imposed based on the U.S. Administration’s determination in March 2018 that China’s technology transfer and intellectual property policies are harming U.S. companies. Between July 2018 and September 2019, the United States imposed four tranches of escalating tariffs on imports from China.

  • USTR imposed additional tariffs of 25 percent ad valorem on $34 billion of Chinese imports, effective July 6, 2018 (“List 1”).
  • USTR imposed duties of 25 percent ad valorem on an additional $16 billion of Chinese imports, effective August 23, 2018 (“List 2”).
  • USTR subsequently “modified” these tariff actions by imposing additional duties on supplemental lists of products in September 2018 (“List 3”) and September 2019 (“List 4A”).

By statute, the Section 301 Tariffs are set to expire four years after the tariffs were imposed, absent a written request for continuation submitted during the final sixty days of the four-year period by a representative of the domestic industry that has benefited from the tariffs.[1] The List 1 tariffs are set to expire July 6, 2022, and the List 2 tariffs are set to expire August 23, 2022. If a request is filed, the statute directs USTR to conduct a “review of necessity” regarding any extension of the tariffs.

First Phase of the Four-Year Review

USTR’s four-year review will proceed in two phases. In this first phase of the review process, USTR is notifying representatives of domestic industries that have benefited from the Section 301 Tariffs of the possible termination of the tariffs and of the opportunity to request a continuation of the tariffs.

Continue Reading USTR Initiates Four-Year Review of Necessity for Section 301 Tariffs on Chinese Imports

On 20 April 2022, the UK Financial Conduct Authority (“FCA”) published its Policy Statement PS 22/3 on disclosures regarding diversity and inclusion targets for the boards and executive committees of UK-listed companies. These measures reflect the growing importance of  Environmental, Social and Governance (“ESG”) considerations, and have gained particular traction in the financial services sector, forming a key part of investment decisions. Indeed, July 2021 saw the FCA hone in on the “S” and “G” components on ESG with its initial consultation on D&I-related proposals.

The disclosures proposed under the policy statement (see Appendix 1) enhance market participants’ engagement with ESG, building on, and amending, the Listing Rules (“LRs”) and Disclosure Guidance and Transparency Rules (“DTRs”). Amendments to the LRs and DTRs oblige in-scope companies to annually disclose whether they meet specific diversity targets in relation to gender and ethnicity.

What are in-scope companies required to disclose?

Applicable to UK and overseas issuers with a premium or standard listing, amended LR9 and LR14 introduce ongoing listing obligations. In-scope companies must include a statement in their annual financial report setting out whether they have met specific board diversity targets, including:

  1. at least 40% of the board to be women;
  2. at least one of the senior board positions (Chair, Chief Executive Officer, Chief Financial Officer or Senior Independent Director) to be held by a woman; and
  3. at least one director to have a minority ethnic background.

The disclosures must be made by reference to a specific reference date selected by the company during the relevant accounting period.

In-scope companies are further mandated to: (1) make numerical disclosures in standardised reporting tables on board composition and senior levels of executive management by either sex or gender and ethnic identities (see Annex 2 to the LRs); (2) show how diversity policies apply to board and executive committees; and (3) clarify the elements of diversity to which such diversity policies relate.

These disclosures are to be made on a “comply or explain” basis, such that those in-scope companies that do not meet the targets will need to explain why. Where in-scope companies have members of their board or executive management situated overseas, and local law restricts the collation and publication of relevant data, they may instead explain the extent to which they are unable to make the numerical disclosures. In-scope companies must also provide an explanation of their data collation approach. Guidance as to what this explanation should entail has been issued under LR 9.8.6IG and LR 14.3.36G, highlighting the need for consistency in approach, and an overview as to the methodology or source of the data used.

The FCA has also issued additional guidance on disclosures under LR 9.8 and LR 14.3. As part of their annual reports, in-scope companies may also wish to include the following information:

  1. A brief summary of any key policies, procedures and processes that contribute to improving board and executive management diversity;
  2. Any mitigating factors or circumstances that make achieving board diversity more challenging; and
  3. Any risks the company has identified in meeting board diversity targets in the next accounting period, or any plans to improve diversity.

The FCA has also extended DTR 7.2.8AR to require in-scope companies with a diversity policy to describe their particular policy for remuneration, audit and nominations committees. Diversity policy reporting will have to take stock of wider diversity characteristics, comprising ethnicity, sexual orientation, disability and socio-economic background.

Timings

The disclosures come into force for financial years beginning on or after 1 April 2022 (with a view to be assessed after three years). This means that the new disclosures will effectively appear in in-scope companies’ annual reports from Q2 2023 onwards.

The FCA has, nonetheless, encouraged companies whose financial years began before 1 April 2022 to consider voluntarily reporting on D&I targets.  Given the prominence of ESG, coupled with existing voluntary D&I initiatives (including the FTSE Women Leaders Review; the Hampton-Alexander Review and the Parker Review), it will not be surprising to see any such voluntary reporting in an effort to attract investors in an increasingly competitive marketplace.

Practical Steps

In-scope companies should begin to take stock of their D&I initiatives and ready themselves for the new disclosure regime. They should be particularly astute to:

  1. Defining and identifying “executive management” for the purposes of understanding which individuals will be in-scope for the new rules;
  2. How relevant data will be collated, including the nature of the data collection process and associated disclosures; and
  3. Any mitigating factors or circumstances that may make achieving board diversity more challenging.

A recent class action refiled in federal court against Shopify highlights a growing trend of lawsuits against companies related to the theft of cryptocurrency, particularly as a result of internal company threats.  See Forsberg et al v. Shopify, Inc. et al, 1:22-cv-00436 (D. Del.).  Despite not itself being a repository for or facilitating the sale of any cryptocurrency, the plaintiffs in the Shopify case allege that Shopify is liable for a theft of cryptocurrency after Shopify experienced a data breach caused by its own employees, which exposed a customer list for a cryptocurrency hardware wallet vendor, Ledger SAS.  As cryptocurrency storage and related transactions increasingly feature in companies’ online presence, there is likely to be a growing risk posed by threat actors motivated to target crypto-related assets and data, and more litigation activity in this space. According to the complaint, the Shopify case arose from a 2020 data breach.  In the cryptocurrency space, actual units of currency (e.g., bitcoin) are stored in digital “wallets” that are protected by “private keys.”  Private keys are access codes known only to the owner of the wallet.  Owners of cryptocurrency can store these private keys in internet-accessible databases and/or in physical devices or storage spaces that are not connected to the internet.

Plaintiffs allege that Ledger SAS is a vendor of these physical devices and that it used Shopify as its e-commerce platform.  Because of this, they contend that Shopify possessed a list of customers who had purchased Ledger devices, including full names, emails, and physical addresses, and that this information allegedly was leaked by “two rogue members of [Shopify’s] support team” at the behest of a hacker.  Plaintiffs aver that Shopify’s alleged negligence in failing to prevent the data breach, coupled with allegedly delayed notice, allowed hackers to use the information to launch phishing attacks against plaintiffs and putative class members resulting in the loss of cryptocurrency and other injuries.  While Shopify and Ledger initially succeeded in securing dismissal of the lawsuit on personal jurisdiction grounds when it was filed in federal district court in California, a different set of named plaintiffs have since refiled these claims in the district of Delaware, where Shopify USA is incorporated.

Due to the nature of cryptocurrency valuations, the individual damages claims in these cases have the potential to far exceed the more nominal individual amounts in a typical data breach case where the primary payout is identity theft protection services.  Furthermore, cryptocurrency transactions often are non-reversible, so unlike thefts from traditional online banking services, it may be difficult or impossible to claw back stolen crypto funds. Other cases have been filed recently involving similar theories relating to data breaches that allegedly resulted in the theft of cryptocurrency, including in the Northern and Central Districts of California, suggesting that this area will continue to face increasing litigation activity.

 

 

The Fourth Circuit’s opinion last week in In re Marriott International, Inc., — F.4th —-, No. 21-1802 (4th Cir. Apr. 21, 2022), could prove useful to companies facing data breach class actions.  Following a data breach of the Starwood guest reservation system, Marriott investors brought securities claims alleging that the purported failure to disclose vulnerabilities in Starwood’s IT systems rendered certain public statements false or misleading.

For example, the investors argued that Marriott’s statement that “the integrity and protection of customer, employee, and company data is critical to us as we use such data for business decisions and to maintain operational efficiency” was misleading because it gave the “impression that Marriott was securing and protecting the customer data acquired from Starwood.”  The district court rejected this argument after finding that the challenged statements “did not assign a quality to Marriott’s cybersecurity that it did not have.”

The Fourth Circuit affirmed.  It rejected the investors’ reliance on district court cases holding that statements describing the strength of security measures may be false if the measures are actually deficient because “Marriott made no such representation.”  Instead, the Fourth Circuit agreed with the district court that a statement about the importance a company places on data security is not a representation about the quality or effectiveness of its security measures.  The Fourth Circuit also acknowledged that “[t]he fact that a company has suffered a security breach does not demonstrate that the company did not place significant emphasis on maintaining a high level of security.”  This case is an important precedent for dismissing complaints alleging false statements concerning data security.

In a new post on the Inside Class Actions blog, our colleagues discuss a recent Fourth Circuit opinion holding that statements about the importance a company places on data security are not actionable following a data breach.  The case, In re Marriott International, Inc., — F.4th —-, No. 21-1802 (4th Cir. Apr. 21, 2022), could prove useful to companies facing data breach class actions.