179 Search Results

May 13, 2016 |
1st Circ. Video Privacy Decision Creates Split With 11th Circ.

​Orange County and Palo Alto partner Joshua Jessen and Palo Alto associate Priyanka Rajagopalan are the authors of "1st Circ. Video Privacy Decision Creates Split With 11th Circ." [PDF] published on May 13, 2016 by Law360.

January 13, 2012 |
2011 Trade Secrets Litigation Round-Up

The need for U.S. companies to protect their trade secrets and other confidential, proprietary information is reflected in the increasing number of significant trade secret and related lawsuits over the past year.  Several high-stakes jury trials resulted in substantial damages awards to victims of trade secret misappropriation.  The Department of Justice also brought several significant criminal prosecutions for trade secret theft and economic espionage, many involving defendants allegedly acting on behalf of foreign state-owned entities.  Corporate executives and law departments would be well advised to follow the recommendation of the U.S. Office of the National Counterintelligence Executive and ensure that "the protection of trade secrets and computer networks is an integral part of all corporate decisions and processes."   Jason Schwartz, Alexander Southwell and Molly Senger of Gibson Dunn highlight significant 2011 developments in their article "2011 Trade Secrets Litigation Round-Up" published in BNA’s Patent, Trademark & Copyright Journal in January 2012. Reprinted with permission from BNA’s Patent, Trademark & Copyright Journal, 1/13/2012.  © 2012, The Bureau of National Affairs, Inc.       Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update.  Please contact the Gibson Dunn lawyer with whom you work, the authors (Jason C. Schwartz (202-955-8242, jschwartz@gibsondunn.com), Alexander H. Southwell (212-351-3981, asouthwell@gibsondunn.com), or Molly T. Senger (202-955-8571, msenger@gibsondunn.com)), or any of the following practice group co-chairs: Labor and Employment Group:Eugene Scalia – Washington, D.C. (202-955-8206, escalia@gibsondunn.com) Intellectual Property Group:Denis R. Salmon – Palo Alto (650-849-5301, dsalmon@gibsondunn.com) Wayne Barsky – Los Angeles (310-557-8183, wbarsky@gibsondunn.com)Mark Reiter – Dallas (214-698-3360, mreiter@gibsondunn.com) Josh Krevitt – New York (212-351-2490, jkrevitt@gibsondunn.com) Information Technology and Data Privacy Practice Group:M. Sean Royall – Dallas (214-698-3256, sroyall@gibsondunn.com)Debra Wong Yang – Los Angeles (213-229-7472, dwongyang@gibsondunn.com)S. Ashlie Beringer – Palo Alto (650-849-5219, aberinger@gibsondunn.com) Alexander H. Southwell – New York (212-351-3981, asouthwell@gibsondunn.com) © 2012 Gibson, Dunn & Crutcher LLP Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

February 7, 2012 |
2011 Year-End Data Privacy and Security Update

The pace of data privacy and security legal events accelerated in 2011, as the global economy became increasingly dependent on online, mobile and server-based platforms and networks.  The past year witnessed a number of significant legal developments as private plaintiffs and regulators around the globe focused heavily on practices and intrusions involving user data in a wide range of industries and technical environments.  At the same time, the law continues to lag behind technological change, and legislative proposals in the United States, the European Union and elsewhere signal significant legal risks and threats to technical innovation. Gibson Dunn’s Information Technology and Data Privacy group–which was at the forefront of many of these developments–has detailed the key data privacy and security events of the past year and anticipated trends for the year to come.  This Review covers six core areas: (1) class actions and civil litigation related to data privacy and security; (2) FTC and regulatory activity; (3) criminal enforcement; (4) federal legislative activity; (5) data security; and (6) select international developments in the European Union and Asia Pacific Region. Table of Contents (click on link) I. Class Action Developments           A. Article III Standing          B. Substantive Claims and Theories in Data Privacy and Security Class Actions          C. Terms of Service II. FTC Regulatory Developments           A. The FTC Gets Social          B. Mandating Privacy by Design          C. Affirmative Express Consent          D. Covered Information          E. COPPA Developments III. Criminal Enforcement IV. Legislative Developments           A. Stop Online Piracy Act ("SOPA") and the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act ("PROTECT IP Act" or "PIPA")          B. Online Protection and Enforcement of Digital Trade Act ("OPEN Act")          C. Notable Federal Privacy and Data Breach Legislation V. Data Security           A. High-Profile Breach Incidents and Trends from 2011          B. 2011 Developments in Breach Notification Obligations          C. Insurance Issues VI. International Developments           A. European Union          B. Asia  I.   Class Action Developments In 2011, the plaintiffs’ bar was extremely active in filing class actions asserting a variety of novel claims relating to the allegedly unauthorized collection, use or disclosure of consumer data, or following widely publicized data breaches.  Despite significant setbacks to plaintiffs who struggled to articulate a viable theory of harm, data privacy and security-related filings continue to gain significant momentum. A.   Article III Standing The past year witnessed several critical developments in the application of Article III standing requirements to the theories of injury being asserted by plaintiffs in data privacy and security class actions–beginning with the first decision dismissing a privacy class action for lack of Article III standing in LaCourt v. Specific Media, Case No. 10-cv-01256-GW-JCG, 2011 WL 1661532 (C.D. Cal. Aug. 29, 2011) (Gibson Dunn represented Specific Media in this case).  While several courts have followed and extended the reasoning in Specific Media to dismiss other privacy-related class actions for lack of Article III standing, other courts have accepted alternative theories of injury proffered by plaintiffs, including theories arising from the alleged invasion of a statutory right or from the increased risk of sufficiently "credible" future harms (particularly in the context of a data breach). Plaintiffs’ theories of harm in data privacy cases vary, but typically have involved some assertion that the unexpected collection and use of plaintiffs’ personal information harmed plaintiffs in some way, either by diminishing the value of that information or by depriving plaintiffs of the opportunity to use and control that information as they see fit.  Plaintiffs also frequently assert that entities collecting their personal information are misappropriating or misusing it.  In cases involving data breaches, plaintiffs typically assert the increased risk of identity theft and the costs flowing from it (for example, the purchase of credit monitoring) as the alleged harm.  Notably, lawsuits asserting these theories are often spurred by the publication of academic articles, blogs or media reports documenting a potential privacy concern or security vulnerability (often within 24 hours of an initial news report), rather than any concrete instance of user harm.           No Injury in Fact Gibson Dunn’s client, Specific Media, was the first to challenge plaintiffs’ ability to demonstrate a concrete injury in fact, a requirement for Article III standing, in a data privacy case.  Specific Media was targeted (along with several other online publishers and advertising networks) in a series of class actions claiming that it had improperly used Adobe "Flash cookies" to track the online behavior of users who had configured their browser settings to avoid being tracked.  After approving settlements by the other defendants in these cases, Judge Wu granted Specific Media’s motion to dismiss on grounds that plaintiffs had not alleged any concrete injury in fact and therefore lacked standing under Article III.  LaCourt v. Specific Media, Case No. 10-cv-01256-GW-JCG, 2011 WL 1661532 (C.D. Cal. Aug. 29, 2011). In the first decision to apply Article III to a data privacy case, Judge Wu concluded that the various theories of injury advanced by the named plaintiffs in the Specific Media case did not demonstrate an injury in fact, in terms that have broad application to many data privacy and security class actions: The Complaint does not identify a single individual who was foreclosed from entering into a ‘value-for-value’ exchange as a result of Specific Media’s alleged conduct.  Furthermore, there are no facts . . . that indicate that the Plaintiffs themselves ascribed an economic value to their unspecified personal information.  Finally, even assuming an opportunity to engage in a ‘value-for-value exchange,’ Plaintiffs do not explain how they were ‘deprived’ of the economic value of their personal information simply because their unspecified personal information was purportedly collected by a third party.  Specific Media, 2011 WL 1661532 at *5.  These arguments were successfully advanced (again by Gibson Dunn) in In re iPhone Application Litig., No. 11-md-02250-LHK, 2011 WL 4403963 (N.D. Cal. Sept. 20, 2011), which involved a series of consolidated class actions challenging the alleged "tracking" of smartphone users by mobile device manufacturers and third-party advertising and analytics companies (the "Mobile Industry Defendants") that support the "apps" that can be downloaded onto these devices.  There, Plaintiffs alleged that the Mobile Industry Defendants collected and disclosed users’ personal information located on their mobile Apple devices without their knowledge or permission, allegedly in violation of several federal and state laws.  Plaintiffs also sought to hold Apple liable for these alleged violations on the grounds that (i) its design of the iOS system allowed apps to access users’ personal information despite Apple’s alleged representations, and (ii) Apple exercised control over the apps that could be sold in the Apple App Store but failed to adequately police their collection and disclosure of users’ personal information.  Plaintiffs also sought to hold Apple liable for allegedly enabling iOS devices to maintain, synchronize, and retain detailed, unencrypted location history files, an issue that also has also received significant media attention[1]. In a detailed opinion that surveyed the broad range of relevant case law and relied heavily on the reasoning in Specific Media, the court dismissed the consolidated complaint for lack of Article III standing, finding that plaintiffs had failed to plead an injury in fact on two grounds.  First, plaintiffs failed to "allege injury in fact to themselves."  Id. at *4 (emphasis in original).  As the Court explained, "Plaintiffs do not identify what [Apple devices] they used, do not identify which Defendant (if any) accessed or tracked their personal information, do not identify which apps they downloaded that access/track their personal information, and do not identify what harm (if any) resulted from the access or tracking of their personal information."  Id.  Second, agreeing with the holding in Specific Media, the Court held that "Plaintiffs [have] not identified a concrete harm from the alleged collection and tracking of their personal information sufficient to create injury in fact."  Id. at *5.  The Court observed that, as in Specific Media, the named plaintiffs "had not alleged any ‘particularized example’ of economic injury or harm to their computers, but instead offered only abstract concepts, such as ‘opportunity costs,’ ‘value-for-value exchanges,’ ‘consumer choice,’ and ‘diminished performance.’"  Id.  Notably, Judge Koh made clear that "[t]he Court does not take lightly Plaintiffs’ allegations of privacy violations."  Id. at *4.  However, she stated that "for purposes of the standing analysis under Article III, Plaintiffs’ current allegations [were] clearly insufficient."[2]  Id.; see also Low v. LinkedIn, No. 11-CV-01468-LHK, 2011 WL 5509848, at *6 (N.D. Cal. Nov. 11, 2011), (dismissing case for failure to sufficiently allege an "injury in fact" as required for Article III standing because plaintiff "failed to put forth a coherent theory of how his personal information was disclosed or transferred to third parties, and how it has harmed him."). Despite a series of decisions rejecting claims brought based on the allegedly unauthorized track collection of user data for lack of Article III standing, the filing of such cases shows no sign of abating.  See, e.g., Cousineau v. Microsoft Corp., No. 11-CV-01438-JCC (W.D. Wash. Aug. 31, 2011) (challenging alleged collection of detailed location file histories); Kim v. Space Pencil, Inc., No. 11-CV-3796-LB (N.D. Cal. Aug. 1, 2011) (challenging analytics company’s alleged use of Flash cookies, ETags, and HTML5 storage to identify computers of users who blocked or deleted browser cookies); Garvey v. KISSmetrics, et al., No. 11-CV-3764-LB (N.D. Cal. Jul. 29, 2011) (same); Kenny v. Carrier IQ, Inc., No. 11-cv-05774-PSG (N.D. Cal. Dec. 1, 2011) (first of 70 class actions against mobile device manufacturers, wireless carriers, and Carrier IQ relating to alleged tracking of smartphone user activity through Carrier IQ’s diagnostic tool). This may be due in part to the relative liberality with which courts have thus far granted plaintiffs leave to amend, as well as to language holding out hope that it may yet be possible to articulate an actionable theory of harm.  See, e.g., Specific Media, 2011 WL 1661532 at *6 ("It is not obvious that plaintiffs cannot articulate some actual or imminent injury in fact.  It is just that at this point they haven’t offered a coherent and factually supported theory of what that injury might be.").  Indeed, as explained in the following section, plaintiffs are already aggressively developing–with some success–alternate theories of injury in order to overcome the significant hurdles posed by the requirements of Article III standing in data privacy and breach cases.           Alleged Invasion of Statutory Right In response to the various decisions in 2011 dismissing online and mobile privacy complaints for failure to allege a cognizable injury in fact sufficient to demonstrate Article III standing, the plaintiffs’ bar has begun to shift to pleading statutory claims that may not have an express injury component–asserting that the alleged invasion of a statutory right itself constitutes a de facto injury in fact.  See Warth v. Seldin, 422 U.S. 490, 500 (1975) (quoting Linda R.S. v. Richard D., 410 U.S. 614, 617 n.3 (1973)) ("The actual or threatened injury required by Art[icle] III may exist solely by virtue of ‘statutes creating legal rights, the invasion of which creates standing.’").  This theory of injury was given new life by the Ninth Circuit’s decision in Edwards v. First American Corp., 610 F.3d 514 (9th Cir. 2010), cert. granted, 131 S. Ct. 3022 (2011), which reaffirmed the holding in Warth.  In a few recent cases, plaintiffs that have invoked this approach have survived Article III challenges.  Relying on Edwards, Judge Ware in In re Facebook Privacy Litigation, 791 F. Supp. 2d 705 (N.D. Cal. 2011) held that plaintiffs, who claimed that Facebook had transmitted Facebook IDs to advertisers without consent, had constitutional standing where they alleged violation of their rights under the Wiretap Act, 18 U.S.C. §§ 2510, et seq.–even though the Court dismissed plaintiffs’ Wiretap Act claim as insufficiently pled.  791 F. Supp. 2d at 711-13; see also In re Zynga Privacy Litig., No. 10-CV-04680-JW (N.D. Cal. June 15, 2011) (same); Low v. LinkedIn, 2011 WL 5509848 at *6 n.1 ("There is also an argument, though not specifically advanced by Plaintiff, that the creation of a statutory right may be sufficient to confer standing on Plaintiff.").  In addition, the Ninth Circuit recently relied on the holding in Edwards and Warth to find that the alleged violation of plaintiffs’ rights under the under the Stored Communications Act, the Electronic Communications Privacy Act, and the Foreign Intelligence Surveillance Act were sufficient to confer Article III standing–albeit in a case involving unique allegations of a government "dragnet" that was used to monitor the contents of plaintiffs’ and class members’ wireless communications.  See Jewel v. Nat’l Sec. Agency, 2011 WL 6848406 (9th Cir. Dec. 29, 2011) (holding that alleged violations of statutory rights conferred standing).  The Ninth Circuit emphasized in Jewel, however, that while the injury required by Article III may be satisfied through the alleged violation of a statutory right, the injury must nonetheless be particularized.  Id. at *6.   Given the amorphous and theoretical injuries claimed by plaintiffs in many privacy class actions, we anticipate that strategic challenges to Article III standing will continue to be an important defense for companies facing data privacy and security claims (including claims asserting the alleged violation of a statutory or constitutional right), regardless of the outcome of the Supreme Court’s decision in Edwards.             Data Breach Cases  In the wake of several prominent hacking incidents, courts have seen a significant increase in data breach class actions.  Plaintiffs have had somewhat greater success demonstrating Article III standing in cases involving a data security breach, and several key decisions issued last year addressed the extent to which the risk of identity theft and other alleged injuries are sufficient to confer standing to plaintiffs who information may have been compromised in a security breach.    In late 2010, the Ninth Circuit joined the Seventh Circuit in finding that the increased risk of future harm resulting from an identified data breach could establish the injury in fact required for Article III standing.  See Krottner v. Starbucks Corp., 628 F.3d 1139 (9th Cir. 2010); Pisciotta v. Old Nat’l Bancorp, 499 F.3d 629 (7th Cir. 2007) (threat of future harm resulting from third-party hack into banking records was injury in fact).  Krottner involved claims resulting from the theft of an unencrypted laptop allegedly containing the personal information of hundreds of Starbucks employees by an unknown party.  The plaintiffs alleged that their injuries consisted of anxiety, stress, and time and expense spent monitoring their finances.  One plaintiff even alleged that a bank account was opened using his social security number; the bank closed the account immediately, with no financial loss to the plaintiff.  Citing the Seventh Circuit’s decision in Pisciotta, the Ninth Circuit held that there was a "credible threat of real and immediate harm stemming from the theft of a laptop containing . . . unencrypted personal data."  Id. at 1143.  Observing that the threat would be "far less credible" if the laptop had not yet been stolen, the court held that the plaintiffs nonetheless had pled sufficient injury to satisfy Article III.  Id.    Following the Krottner decision, one court in the Northern District of California refused to dismiss claims for lack of Article III standing where plaintiffs alleged that a hacker had exploited a security vulnerability and accessed the database of RockYou, a publisher and developer of online services and social networking applications, and copied the email and social networking login credentials of approximately 32 million registered RockYou users.  Claridge v. RockYou, Inc., 785 F. Supp. 2d 855 (N.D. Cal. 2011).  Although plaintiffs alleged that RockYou had failed to utilize adequate encryption to prevent intruders from accessing and reading their personally identifiable information, they were unable to point to specific harm resulting from this incident, instead claiming that they had lost the "value" of their personal information.  Id. at 861.  While the court recognized the need for "actionable harm or concrete, non-speculative harm," it noted the "paucity" of controlling authority in this area, and that the "unauthorized disclosure of personal information via the Internet is itself relatively new" and raised "issues of law not yet settled in the courts."  Id.  Despite its reservations, the court declined to find that the plaintiffs’ allegations were insufficient to confer standing as a matter of law.  Id.  But in a significant decision in December, the Third Circuit, in Reilly v. Ceridian Corp., 664 F.3d 38 (3d Cir. 2011), departed from the approach taken by the Seventh and Ninth Circuits.  In Reilly, plaintiffs filed suit against Ceridian, a payroll processor, following a 2009 security breach in which an unknown hacker gained access to employees’ personal and financial information.  Although the plaintiffs asserted injuries including the increased risk of identity theft and the cost of credit monitoring services, the court found that unless plaintiffs’ "conjectures [came] true," they had not yet suffered any injury in fact sufficient to satisfy Article III standing.  Id. at 42.  The Third Circuit emphasized that plaintiffs’ injuries were "dependent on entirely speculative, future actions of an unknown third-party," while distinguishing the circumstances in Krottner and RockYou on the grounds that the security intrusions there involved "malicious," "sophisticated" third-parties or the actual misuse of compromised data.  Id.  Given the emerging and variable treatment of Article III standing requirements in data breach cases among the circuits, forum considerations will be particularly critical in litigating data breach actions.  These factors should be taken into account when assessing transfer motions in any multidistrict litigation resulting from a data breach episode, and companies may also need to consider whether to enforce any venue selection clauses in light of the emerging jurisprudence (see infra Terms of Service).  Litigants should consider the factors courts use to evaluate the "credibility" of future injury for Article III standing, including the sophistication of third-party hackers, the strength of encryption and protections systems employed by the defendant, the demonstrated comprehension of the accessed data, or other means of quantifying the risk of harm.  *   *   * Collectively, these recent decisions underscore the importance of closely examining plaintiffs’ allegations of harm when defending against a putative class action, especially a class action involving alleged privacy invasions directed to new and developing technologies–an area in which the plaintiffs’ class action bar has become especially active.  Oftentimes, these suits–spurred by sensational media reports–allege widespread privacy violations that may be challenging to parse at the pleadings stage, but which are lacking in any specific or credible allegation of harm.  Under such circumstances, a strong standing challenge may get the entire case dismissed at the outset and avoid the potential challenges involved in seeking to dismiss individual claims under Federal Rule of Civil Procedure 12(b)(6), which may include claims that do not require an initial showing of injury or that may require the Court to address confusing and technical allegations in the context of a one-sided pleading. B.   Substantive Claims and Theories in Data Privacy and Security Class Actions During the past year, plaintiffs have filed class actions in response to a number of data privacy and security incidents, including many involving relatively new technologies such as online social games and mobile applications.  The theories pursued by Plaintiffs have been varied, but frequently involve state or federal statutes prohibiting criminal hacking or other computer crimes (such as the Computer Fraud and Abuse Act, Stored Communications Act or Electronic Communications Privacy Act).  Others state unfair competition claims, or common law claims ranging from trespass to invasion of privacy to negligence.  During the past year, courts continued to grapple with how–or whether–to apply these claims to a range of highly technical facts involving the collection, use or disclosure of user data.           "Do Not Track" Cases 2011 saw a wave of filings in "do not track" cases, involving claims that defendants had intentionally collected plaintiffs’ personal data without their knowledge or permission, allegedly in ways that users would not anticipate–such as through Adobe "Flash cookies" (for behavioral advertising) or mobile applications.  See Specific Media, 2011 WL 2473399 (challenging the use of Adobe "Flash cookies" and alleging violations of the Computer Fraud and Abuse Act, California Comprehensive Computer Data Access and Fraud Act, California Invasion of Privacy Act, California Consumer Legal Remedies Act, California Unfair Competition Law, trespass to personal property, and unjust enrichment); In re Google Inc. Street View Elec. Commc’ns Litig., 794 F. Supp. 2d 1067 (N.D. Cal. 2011) (challenging Google’s practice of intercepting data packets from Wi-Fi networks and alleging three causes of action–violation of the federal Wiretap Act, the state wiretap act, and the California UCL); In re Facebook Privacy Litig., 791 F. Supp. 2d 705 (N.D. Cal. 2011) (alleging violations of the Wiretap Act and the California Comprehensive Computer Data Access and Fraud Act, and fraud under Cal. Civ. Code §§ 1572 and 1573). In such "do not track" cases, plaintiffs have struggled to articulate even the facial elements of their claims.  See, e.g., Specific Media, 2011 WL 1661532 (dismissing plaintiffs’ complaint for lack of Article III standing but also noting severe substantive defects in each of the six claims asserted by plaintiffs); In re iPhone Application Litig., 2011 WL 4403963 (same); Bose v. Interclick, Inc., No. 10-cv-09183-DAB, 2011 WL 4343517 (S.D.N.Y. Aug. 17, 2011) (dismissing plaintiff’s Computer Fraud and Abuse Act class action claim and holding that plaintiff failed to quantify any damage or loss, as defined by the statute); Google Street View, 794 F. Supp. 2d 1067 (dismissing plaintiffs’ California UCL claim for failure to satisfy California’s UCL standing requirements, which requires the plaintiff to establish the loss of money or property). But it was not all bad news for plaintiffs in these cases, and plaintiffs in several "do not track" cases succeeded in overcoming motions to dismiss on at least one of their claims.  For example, in Bose v. Interclick, Inc., the court permitted plaintiff’s challenge to the use of Adobe Flash cookies to track user information for behavioral advertising purposes to go forward on state law claims based on New York General Business Law Section 349 (deceptive business practices) and trespass to chattels.  The court held that even though plaintiff had failed to plead a cognizable economic injury, an alleged "privacy violation" was sufficient to state a claim under Section 349.  2011 WL 4343517 at *9.  With respect to the trespass claim, the court held that plaintiff’s generic allegations of harm to her computer were "arguably sufficient to survive a motion to dismiss."  Id.  As another example, the plaintiffs in Google Street View were able to survive a motion to dismiss their Wiretap Act claim by convincing the court that the data packets (which included plaintiffs’ SSID information, MAC address, usernames, passwords, and personal emails) collected by the defendant through the capturing of Wi-Fi data by a "wireless sniffer," through unprotected wireless networks, were not "readily accessible to the general public" for purposes of the Wiretap Act.  794 F. Supp. 2d at 1084. Finally, in Pineda v. Williams-Sonoma Stores, Inc. 51 Cal. 4th 524 (2011), the California Supreme Court construed "personal information" under the Song-Beverly Credit Card Act to include ZIP codes, breathing new life into a series of lawsuits alleging that retailers collected ZIP codes as a condition to accepting payment.  51 Cal. 4th at 531-36.  However, the scope of this ruling appears limited: on August 24, 2011, the San Francisco Superior Court dismissed claims against Craigslist for allegedly violating the Song-Beverly Credit Card Act, finding that the Act "on its face does not apply to online transactions."  Gonor v. Craigslist, Inc., No. CGC-11-511332 (Cal. Super. Ct. Aug. 24, 2011), affirming Saulic v. Symantec Corp., 596 F. Supp. 2d 1323 (C.D. Cal. 2009).           Persistent Identifiers Several cases filed in the past year have involved claims that internal identifiers used by online publishers to organize and deliver user content (such as a Facebook user ID) or device identifiers (such as smartphone serial numbers) are the functional equivalent of personally identifiable information given their potential ability to be tied to identifying information, such as a name (see also infra discussion of proposed FTC revisions to COPPA, expanding definition of "personal information" to include persistent identifiers).  Keying off of this theory, plaintiffs have targeted companies that disclosed personal identifiers to third parties (often through routine technical protocols such as HTTP referrers), arguing that this effectively disclosed users’ personal information to third parties.  So far, courts have not been receptive to claims involving the alleged disclosure of user IDs or device identifiers to advertisers or other third parties.  See, e.g, In re Facebook Privacy Litig., 2011 WL 6176208 (dismissing claims centered around defendant’s alleged transmission of user IDs and usernames to third-party advertisers); In re Zynga Privacy Litig., No. 5:10-CV-04680-JW (same); In re iPhone Application Litig., 2011 WL 4403963 (dismissing claims based on, among other things, defendants’ transmission of unique mobile phone identifiers); see also Hines v. OpenFeint, Inc., No. 11-cv-03084-EMC (N.D. Cal. Dec. 5, 2011) (plaintiffs voluntarily dismissed claims against OpenFeint brought on the basis of researcher reports that its mobile social gaming service transmitted information such as the user’s mobile phone identifier and Facebook user ID in an unencrypted format, following a motion to dismiss prepared by Gibson Dunn).           "Privacy" of Social Media  Last year, courts also considered the extent to which plaintiffs could challenge various practices involving the use of information they elected to share on social networking sites like Twitter and Facebook.  In Cohen v. Facebook, Inc., Judge Seeborg rejected claims that Facebook’s use of plaintiffs’ Facebook profile pictures on other users’ pages to promote the "Friend Finder" service constituted a violation of their statutory rights of publicity.  Cohen v. Facebook, Inc., 798 F. Supp. 2d 1090 (N.D. Cal. 2011) ("Cohen I"); Cohen v. Facebook, Inc., No. 10-cv-05282-RS, 2011 WL 5117164 (N.D. Cal. Dec. 27, 2011) ("Cohen II").  The court concluded that the plaintiffs had not alleged injury (a required element of their claim) sufficient to survive a motion to dismiss on claims, because plaintiffs’ "names and likenesses were merely displayed on the pages of other users who were already plaintiffs’ Facebook ‘friends’ and who would regularly see, or at least have access to, those names and likenesses in the ordinary course of using their Facebook accounts."  Cohen II, 2011 WL 5117164 at *3.  But one court reached a different conclusion with respect to the facial sufficiency of claims relating to Facebook’s republication of plaintiffs’ "likes" (and related use of plaintiffs’ names and profile pictures) in "Sponsored Stories," which are generated when Facebook users "like" an organization, company or cause.  See Fraley v. Facebook, Inc., No. 11-cv-001726-LHK, 2011 WL 6303898 (N.D. Cal. Dec. 16, 2011) (finding Facebook’s alleged use of "[plaintiffs’] names, photographs, and likenesses . . . in paid commercial endorsements targeted . . . at other consumers, without their consent" sufficient to allege injury).           Data Breaches As with Article III standing challenges, plaintiffs had greater success overcoming motions to dismiss in claims arising from third-party hacking or other data breach incidents.  See Anderson v. Hannaford, 659 F.3d 151 (1st Cir. 2011) (plaintiffs’ negligence and implied contract claims survived a motion to dismiss because mitigation damages, such as replacement credit card costs and identity theft insurance, were sufficient to allege injury where credit card information was obtained by a third-party hacker and there was evidence that the hacked information was used for an improper purpose); RockYou, 785 F. Supp. 2d 855 (plaintiffs’ claims for breach of contract, breach of implied contract, negligence, and negligence per se survived a motion to dismiss because the personally identifiable information that was hacked constituted valuable property, but noting that the plaintiffs could have difficulty proving their damages theory).  The courts’ decisions in these cases appeared to turn, in part, on concerns that defendants failed to use adequate measures to protect sensitive client information.  See, e.g., id. at 861 (noting plaintiffs’ allegations that RockYou failed to employ "commercially reasonable" methods for safeguarding personally identifiable information); Anderson, 659 F.3d at 164 (pointing out that the third-party hacking was "a large-scale criminal operation conducted over three months").  C. Terms of Service Defendants confronting data privacy and security class actions continued to invoke contractual provisions–such as forum clauses or limitations on liability–contained in their terms of service.  During 2011, courts frequently were reluctant to enforce provisions contained in online terms of service, particularly at the outset of litigation.  For example, in Harris v. Comscore, 2011 WL 4738357, at *2 (N.D. Ill. 2011), the Northern District of Illinois refused to enforce a forum selection clause in a class action challenging Comscore’s alleged use of "deep packet inspection" to collect plaintiffs’ personal information, finding that the hyperlink to Comscore’s forum selection clause was not "readily apparent."  The court observed that valid forum selection clauses could appear in click-through agreements, but that for such clauses to be enforceable, they needed to be "immediately available and obvious."  Id. at *2.  See also Hoffman v. Supplements ToGo Management, LLC, 419 N.J. Super. 596, 607 (App. Div. 2011) (holding forum selection clause in online terms unenforceable because it was not visible unless a user scrolled down to a concealed portion of the defendant’s web page and thus failed to provide "fair and forthright" notice to plaintiffs). On the other hand, courts began to expand the Supreme Court’s ruling in AT&T Mobility LLC v. Concepcion, 131 S.Ct. 1740 (2011) to the online context.  For example, one court in the Northern District of California enforced an arbitration clause in Zynga’s online terms of service, dismissing claims that Zynga had engaged in unfair and deceptive practices in certain in-game advertising under the terms of service applicable to Zynga’s online social games.  Swift v. Zynga, No. 09-cv-05443-EDL (N.D. Cal. Aug. 4, 2011) (order granting Zynga’s motion to compel arbitration). Defendants faced challenges when seeking to avoid liability for data privacy and security claims based on their agreements with end users at the pleading stage.  Given frequent changes in online terms, courts were often reluctant to assess which contract versions may have applied to plaintiffs or class members in the absence of a complete record.  For example, in Cohen I, the court refused to apply Facebook’s terms of service when determining if Facebook’s Friend Finder service was authorized under Facebook’s terms of service; in part because it did not think it proper to consider the terms at the motion to dismiss stage, and in part because "substantial questions would remain in this instance as to when various versions of the documents may have appeared on the website and the extent to which they necessarily bound all plaintiffs."  798 F. Supp. 2d at 1094 (noting that even if it was "theoretically , . . possible to apply the [t]erms documents against plaintiffs at the motion to dismiss stage," Facebook did not show that its terms were sufficient to insulate it from plaintiffs’ claims). Even where courts did consider online terms of service at the motion to dismiss stage, they typically concluded that fact issues prevented the court from resolving the claims based on the terms of the user agreement.  See, e.g., RockYou, 785 F. Supp. 2d at 865 (terms of service not dispositive on plaintiffs’ contract claims at motion to dismiss stage where terms provided that RockYou used secure servers, and a factual question existed as to whether the servers were secure); Fraley, 2011 WL 6303898, at *15 (finding the question of whether Facebook’s terms authorized use of information in Social Stories to be a disputed question of fact); but see In re iPhone App. Litig., 2011 WL 4403963, at *7-8 (noting that in any amended complaint the plaintiffs must explain why Apple’s terms of service would not bar privacy claims). We expect that the contractual provisions contained in online terms of service will be of increased importance as data privacy and security cases advance into later stages of litigation. Back to Top II.   FTC Regulatory Developments The FTC was extremely active in 2011 in pushing to expand and apply its Section 5 authority to combat "unfair and deceptive" conduct to a broad range of practices and technologies related to consumer privacy. A.   The FTC Gets Social Reflecting a particular focus on user information shared on social networking sites, the FTC in 2011 announced and/or finalized settlements with Twitter, Google, and Facebook, in that order.  Although each of these settlements contains certain unique provisions, the cornerstone of the FTC’s complaints against these companies was that consumers were misled as to how their information would be protected, shared, and used. The FTC pursued Twitter following a hacking incident in which third parties obtained, among other things, unauthorized access to non-public user information and tweets that consumers had designated as private, alleging that the company misled users about the extent to which the company protects the security, privacy, and confidentiality of consumer information.  With respect to Google, the FTC charged that the company’s launch of Google Buzz was misleading and that the company, among other things, improperly used data supplied by users solely for use in Google’s Gmail product to launch its Buzz social network.  Against Facebook (represented by Gibson Dunn), the FTC’s core allegations related to changes in how certain pieces of profile information were shared.  Key takeaways from these settlements are discussed below. B.   Mandating Privacy by Design The Google and Facebook consent orders are the first FTC settlements to require the implementation of comprehensive privacy programs that apply to the development of new features and products and also require privacy assessments by an independent third party.  Although the FTC frequently has required companies in data security cases to implement comprehensive security programs (and to submit to ongoing security audits)–as it did in the Twitter order–the Google and Facebook consent orders represent the FTC’s first attempt to expand this requirement to encompass privacy. These moves reflect the FTC’s recent emphasis on integrating privacy into the product development process, which the FTC refers to as "Privacy by Design."  (This is evocative of Article 20(1) of the proposed EU Data Privacy Regulation which would impose an obligation for all data controllers targeting EU consumers to engage in "privacy by design".)  The FTC’s Initial Privacy Report, for example, states that companies "should promote consumer privacy throughout their organizations and at every stage of the development of their products and services" and "should maintain comprehensive data management procedures throughout the life cycle of their products and services."  FTC, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policymakers¸ Preliminary FTC Staff Report at ix (Dec. 2011).  Given the repeated emphasis of this principle in the FTC’s public discourse, privacy report, and recent consent orders, it is likely that these provisions will become more standard going forward. C.   Affirmative Express Consent Over the past year, the FTC staff has seemingly renewed efforts to leverage its Section 5 authority to impose a prescriptive requirement on companies to obtain the express affirmative consent of their users before making retroactive changes to their privacy policies.  Though not required by any specific statute or FTC rule, the FTC staff for many years has taken the position that companies should obtain the express affirmative consent of their customers before using or disclosing previously collected information in a manner that differs from representations made to the customers at the time of collection.  For example, in a 2000 report to Congress, the FTC warned that "the chance that new, inconsistent policies may be applied to previously collected information is troubling and may undermine consumer confidence in the rest of the privacy policy."  FTC, Privacy Online: Fair Information Practices in the Electronic Marketplace:  A Report to Congress at 26 (May 2000).  The FTC further expressed its view that "[i]n certain circumstances, the application of new information practices to information collected pursuant to different, stated practices may constitute an unfair and/or deceptive practice," and that in some instances, "affirmative choice by the consumer may be required."  Id.   The FTC staff issued a more definitive endorsement of express affirmative consent in its 2009 report on self-regulatory principles for online behavioral advertising.  FTC, FTC Staff Report: Self-Regulatory Principles for Online Behavioral Advertising (Feb. 2009).  The report advised that "before a company can use previously collected data in a manner materially different from promises the company made when it collected the data, it should obtain affirmative express consent from affected consumers."  Id. at 46.  The FTC Staff reiterated this view a year later, stating "companies must provide prominent disclosures and obtain affirmative express consent before using consumer data in a materially different manner than claimed when the data was collected."  Protecting Consumer Privacy in an Era of Rapid Change at 76. Until recently, however, the FTC had only used its enforcement hammer in a single case (in 2004) to obtain a defendant’s agreement to obtain express affirmative consent before retroactively applying privacy policy changes.  See In re Gateway Learning Corp., FTC File No. 042-3047 (July 7, 2004).  In 2011, the FTC imposed express affirmative consent provisions in two landmark cases, both in the social networking field.  The first appeared in the consent order settling the FTC’s claims against Google Inc., which stemmed from allegations that the search and webmail behemoth violated its privacy policy by using customers’ Gmail account information to launch Google’s Buzz social networking platform, without obtaining those customers’ express consent.  Complaint, In re Google Inc., FTC File No. 102-3136 (Mar. 30, 2011).  As part of the negotiated settlement, Google agreed to provide notice (outside of a privacy policy or similar document) and obtain the "affirmative express consent" of a user before "any new or additional sharing by [Google] of the Google user’s identified information with any third party, that 1) is a change from stated sharing practices in effect at the time [Google] collected such information, and 2) results from any change, addition, or enhancement to a product or service."  Agreement Containing Consent Order, In re Google Inc., FTC File No. 102-3136 (Mar. 30, 2011).  Notably, Commissioner J. Thomas Rosch issued a strong concurring statement that raised "substantial reservations" with the express affirmative consent requirement, which the Commissioner noted was "seemingly brand new," was not required under Google’s original privacy policy, and had significant implications for Google’s ability to launch new products, particularly "[b]ecause internet business models (and technology) change so rapidly."  Concurring Statement of J. Thomas Rosch, In re Google Inc., FTC File No. 102-3136 (Mar. 30, 2011).  Several months later, the FTC obtained a similar–though far narrower–affirmative express consent commitment from Facebook as part of a settlement resolving various concerns relating to the company’s privacy practices, including allegations related to 2009 changes designating certain categories of information as "publicly available."  Complaint, In re Facebook, Inc., FTC File No. 092-3184 (Nov. 29, 2011).  The FTC alleged that Facebook failed to clearly inform users of the scope of these changes when migrating users through a mandatory "Privacy Wizard" that users completed before these changes were implemented.  Notably, in contrast to the Google order, the "express affirmative consent" provision proposed in Facebook is limited to non-public information and applies only when such information is shared in a manner that materially exceeds restrictions the user imposed using a Facebook privacy setting.  Proposed Agreement Containing Consent Order, In re Facebook, Inc., FTC File No. 092-3184 (Nov. 29, 2011). The Facebook order also features an express carve-out for information that is re-shared by users and others on Facebook and includes language allowing the company to seek modification of the order "to address relevant developments [related to] . . . technological changes and changes in methods of obtaining . . . consent."  Id. In addition to these two enforcement actions, the FTC also recently attempted (unsuccessfully) to persuade the court overseeing the Borders Group, Inc. bankruptcy to forbid Borders from selling detailed customer records to Barnes & Noble without first obtaining those customers’ express affirmative consent.  In a letter dated September 14, 2011, David Vladeck, Director of the FTC’s Bureau of Consumer Protection, urged the Consumer Privacy Ombudsman assigned to the bankruptcy proceedings to recommend that any transfer of customer records in connection with a bankruptcy sale only occur with the customers’ express affirmative consent.  The bankruptcy court rejected the FTC’s recommendation, authorizing the sale subject to a limited period during which Borders’ customers had the option to "opt out" of having their information disclosed.  Based on the FTC’s actions in the Google, Facebook, and Borders cases and Gibson Dunn’s ongoing representation of several companies in investigations and enforcement actions, we expect the FTC staff to continue to vigorously pursue express affirmative consent provisions in future consent orders, particularly in cases where the target of the enforcement action is alleged to have taken actions that violate prior commitments to consumers regarding the privacy and use of their personal information. D.   Covered Information During the past year, the FTC has also sought to dramatically expand the scope of information covered by consent decrees in the privacy and data security fields.  In the past, the scope of the information covered by these orders has been limited typically to "individually identifiable information from or about a consumer," which typically included traditional categories of personally identifiable information–i.e., information that in and of itself operates to identify unique individuals (such as a first and last name, email address or social security number)–as well as other information that is combined with specifically enumerated categories of personally identifiable information.  During the past year, the FTC has entered into several consent decrees that reach a significantly broader scope of personal information.  For example, though the scope of the FTC’s consent order with Twitter is limited to "individually identifiable information," the term is defined to include specifically any IP addresses and other persistent identifiers (e.g., mobile device identifiers), even though IP addresses and persistent identifiers have historically not been considered "individually identifiable information" unless they are associated with other categories of individually identifiable information such as a name or street address.  Decision and Order, In re Twitter, FTC File No. 092-3093 (Mar. 11, 2011).  Similarly, both the recent Google and Facebook consent decrees utilize a definition of "covered information" that would include all "information from or about an individual consumer," regardless of whether the information is individually identifying or not.  Agreement Containing Consent Order, In re Google Inc., FTC File No. 102-3136; Proposed Agreement Containing Consent Order, In re Facebook, Inc., FTC File No. 092-3184 (The Facebook order also contains a separately defined term, "nonpublic user information," that is used to narrow the scope of covered information for key provisions, such as the notice and consent requirements.).  See also Agreement Containing Consent Order, In re Chitika, Inc., FTC File No. 102-3087 (June 17, 2011) (expanding the definition of "data collected" to encompass "any information or data received from a computer or device"). The FTC’s attempts to expand the information covered under recent consent orders are consistent with recent statements expressing the Staff’s view that "the traditional distinction between [personally identifiable information and non-personally identifiable information] has eroded and that information practices and restrictions that rely on this distinction are losing their relevance."  Protecting Consumer Privacy in an Era of Rapid Change at 34-35.  Accordingly, the Staff’s proposed framework for business is "not limited to those who collect personally identifiable information," but rather "applies to those commercial entities that collect data that can be reasonably linked to a specific consumer, computer, or device."  Id. at 43.  Consistent with this view, we expect the FTC staff to continue to push the scope of covered information covered by privacy and data security consent orders in 2012. E.   COPPA Developments The Children’s Online Privacy Protection Act of 1998 (COPPA), effective April 21, 2000, requires companies that operate websites or online services to obtain parental consent before collecting, using, or disclosing "personal information" from children under age 13, if (1) those companies’ websites or services are directed to children under 13, or (2) they have knowledge that they are collecting personal information from children under 13.  16 C.F.R. § 312.2.  Currently, personal information covered by the Act includes (1) individually identifiable information, such as full name, home address, email address, telephone number, social security number; (2) persistent identifiers, such as customer numbers collected through cookies or processor serial numbers, if they are associated with individually identifiable information; and (3) information concerning the child or the parents of that child that the website operator collects online from the child and combines with the types of information covered by (1) or (2).  Id.  The FTC has been especially active in pursuing enforcement actions under COPPA during the past year, with a particular focus on new and emerging mobile and online technologies.           Recent FTC Orders Related to COPPA Over the past year, the FTC for the first time targeted mobile applications, online virtual worlds, and social networking websites directed to children for alleged COPPA violations.  The orders entered in the past year clarify that the FTC interprets "Web site located on the Internet," the language employed by the Act, broadly to cover virtually any content that children can access through a browser on a computer or on a mobile device.  See Children’s Online Privacy Protection Rule, 76 Fed. Reg. 59,804, 59,807 (proposed Sept. 27, 2011) (to be codified at 16 C.F.R. pt. 312).  The FTC’s consent orders in these cases provide important guidance on the potential application of COPPA to online and mobile services that may collect information from children under 13. In United States v. Playdom, Inc., the FTC charged operators of twenty online virtual worlds with violations of COPPA and the FTC Act.  Case No. SACV11-00724, FTC File No. 1023036 (C.D. Cal. May 12, 2011).  Defendants’ registration process elicited personal information from all potential users, who could publicly post additional personal information after registering.  The FTC charged defendants under COPPA for failing to provide proper notice to or obtain verifiable consent from parents before collecting or disclosing children’s personal information, as well as with violating Section 5 of the FTC Act due to related misrepresentations in defendants’ privacy policy.  Significantly, only one of the virtual worlds at issue was explicitly directed at children, while the other nineteen were intended for general audiences (although they attracted a significant number of children).  Defendants agreed to settle the charges for $3 million, the largest civil penalty for a violation of COPPA to date.  We anticipate that the FTC will be increasingly aggressive in pursuing COPPA complaints against developers of games and mobile apps that are used by a significant number of children, even when the apps or websites are not expressly directed to children. Last year, the FTC also pursued the first enforcement action under COPPA against a mobile application developer, W3 Innovations, LLC (W3).  United States v. W3 Innovations, LLC, Case No. CV-11-03958-PSG, FTC File No. 102 3251 (N.D. Cal. Aug. 12, 2011).  W3 operated approximately forty apps–through which it collected and maintained thousands of children’s email addresses and allowed children to publicly post information, including personal information, on message boards–without providing proper notice or obtaining verifiable parental consent.  The settlement imposed a $50,000 penalty on the mobile app company, but also required the developer to delete all personal information collected in violation of COPPA, in addition to other requirements.  This type of requirement could have significant implications for any company that depends on continued access to an installed user base that includes children under 13, since the deletion of all personal information would include account information and content posted by those users–effectively requiring the company to delete the accounts for all users under 13.  Finally, in United States v. Godwin, the FTC targeted a social networking website directed to children ages 7 to 14.  Case No. 11-cv-03846-JOF, FTC File No. 1123033 (N.D. Ga. Nov. 8, 2011).  The FTC charged Godwin, the operator of www.skidekids.com (a website that markets itself as the "Facebook and Myspace for kids") with COPPA violations for collecting personal information from children without obtaining prior parental consent and with violating the FTC Act for making allegedly deceptive claims about its information collection practices by stating that children must provide a parent’s valid email address to register, when in fact the site permitted children to register without a parent’s email address.  The Order imposed a $100,000 civil penalty (although all but $1,000 of this amount could be suspended if Godwin provides truthful information about his financial condition and complies with the Order’s oversight provision).  Notably, the FTC’s action targeted the operator of the website in his individual capacity, rather than his company–a trend that may be of particular interest to app developers and start-up tech companies.  Like W3, Godwin was also ordered to destroy personal information obtained in violation of COPPA and, for a limited time, to link to educational material and to retain an online privacy professional to oversee any COPPA-covered websites.           Proposed Revisions to COPPA In response to the dramatic increase in mobile and online products used by children, the FTC proposed a number of substantial amendments to COPPA to modify the Act’s definitions and requirements regarding provision of parental notice, parental consent mechanisms, security of children’s personal information, and oversight of self-regulatory safe harbor programs.  Children’s Online Privacy Protection Rule, 76 Fed. Reg. 59,804.  FTC Chairman Jon Leibowitz explained that the proposed revisions to the law were prompted by "an explosion in children’s use of mobile devices, the proliferation of online social networking and interactive gaming."[3]  The most significant and controversial proposed change to COPPA is an expanded definition of "personal information" that dramatically enlarges the scope of information covered by the Act.  For the first time, the FTC’s proposed definition would include geolocation information.  In addition, the FTC would expand the scope of persistent identifiers covered by the Act to include any persistent identifier used for functions other than the operator’s own internal operations (potentially sweeping in all persistent identifiers contained in third-party cookies, for example, even when they do not contain individually identifiable information).[4]  The tech industry has urged the FTC to abandon this revision, citing a significant impact on innovation as well as privacy.  Web-based services, such as Google and Yahoo, and telecommunications carriers, such as AT&T and Verizon, caution that treating persistent identifiers like personal information "could negatively impact the way many web services have been designed to function, and would have a devastating impact on the advertising that supports the flow of free online content."[5]  In addition to negatively impacting businesses, the proposed change has the potential to undermine COPPA’s confidentiality objectives: "[p]lacing identifiers on a level playing field with other personal information could result in the collection of more, rather than less, personal information" and could "reduce incentives for businesses to take privacy-enhancing steps to anonymize or de-identify the child’s personal information."[6] The FTC has also proposed significant changes to the manner of parental notice and consent, requiring that operators provide an in context, "just-in-time" notice concerning its collection of children’s personal information (as opposed to disclosing that information in a privacy policy)–a requirement that may be particularly challenging to implement in a mobile environment.  As to consent, the FTC has proposed to eliminate the "e-mail plus" method for obtaining consent from parents, while adding new, more complex methods for operators to obtain verifiable parental consent, including electronic scans of signed parental consent forms, video-conferencing, and use of government-issued identification checked against a database. Many companies have expressed concern with the FTC’s notice and consent proposals, noting that "in an environment where many companies offer services on the same webpage . . . it is becoming increasingly unworkable for each operator to provide notice and obtain parental consent."[7]  There is particular concern over the FTC’s proposal to eliminate "e-mail plus," which many sites and services have integrated into their products to ensure compliance with COPPA.  Eliminating what had long been a widely accepted method of consent "pulls the rug out from under them and creates major short-term marketplace uncertainty."[8]  The Center for Democracy and Technology has criticized the FTC’s proposed new method of consent via government-issued identification, warning that the method only proves the operator has received someone’s ID, as it cannot verify that the person on the ID is in fact a parent of the minor.[9] The FTC also has proposed revisions intended to impose greater responsibility on companies that disclose children’s personal information to third parties (such as platforms that disclose information through APIs to third-party developers), as well revisions intended to increase oversight over self-regulatory industry groups that implement safe harbor programs under COPPA. The comment period on the proposed changes closed on December 23, 2011, and it is unclear how the FTC will respond to these concerns.  The outcome of these issues will have significant implications for online and mobile developers and services, particularly the increasing number that are used by children. Back to Top III.   Criminal Enforcement 2011 demonstrated that cybercrime continues to be a priority for U.S. law enforcement officials.  In recent years, the FBI has repeatedly stated that cybercrime was the agency’s number three priority after counterterrorism and counterintelligence, and FBI officials, including Director Robert Mueller, have emphasized that they expect computer-related threats to increase in the future.  The past year saw a number of developments relating to criminal prosecutions of cybercrime, detailed below, including new enforcement strategies and challenges to the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. § 1030.  The CFAA establishes federal criminal penalties and a civil cause of action for unauthorized computer access, and is the primary federal statute used to prosecute computer hacking and misuse cases.  Among its other provisions, the CFAA creates a criminal cause of action against any person who "intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer," or who "intentionally accesses a protected computer without authorization."  See 18 U.S.C. §§ 1030(a)(2)(C), (a)(5)(C), and (g).           United States v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010) In a decision issued on December 27, 2010, the Eleventh Circuit upheld the conviction of Roberto Rodriguez, a former employee of the Social Security Administration ("SSA"), for criminal violations of the CFAA based upon his unauthorized use of SSA databases to access individuals’ personal records for non-business reasons.  The Eleventh Circuit ruled that, although Rodriguez was authorized to access the SSA databases, he exceeded his authorized access by using the databases for non-business reasons even after being notified of SSA policies prohibiting employees from such use and warning them of potential criminal penalties.  Mr. Rodriguez was sentenced to one year’s imprisonment.  This case is among the latest examples of the criminal prosecution of "insiders"–employees convicted of exceeding authorized access to their employer’s computer network–and stands as a reminder of that ever-present threat.           United States v. Kramer, 631 F.3d 900 (8th Cir. 2011) Neil Kramer pleaded guilty to transporting a minor in interstate commerce with the intent to engage in criminal sexual activity and acknowledged using his cellular telephone to communicate with the victim for a six-month period prior to the offense.  The Eighth Circuit affirmed the district court’s conclusion that the phone was a "computer" within the meaning of the CFAA that was used to facilitate the offense, and Kramer’s actions therefore merited an enhancement to his prison sentence under the federal sentencing guidelines.  In reaching this conclusion, the Eighth Circuit confirmed the breadth of the CFAA, noting that the CFAA’s definition of a computer is "exceedingly broad" and includes "any device that makes use of a[n] electronic data processor," regardless of an Internet connection.           United States v. Scheinberg, No. 10-CR-336 (S.D.N.Y. Mar. 10, 2011) On April 15, 2011, the government announced charges against the founders of the three largest Internet poker companies operating within the United States–PokerStars, Full Tilt Poker, and Absolute Poker–alleging that the companies engaged in bank fraud, money laundering, and violations of gambling laws including the Unlawful Internet Gambling Enforcement Act ("UIGEA").  The indictment charged that the defendants, over a nearly five-year period, created phony merchants to process payments to their sites after the passage of the UIGEA prompted banks and payment processors to refuse to process their transactions.  Further, the FBI seized the domain names of five related websites, preventing user access to the sites.  This case and a related civil lawsuit brought by the government represent the Department of Justice’s most significant recent attempt to pursue Internet gambling operators.  Relatedly, the DOJ’s Office of Legal Counsel issued an opinion on December 23, 2011, stating that the Federal Wire Act only applies to interstate transmissions of wire communications that relate to "a sporting event or contest."  This is contrary to the Criminal Division’s previous view that the U.S. operations of virtually any type of Internet gambling site would violate the Wire Act.  Thus, it is likely that future criminal prosecutions will rely on the UIGEA as in Scheinberg.           United States v. Nosal, 642 F.3d 781 (9th Cir. 2011), en banc rehearing granted In a closely watched case that has garnered significant national media attention, the Ninth Circuit has agreed to an en banc rehearing of a case that will have enormous impact on future prosecutions under the CFAA.  Nosal is one in a line of cases in which contract-based violations of computer terms of use are equated with "exceeding authorized access" under the CFAA, and thus serve as the basis for criminal charges.  This case tests the limits of the CFAA’s scope, making the en banc rehearing particularly significant.  In April 2011, a three-judge panel of the Ninth Circuit reversed the district court’s granting of David Nosal’s motion to dismiss the indictment, holding that an employee "exceeds authorized access" within the meaning of the CFAA when an employee violates an employer’s computer access restrictions, including use restrictions.  Similar to a growing number of employee disloyalty cases involving confidential computer data, Nosal, a former employee of the executive search firm Korn/Ferry International, allegedly obtained confidential information from one of his employer’s databases, which he planned to use to establish his own competing executive search firm.  Critics of the decision have argued that the Ninth Circuit’s ruling broadens the scope of the CFAA and that, under Nosal, even minor violations of an employer’s computer use policies would create the potential for criminal liability.  The Ninth Circuit agreed to review the case en banc and oral arguments were heard in December 2011, but no decision has yet been issued.           United States v. Fricosu, No. 10-CR-00509-01-REB (D. Colo. May 6, 2011) In a case that implicates the law governing search and seizure of computer data, including Fourth and Fifth Amendment issues, on January 23, 2012, a district court judge ordered Ramona Fricosu, who was charged with perpetrating a complex mortgage fraud, to unlock the hard disk of her seized laptop computer, which utilized full hard disk encryption.  The judge ruled that compelling the production of documents stored on the encrypted hard drive did not violate the Fifth Amendment privilege against compelled testimony and also found that the government had met its burden to show that Fricosu either owned the laptop or was its primary user.  Fricosu would not necessarily be required to reveal her actual password in order decrypt the computer data–for example, she could enter the password into the laptop directly.  The decision in this case is a significant contribution to the growing body of case law on this issue.  Several previous cases involving similar issues have been decided in recent years.  In In re Boucher, No. 06-MJ-91, 2009 WL 424718 (D. Vt. Feb. 19, 2009), the first case to test whether an individual could be constitutionally compelled to provide an encryption key to decrypt computer data, immigration officials seized a laptop held by Canadian national Sebastien Boucher as he entered the United States from Canada, after the officials detected images that appeared to contain child pornography on the laptop.  The laptop was subsequently shut down and its files were encrypted behind a password.  A magistrate judge ruled that compelling Boucher to provide the password would compel testimonial evidence in violation of the Fifth Amendment privilege against self-incrimination, but was later overruled by a district court judge, and Boucher subsequently decrypted the laptop. However, later cases took positions contrasting with Boucher.  In United States v. Kirschner, No. 09-MC-50872, 2010 WL 1257355 (E.D. Mich. Mar. 30, 2010), a district court judge quashed a subpoena to compel the defendant to reveal his password to an encrypted computer, noting that the government was seeking incriminating testimony from the defendant by compelling him to reveal his password, which was unconstitutional under the Fifth Amendment.  And in United States v. Rogozin, No. 09-CR-379, 2010 WL 4628520 (W.D.N.Y. Nov 16, 2010), a magistrate judge suppressed evidence from a seized laptop because the defendant had not been notified of his Miranda rights before law enforcement officials asked for his laptop password in an oral interview.  The magistrate judge ruled that the defendant’s response to the questions of federal agents constituted incriminating testimony. In Fricosu, prosecutors argued that the encrypted laptop is a form of physical evidence and that failing to compel Fricosu to decrypt the data would permit future criminal defendants to evade search warrants through the increasingly common use of computer encryption.  Fricosu and an amicus curiae brief filed by the Electronic Frontier Foundation, citing Kirschner, Rogozin, and the magistrate judge’s decision in Boucher, argued that the password is a form of knowledge and that compelling Fricosu to decrypt the data would violate her Fifth Amendment privilege against self-incrimination.           United States v. Pu, No. 11-CR-00699-1 (N.D. Ill. Oct. 10, 2011) In yet another employee disloyalty case, Yihao Pu, a former employee of an asset management firm, was charged with criminal theft of trade secrets for using unauthorized computer software on his employer’s computer to circumvent access restrictions and obtain confidential trading information.  The complaint alleged that the compromised information would give a significant advantage to competitive businesses and that trades using that information would undermine the firm’s trading strategies.  The fact that this case was prosecuted as a trade secrets case, rather than as a computer hacking case under the CFAA, serves to demonstrate the variety of tools federal prosecutors have at their disposal in pursuing cybercrime.  As of this writing, Pu is currently free on bail and awaiting indictment.           United States v. Dotcom, No. 12CR3 (E.D. Va. Jan. 5, 2012) On January 19, 2012, the Department of Justice announced that it had charged Megaupload, an online file-sharing website, and seven individuals with operating an "international organized criminal enterprise" engaged in racketeering, money laundering, and copyright infringement.  In its indictment, the government alleged that Megaupload generated more than $175 million in revenue and led to more than $500 million in damage to copyright holders.  Megaupload allegedly employed a business model designed to promote copyright infringement, which offered financial incentives to users who uploaded infringing content, and Megaupload failed to terminate the accounts of users who it knew had engaged in copyright infringement.  A district court judge ordered the seizure of 18 domain names affiliated with Megaupload, and four of the individual defendants were arrested in New Zealand.  The case continues the trend of seizing domain names and shutting down websites as an enforcement tool and highlights the level of international cooperation in cybercrime investigations. Back to Top IV.   Legislative Developments While privacy and information security are invariably hot topics in the political arena, 2011 proved to be a uniquely active year in this area, as many proposals tackling cybersecurity, personal privacy, online infringement and data breach notification were introduced at the federal level.  While the prospects of the following bills are difficult to predict with certainty, some of the most notable proposals are discussed below. A.   Stop Online Piracy Act ("SOPA") and the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act ("PROTECT IP Act" or "PIPA") SOPA and PIPA are the House and Senate versions of what were easily the most controversial pieces of privacy-related legislation introduced in 2011, both intended to combat "rogue websites" committed to online piracy. Representative Lamar Smith (R-TX) introduced the House version of the bill, H.R. 3261, known as SOPA, on October 26, 2011.  The law would, in relevant part, permit the Attorney General or an injured holder of an intellectual property right to sue a website owner, website operator, or domain name registrant of a "foreign infringing site" committing or facilitating the criminal violation of a U.S. user’s intellectual property rights.  The Attorney General could seek court orders to have ISPs block access to the infringing site, block payment network providers from completing transactions with the site, prevent advertisers from continuing to advertise on the site, and have search engines take reasonable measures to prevent the site from being served as a direct link, within five days of receipt of the order.  Individual rights holders could seek similar injunctive relief after a two-step notification procedure (restricting payment and advertising, but not ISPs or search engine results).  Senator Patrick Leahy (D-VT) introduced the Senate version of the bill, S. 968, known as the PROTECT IP Act or PIPA, on May 12, 2011.  Similarly to SOPA, PIPA would give the Attorney General or an injured copyright or trademark holder the right to commence an action against website owners or operators, or against domain name registrants, if either were "dedicated to infringing activities," meaning that the site has "no significant use other than engaging in, enabling, or facilitating" copyright or trademark infringement, or "is designed, operated, or marketed by its operator or person operating in concert with the operator, and facts or circumstances suggest is used, primarily as a means for engaging in, enabling, or facilitating" the same.  Another portion of the bill would have also permitted the Attorney General or injured plaintiffs to seek court orders to compel ISPs to block allegedly infringing websites’ domain names or web addresses, if the website or domain name has certain connections to the United States, conducts business directed to United States residents, and harms holders of United States intellectual property rights.  The legislation has inspired robust debate.  Supporters of the bills view the legislation as a targeted means to combat rogue websites dedicated to counterfeiting and piracy, particularly those based abroad.  The bills inspired a groundswell of opposition from supporters of the technology sector, including many who had not previously been involved in the political process.  Critics of the bills raised concerns about censoring websites for hosting infringing content, chilling innovation, and other privacy concerns. As a result of the flurry of protests in mid-January 2012 (political activism which is, in and of itself, a notable trend), several former House and Senate co-sponsors of the bills pulled their support, leaving the future of both bills in doubt.  A scheduled vote to bring PIPA to the Senate floor for debate on January 24, 2012 was postponed indefinitely on January 20, 2012.  SOPA was referred to the House Judiciary’s Subcommittee on Intellectual Property, Competition and the Internet, with hearings and markup sessions being held through December 2011. B.   Online Protection and Enforcement of Digital Trade Act ("OPEN Act")  Opponents of PIPA, led by Senator Ron Wyden (D-OR), introduced the OPEN Act, S. 2029, on December 17, 2011.  The OPEN Act–which would amend the Tariff Act of 1930–would authorize the International Trade Commission (rather than the Justice Department) to issue cease and desist orders against websites dedicated to infringing activity.  The orders would restrict payments from being made to, and advertisements from being made on, infringing websites served with such orders, "as expeditiously as reasonable." Senator Wyden has reportedly promoted the OPEN Act as an alternative to SOPA and PIPA that would achieve the same goals "without the collateral damage."  Critics of the OPEN Act, however, argue that SOPA and PIPA may be more effective at combatting piracy sites that make money from foreign advertisers, and that the OPEN Act would give the executive branch too much power to pardon foreign websites for mere "policy reasons."  The OPEN Act was referred to the Senate Finance Committee. C.   Notable Federal Privacy and Data Breach Legislation The following three related bills have all been reported out of committee and are awaiting Senate consideration.           Personal Data Privacy and Security Act (including Proposed Amendments to Computer Fraud and Abuse Act) Senator Patrick Leahy (D-VT) introduced the Personal Data Privacy and Security Act, S. 1151, on June 7, 2011.  The bill would create several new federal crimes for unauthorized access to personal information, pertaining to hacking, identity theft, and security breaches.  The bill would also require certain government agencies and private business entities that use, access, transmit, store, dispose of, or collect personally identifiable information to establish certain security measures, and provide data breach notices to affected individuals. Entities engaging in interstate commerce that collect, access, transmit, use, store, or dispose of sensitive, personally identifiable information on 10,000 or more United States persons would have to establish a data privacy and security program designed to ensure the security of such information.  Covered entities would be required to engage in periodic risk assessments of its security program and train employees accordingly for its implementation within a year of the law’s implementation.  Financial institutions regulated by the Gramm-Leach-Bliley Act and HIPAA-regulated entities would be exempt from these requirements because those statutes provide similar rules.  The bill includes steep civil and criminal penalties. Notably, the bill also contained proposed amendments to the CFAA.  The bill adopts (in revised form) Senators Chuck Grassley’s (R-IA) and Al Franken’s (D-MN) proposals to amend 18 U.S.C. § 1030(g) to state that no action may be brought under the CFAA for Terms of Service violations based upon unauthorized access or access in excess of authority.  In addition, Senator Leahy’s proposed amendments to the CFAA would substantively rewrite the statute to punish accessing particular categories of information, and would create new penalties for aggravated damage to a critical infrastructure computer.  The Senate Judiciary Committee filed a written report on the bill in November 2011, and it is awaiting Senate consideration.           Data Breach Notification Act Senator Dianne Feinstein (D-CA) introduced the Data Breach Notification Act, S. 1408, on July 22, 2011.  Feinstein’s bill would establish one federal data breach notification standard whenever an agency or business entity engaged in interstate commerce that uses, access, transmits, stores, disposes of, or collects sensitive personally identifiable information discovers a breach has occurred.  Covered entities would be required to notify affected owners or licensees of such breaches "without unreasonable delay" following the breach according to specified content notification provisions.  Reasonable delay could include the time necessary to determine the scope of the breach, prevent further disclosures, restore the integrity of affected system, and provide notice to law enforcement.  Notice generally would not be required if the agency or business entity concluded that there was "no significant risk" that a breach resulted in or would result in harm to the affected individual. If the breach is reasonably believed to have affected over 5,000 residents of a state, major media outlets would have to be notified.  If the breach is reasonably believed to have affected over 10,000 people or involved particularly large databases (or those owned by the federal government), the United States Secret Service must be notified.  Other law enforcement agency notification provisions are also included if the breach involves particularized circumstances such as espionage or mail fraud, for example.  The law would be enforced by state attorneys general, providing for severe civil penalties and possible injunctive relief. The Judiciary Committee held a hearing on the bill in September 2011, and the bill was ordered reported out to the Senate with amendments.           Personal Data Protection and Breach Accountability Act Senator Richard Blumenthal (D-CT) introduced the Personal Data Protection and Breach Accountability Act, S. 1535, on September 8, 2011.  The bill would provide for criminal fines or imprisonment for the intentional or willful concealment of security breaches resulting in harm to any person.  The bill further prohibits the interception, redirection, monitoring, manipulation, aggregation or marketing of an authorized user’s web search or query without that user’s consent and without clear and conspicuous disclosure of the data collected.  The bill would also require interstate companies that use, access, transmit, store, dispose, or collect personal information pertaining to more than 10,000 people to implement a comprehensive security program to safeguard that information from vulnerabilities or unauthorized access.  Among the extensive notification provisions, the bill would require that such companies notify affected individuals of a security breach without unreasonable delay (while providing for certain exceptions for federal law enforcement and the intelligence community), and provides for the methods and content of such notice.  Companies required to provide notice to individuals would also be required to provide for the affected individual at no cost, upon his or her request, quarterly consumer credit reports, credit monitoring services, a security freeze on the individual’s credit report, and compensation for damages caused by the security breach. The bill provides for exceptions for HIPAA-regulated entities and financial institutions covered by Gramm-Leach-Bliley, among a few other exceptions.  The bill is enforceable by the Attorney General, FTC, and state attorneys general, but also would permit individuals to bring civil actions to obtain injunctive relief or to recover damages (including punitive damages) for violations of the notice requirements. The bill was placed on the Senate’s Legislative Calendar under General Orders.           White House Cybersecurity Legislative Proposal The Obama administration has pursued a comprehensive national cybersecurity agenda, publicly stating a desire to invest in and secure the nation’s digital infrastructure as a means of combatting repeated cyber intrusions and an increase in cybercrime.  The administration has further expressed the view that our cybersecurity law requires updating in order to properly defend against such threats.  To that end, on May 12, 2011, the White House released a Cybersecurity Legislative Proposal to provide input for Congressional consideration.  The proposal has two central goals.  First, it suggests a framework for national data breach reporting, to simplify and standardize the patchwork of state laws currently in place.  Second, it would enhance criminal penalties for cybercrimes and extend the Racketeering Influenced and Corrupt Organizations ("RICO") Act to cover cybercrimes. The White House proposal would also enable the Department of Homeland Security ("DHS") to help private sector companies or state and local governments with responding to data breaches, and would permit voluntary information sharing between those entities and DHS, while providing immunity for those entities when doing so.  Additionally, the proposal envisions centralizing (largely through DHS) management of cybersecurity, recruitment of cybersecurity professionals, installation of intrusion prevention systems, and embracing cloud computing. The House and Senate are considering several pieces of legislation that incorporate pieces of the White House proposal, including the Federal Protective Service Reform and Enhancement Act, H.R. 2658 (referred to two committees and forwarded with markups to House Homeland Security Committee by voice vote in July 2011) and the Cyber Intelligence Sharing and Protection Act, H.R. 3523 (referred to the House Committee on Intelligence in November 2011).           Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act ("PRECISE Act") Representative Daniel Lungren (R-CA) introduced the PRECISE Act, H.R. 3674, on December 15, 2011.  That bill would give the DHS authority to protect federal and critical infrastructure systems, conduct risk assessments, coordinate with other entities, and designate a lead cybersecurity official to report to Congress.  The bill would further authorize coordinating the development of sector-specific security standards, and would create a National Cybersecurity Authority to centralize national cybersecurity efforts.  Lungren’s bill would also create a nonprofit organization to serve as a national clearinghouse for cybersecurity threat information, called the National Information Sharing Organization.  The board of directors would be composed of a representative from the DHS, four representatives from three different Federal agencies with significant responsibility for cybersecurity, ten representatives from specific private sectors (including at least one member representing a small business interest), two representatives from the privacy and civil liberties community, and the Chair of the National Council of Information Sharing and Analysis Centers. The bill was referred to the House Subcommittee on Technology and Innovation on January 12, 2012. Some other notable federal legislative efforts in the past year include: Senator Patrick Leahy (D-VT) introduced a bill, S. 1011, on May 17, 2011 to amend the Electronic Communications Privacy Act.  Senator Leahy’s amendment would require the government to obtain warrants to access any e-mails or wireless communications (eliminating the statute’s current distinction permitting the government to access such communications over 180 days old with a court order rather than a warrant).  It would further require disclosure to affected individuals within three days (absent the government obtaining a court order granting delayed notice for up to 90 days for investigative or security-related reasons).  Finally, the amendment would require warrants to obtain individuals’ geolocation information.  The bill was referred to the Senate Judiciary Committee, but no further action has been reported since. Senator Mark Pryor (D-AR) introduced the Data Security and Breach Notification Act, S. 1207, on June 15, 2011.  This bill would require covered entities (including "information brokers") owning, possessing, or contracting with third parties to maintain personal information to establish and implement reasonable information security safeguards for such information.  It would also establish a national standard for data breach notification, requiring covered entities to notify affected individuals and the FTC within 60 days unless the entity could prove that doing so was not feasible for enumerated practical reasons, or upon written notice of a law enforcement or national security agency.  The bill details the notification required, along with substitute notification methods for unusual circumstances such as when normal notification methods would be exceedingly costly.  Covered entities may also be required to arrange for free consumer credit reports or credit-monitoring services at the affected individual’s request, for up to two years.  The bill, which provides for stiff civil penalties, would be enforced jointly by the FTC and state attorneys general.  An entity would be exempt from the notice provisions if it determined that a breach presented no reasonable risk of identity theft, fraud, or other unlawful conduct.  The bill was referred to the Senate Committee on Commerce, Science, and Transportation, but no further action has been reported since. Senator John Kerry (D-MA) introduced the Commercial Privacy Bill of Rights Act, S. 799, on April 12, 2011.  Largely tracking recommendations of the Department of Commerce, this bill would be the nation’s first comprehensive federal privacy law, covering data across all sectors and industries.  The law, enforceable by the FTC, would apply to "covered entities" maintaining covered information concerning over 5,000 people, including common carriers and nonprofit organizations, but excluding financial institutions.  The law would have an opt-out standard for "non-sensitive" personally identifiable information ("PII"), and an opt-in standard for "sensitive" PII.  Covered entities would be required to implement "reasonable security measures," and would be required to provide "clear, concise and timely notice" to individuals regarding the entity’s privacy practices (and any material changes thereto).  The law would also require giving individuals reasonable access to request correction or to cease collection of their information in certain circumstances.  The law would further impose certain restrictions and opt-in requirements before PII can be transferred to third parties, unless companies participate in an FTC safe harbor pre-approval program under an opt-out standard.  Covered entities would be permitted to seek only as much covered information as reasonably necessary, retain it only for as long as necessary, and would be required to establish and maintain reasonable procedures for ensuring the accuracy of the information being retained.  State attorneys general and FTC could seek civil penalties when companies do serious harm, but the law would provide no private right of action. The bill was referred to the Senate Commerce, Science and Transportation Committee in early 2011, but no further action has been reported since.  Back to Top V.   Data Security Data security breaches and their consequences continued in 2011 to be a burgeoning area of attention and concern for businesses, government enforcement agencies, and private litigants.  One needed to look no further than the mainstream news media for evidence of the escalating magnitude, sophistication, and cost of data breaches.  As a result, sophisticated businesses that handle sensitive customer, employee, or commercial information are not only increasing their attention and investment in data security, but also taking steps to anticipate the potential for breach incidents in spite of their best efforts.  We will be discussing leading-edge strategies for preparing for and responding to a security incident or vulnerability report in a complimentary client briefing on February 29, 2012 entitled Data Breaches, Hacks and Vulnerabilities: Leading Strategies for Responding to a Data Breach Incident.  The one-hour briefing will discuss important considerations for any business that handles consumer, business or personal information in today’s rapidly evolving technical and legal environment.  Please click here for additional information and to register for the briefing. Below we illustrate a sampling of high-profile data breach incidents that occurred in 2011 and some of the potential trends they illustrate, followed by an update of legal developments relating to breach notification obligations, and a discussion of insurance issues that may arise from data breach incidents. A.   High-Profile Breach Incidents and Trends from 2011                    Citicorp In May, hackers succeeded in breaching Citicorp’s online account system.  According to published reports, personal account information for a subset of Citicorp’s 21 million customers may have been exposed, including account information for more than 360,000 of the company’s U.S. credit card holders.  The hackers were able to infiltrate the bank by first logging onto Citicorp’s online credit card website and then inserting account numbers into the text in the address bar to access various accounts.  The breach, one of the first known hacking cases at a bank, was discovered during routine system maintenance.  Despite the banking industry’s significant focus on data security, hackers continue to target businesses in the financial sector and to find new vulnerabilities to exploit, in large part due to the potential value of the data they handle, such as payment card and account information.           Epsilon Epsilon, a unit of Texas-based Alliance Data Systems, manages email marketing and communications for more than 2,500 clients, including prominent businesses such as Best Buy, Marriott International, Chase, Capital One, and Citigroup.  In April, Epsilon reported a massive data security breach that exposed millions of individual email addresses and consumer names.  Although sensitive financial information was not exposed, the information obtained by hackers could be used to send personalized emails in "phishing" scams.  In a phishing scam, hackers send fake emails pretending to be a company with which the consumer does business.  The emails trick customers into clicking a link that installs malware or spyware or asks for credit card or login information to the customer’s account with that business where more sensitive data is stored.  Given that data such as that exposed in the Epsilon breach can facilitate phishing and similar scams, this data can have considerable value to online fraudsters even if no financial information or personally identifying information is involved. *   *   * As these and numerous other high-profile breach incidents illustrate, hacking attacks continue to grow in both size and sophistication.  At the same time, a growing segment of the legal industry stands ready to press private litigation on behalf of those whose information is potentially compromised, often within days or even hours of a breach coming to light, and frequently without any evidence of direct financial harm or misuse of the data that was compromised.  Both of these trends are illustrated in the recently announced Zappos breach.  Within a day of announcing that one of its servers had been infiltrated, thereby potentially exposing limited customer data, Zappos was named in multiple class action lawsuits brought on behalf of customers despite the absence of direct financial loss on their part.  Moreover, data security issues are no longer limited merely to businesses that handle or host significant amounts of user data.  Hewlett-Packard ("HP"), for example, was targeted during 2011 in a class action lawsuit following media reports that researchers had developed a malicious tool that could allow hackers to take control of HP printers through embedded firmware, even though no evidence existed that such an attack had ever taken place.  These and other suits illustrate the readiness of private litigants to bring suit based on new and creative theories of liability, although–as discussed in the class actions section above–it is unclear which of these theories ultimately will gain traction and survive legal challenges. Given the volume and increasing sophistication of data breach attacks, as well as the exponential growth in the volume and potential value of stored personal data, attention in the information technology sphere has evolved from simply preventing an attack to being prepared for one.  Virtually no commercial network is truly hacker-proof, and so while prudent businesses invest in the means to detect, rebuff, and contain potential intrusion, many CIOs and in-house counsel also recognize that the prospect of a data security incident is not so much a question of "if," but "when."  The new goal, then, is not just to maintain best practices defenses, but also to have the right structure in place to respond to a breach.  As part of this new paradigm, many businesses are recognizing the importance of planning for a potential breach incident even before it occurs.  Since data security incidents are extremely fast moving, involve high potential exposure, and implicate many different disciplines, sophisticated businesses have developed formal data breach incident response plans. B.   2011 Developments in Breach Notification Obligations The U.S. has yet to enact a uniform national law on data breach notification.  Accordingly, for now, businesses must contend with a patchwork quilt of local statutes in 46 states, the District of Columbia, Puerto Rico and the Virgin Islands requiring notification to those impacted by security breaches involving personal information.[11]  Data security attacks also frequently precipitate law enforcement and government regulatory agency attention, including by the Department of Justice, the FBI, the Federal Trade Commission, and state attorneys general.  In addition, particularly high-profile breaches have subjected the companies involved to inquiries from Congress and requests to testify in congressional hearings.  Moreover, individual executives must be aware of their potential exposure in this setting.  On April 7, 2011, the Securities and Exchange Commission for the first time assessed fines against three former executives of broker-dealer GunnAllen Financial, Inc.  Without admitting or denying the SEC’s findings, the three former executives agreed to settle charges that they had violated Regulation S-P of the Securities Exchange Act of 1934 by failing to protect confidential information about their customers.[12] In the absence of a unified federal statute addressing breach notification obligations, entities are subject to a patchwork quilt of state statutes, narrow federal laws regulating specific industries (such as financial institutions), and specific regulatory obligations.  Two developments during 2011 elaborate on these emerging standards.           SEC Guidance on Breach Reporting On October 13, 2011, the SEC Division of Corporation Finance released guidance that assists public companies in assessing what disclosures should be made when faced with cybersecurity risks and incidents.  SEC, CF Disclosure Guidance: Topic No. 2–Cybersecurity (Oct. 13, 2011).  The guidance provides an overview of disclosure obligations under current securities laws, acknowledging that no existing disclosure requirements explicitly refer to cybersecurity risks and incidents but that a number of existing disclosure requirements may impose an obligation upon registrants to disclose such risks and incidents.  In addition to the brief summary that follows, we discuss the SEC’s guidance in greater detail in our October 17, 2011, client alert, SEC Issues Interpretive Guidance on Cybersecurity Disclosures Under U.S. Securities Laws.            Risk Factors The guidance provides that public companies should disclose risk of cybersecurity incidents in their risk factors if "these issues are among the most significant factors that make an investment in the company speculative or risky."  Companies are expected to evaluate their cybersecurity risks, taking into account all relevant information, including the following: prior cybersecurity incidents and the severity and frequency of those incidents; the probability of cybersecurity  incidents occurring and the qualitative and quantitative magnitude of those risks, including potential costs and other consequences resulting from misappropriation of assets or sensitive information, corruption of data or operational disruption; and the adequacy of preventative actions taken to reduce cybersecurity risks in the context of the industry in which they operate and risks to that security, including threatened attacks of which they are aware. If the company finds that a disclosure related to cybersecurity risks is necessary, it "must adequately describe the nature of the material risks and specify how each risk affects the registrant," avoiding general "boilerplate" disclosure.  Management’s Discussion and Analysis of Financial Condition and Results of Operations ("MD&A") The guidance also advises public companies to address cybersecurity risks and incidents in their MD&A "if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represent a material event, trend, or uncertainty that is reasonably likely to have a material effect on the registrant’s results of operations, liquidity, or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition."  For example, the MD&A should discuss a material reduction to a company’s revenues due to a loss of customers following a cybersecurity incident, or a material increase in costs resulting from litigation linked to a cybersecurity incident, or related to protecting the company from future cyber incidents.           Description of Business Public companies should discuss cybersecurity incidents in their Description of Business to the extent that such incidents materially affect a company’s products and services, relationships with customers or suppliers, or competitive conditions.  Such disclosure should consider the impact of cybersecurity incidents on each reportable segment.           Legal Proceedings Companies may need to include in their Legal Proceedings disclosure a discussion of any pending material legal proceeding involving a cybersecurity incident where the company or any of its subsidiaries is a party to the litigation.           Financial Statement Disclosures Cybersecurity risks and incidents may have significant effects on a company’s financial statements.  For example, prior to a cybersecurity incident, a company may incur substantial costs in the development of preventative measures.  During and after a cybersecurity incident, companies may offer customers additional incentives to encourage customer loyalty, and may incur significant losses and diminished cash flows resulting in impairment of certain assets.  Companies should ensure that any such impacts to financial statements are accounted for pursuant to applicable accounting guidance.           Disclosure Controls and Procedures Companies should consider the risks that cybersecurity incidents may pose to the effectiveness of their disclosure controls and procedures.  If it is reasonably possible that a cybersecurity event might disrupt a company’s ability to provide the SEC with information required to be disclosed in SEC filings, then a company may conclude that its disclosure controls and procedures are ineffective.           California State Notification Law Amendments In 2011, California amended its security breach notification law with changes that went into effect on January 1, 2012.  The updated law mandates a number of additional requirements for entities that have experienced a data breach incident.  Most notably, the updated law touches on two important disclosure requirements. First, the notification sent to affected California residents must include certain mandatory content, such as the name and contact information of the reporting entity, the types of personal information that were potentially leaked, the date of the breach (if known), the date of the notice, whether notification was delayed as a result of a law enforcement investigation, a general description of the breach incident, and toll-free telephone numbers and addresses of the major credit reporting agencies (if the breach exposed a social security number or a California driver’s license or identification card number).  Additionally, the entity may, at its discretion, include information about what it has done to protect individuals whose information has been compromised and provide advice on steps that such individuals can take to protect themselves.  The law requires that the notice must be written in "plain language," requiring entities to ensure that the notice is plain and easy to understand. Second, the updated law requires entities that are required to issue breach notices to more than 500 California residents as a result of a single breach incident to also submit an electronic "sample copy" of its security breach notification directly to the California attorney general. C.   Insurance Issues Given the complexity and expense (and, some might say, the inevitability) of responding to data breach incidents, the availability of financial protection through insurance coverage tailored to data breach losses has become a significant and growing area of attention.  Many businesses confronted with a data breach incident have found, to their dismay, that claims arising from a breach may not readily fit within their standard Commercial General Liability ("CGL") coverage.  Insurers frequently reject claims in connection with breach liabilities as falling outside typical CGL coverage for "bodily injury," property damage," and the like.  Moreover, some insurers have taken the position that claims arising from a data security breach are expressly excluded by their policy terms.    Similar disputes may arise in connection with claims for "loss of use" of tangible property, as is often covered under CGL policies.  Even though lost or damaged data may itself be considered intangible, coverage may be triggered by, for example, a company’s loss of use of infected servers or other network assets due to a hacker attack.  In response, however, express exclusions for data breaches and other cyber claims are becoming more common in CGL policies. Given this potential gap in coverage, many businesses are considering the purchase of policies that specifically protect against losses resulting from data breach incidents.  These increasingly common policies can include both first-party and third-party protections.  First-party protections can include payment for loss of digital assets, cyber-extortion, cyber-terrorism, and expenses such as consumer notification costs.  Third-party liability coverage can include disclosure injury (such as lawsuits alleging unauthorized access to or dissemination of the plaintiff’s private information), content injury (such as suits arising from intellectual property infringement), reputational injury (such as lawsuits alleging disparagement of products or services, libel, slander, defamation, and invasion of privacy), conduit injury (such as suits due to system security failures that result in harm to third-party systems), and impaired access injury (such as suits arising from system security failure resulting in an insured’s system being unavailable to its customers).  Given the broad coverage provided by cybersecurity policies, companies with large amounts of sensitive data should carefully consider the costs and potential benefits of maintaining such coverage. Back to Top VI.   International Developments A.   European Union           Proposed New Privacy Regulation to Replace Data Protection Directive On January 25, 2012, the European Commission released its proposed new regulation that would replace the 1995 Data Protection Directive (the "Directive").  The aim of the new regulation is to update the outdated Directive to deal with technical developments and to unify the existing data privacy legislation of each EU member state.  We discuss this significant legislative proposal in our client alert Proposed EU Privacy Rules Add to the Burden on International Business.           Implementation of EU Cookie Consent Requirement Since 2003, the European Union’s Privacy and Electronic Communications Directive (the "e-Privacy Directive") has required website operators and others who place cookies[13] on users’ computers to inform the users about the purpose of the cookie and to give a right to opt out.  The European Union took additional steps to strengthen this obligation on May 25, 2011, by amending Article 5(3) of the e-Privacy Directive, which now requires that website operators obtain consent before storing cookies on users’ computers.  This new "opt-in" regime is in stark contrast to that of the "opt-out" standard generally adopted in the United States and has been widely criticized as being unworkable in practice. Over six months have passed since the May 2011 deadline for member states to adopt legislation implementing the new rule.  However, partly as a result of uncertainty over the legal and technical manner in which consent can be obtained, the provision has yet to be fully implemented in each member state.           Germany The German legislature is debating a draft Employee Data Protection Act.  The bill would provide a much more detailed–and in some respects more restrictive–regulation on the use of employee data.   For example, it would implement specific restrictions on employee background screenings, video surveillance at work, the use of social media and employee health checks.  It would also restrict the ability of companies to "contract out" of these and other data protection provisions by agreeing to less onerous standards with their works councils.  On the other hand, the bill would allow employee data to be used in the context of compliance-related and other internal investigations (subject to appropriate safeguards).  And, for international companies, the bill would facilitate data transfers to affiliated companies outside the European Union.  The bill is expected to be enacted in the coming months but remains subject to ongoing public debate and developments at EU level.  Two important recent regional court decisions have considered the legality of reviewing employee emails as part of discovery and compliance-related internal investigations in workplaces that permit (or tolerate) personal use of corporate email.  Although these decisions were favorable from an employer’s perspective, it is important to note that the German Federal Supreme Court has not yet decided this question.  Because a violation of telecommunication secrecy laws involves the risk of criminal prosecution for the investigators, conducting internal investigations in Germany continues to require a high degree of caution.           United Kingdom The UK Information Commissioner ("IC") has shown an increased willingness to sanction data controllers with monetary penalties under the UK Data Protection Act ("DPA").  The IC exercised his power to issue monetary penalties four times in 2011 and obtained formal public undertakings in 60 other cases.  The DPA grants the IC the power to serve a data controller with a monetary penalty of up to £500,000 when there has been a serious violation that is likely to cause substantial damage or distress and where the violation was either deliberate or reckless.  Three of the four sanctions have been against government entities for violations including mishandling of medical records and social work case files, and for issuing an unencrypted laptop that was later stolen.  The penalties against the government entities ranged from £70,000 to £130,000.  This new wave of monetary sanctions in the United Kingdom underscores the growing prominence of data privacy and data security issues throughout the European Union.  Businesses have been warned: laptops and other portable storage devices should be encrypted to guard against theft, and personal data should be appropriately encrypted when sent via email, post or courier.  B.   Asia           China While often cited as the origin of cyber-attacks, China is not immune to data breaches within its own borders.  In December 2011, hackers attacked popular social networking site tianya.cn and computer programmer community site CSDN, leaking the personal information of a total of 46 million users.  Despite this, China has fallen behind other countries in the region on data privacy legislation, with no comprehensive national law or regulation currently in effect.  A Draft Personal Information Protection Law was submitted to the State Council for review in 2008 but not yet passed into law, and it is not known when (or if) it will be enacted.  However, this does not mean that data breaches go unpunished, and 2011 has seen the introduction of two major privacy measures.  Serious cases of illegally obtaining, selling, or providing citizens’ personal information are prosecuted under Article 235(1) of the PRC Criminal Law.  In August, for instance, a Beijing appellate court convicted 21 defendants under this provision for illegally obtaining, providing, and selling personal information including cell phone registration information, call records, text message lists and geolocation information, household registration information, bank account information, vehicle information, and real estate registration information.  14 of the defendants received prison sentences.  Although the Criminal Law provides serious sanctions for serious data security breaches, it does not form the basis of a comprehensive data protection regime.  Nevertheless, the Chinese government has made notable progress in 2011: On December 29, 2011, the Ministry of Industry and Information Technology ("MIIT") introduced Several Provisions on Regulating the Market Order for Internet Information Services (the "IIS Provisions"), which take effect on March 15, 2012.  The IIS Provisions cover a range of topics concerning "Internet information service" and "related activities" within the PRC.  In terms of data privacy, the IIS Provisions set forth certain limits on Internet information service providers’ ("IISPs") collection, use, and transmission of "user personal information" ("UPI"), defined as "user-related information that can be used to identify the user, either by itself or in combination with other information."  IISPs may not collect UPI or transmit it to third parties without users’ consent.  IISPs collecting UPI must clearly inform the user of the methods, contents, and purpose of the data collection; may not collect information beyond that necessary to provide services; and may not use UPI for other purposes.  IISPs must properly safeguard UPI, and must take immediate remedial measures in the event of a data breach.  Breach incidents that have caused or may cause "serious consequences" must be reported to the relevant telecommunication regulatory body and violations of these provisions are subject to fines of up to ¥30,000 RMB. Earlier in the year, the MIIT also released a set of draft standards entitled Information Security Technology–Guide of Personal Information Protection (the "Draft Guide").  While the Draft Guide shares some features with the IIS Provisions’ data privacy provisions, it is of broader application but not legally binding.  The Draft Guide defines "personal information" ("PI") as "any information that may be learned and processed, is related to a specific natural person, and can be used to identify that natural person either by itself or in combination with other information."  The Draft Guide sets forth basic rights for data subjects and regulates the collection, processing, transmission, use, blocking, deletion and management of PI by "administrators of personal information" ("APIs")–any person or entity who have actual administration authority over PI.  Most notably, it would prohibit APIs from collecting PI, publicly disclosing it, or transmitting it to third parties without the data subject’s consent.  The Draft Guide also prohibits APIs from transferring PI to "APIs registered overseas," absent clear permission to so under the law or approval by industry regulators.  This provision may impose a substantial burden on multinational companies that currently store or process customer or employee information outside of China.  In addition, the Draft Guide provides extra protection for data subjects under the age of sixteen and certain types of sensitive PI.  The MIIT’s recent rulemaking efforts may represent an attempt to fill the legislative void left by the long delay in enacting the Personal Information Protection Law.  However, the IISP Provisions are essentially limited to the website operators and providers of Internet-based services such as instant messaging, and the Draft Guide is simply a set of non-binding standards containing no enforcement provisions.  Given these limitations, it is unclear how much impact these measures will have on the protection of personal information.           Taiwan Across the strait, Taiwan has made greater strides towards the comprehensive protection of personal information.  The country’s new Personal Information Protection Act ("PIPA") replaces the 1995 Computer Processed Personal Information Protection Act, and now covers all public and private entities’ collection, processing and use of all personal information ("PI"), electronically processed or otherwise.  The new law includes an enforceable requirement to notify affected data subjects of data breach incidents caused by a violation of the PIPA, a first in the region.  Other notable features include restrictions on the collection of certain types of sensitive PI; increased civil, criminal, and administrative liabilities; and government power to restrict cross-border transmission of PI under certain circumstances.  PIPA is expected to come into effect in 2012. In addition, Taiwan’s Ministry of Economic Affairs has established the Taiwan Personal Information Protection and Administration System ("TPIPAS"), a set of standards intended to help private entities establish internal policies to comply with PIPA’s requirements.  Entities that have established compliant privacy protection systems may be certified and issued the Data Privacy Protection Mark ("DP Mark"), similar to the PrivacyMark in Japan and TRUSTe in the U.S.            Hong Kong Hong Kong also recently moved to revamp its 15-year-old Personal Data (Privacy) Ordinance ("PDPO") after a scandal broke in 2010 exposing the sale of two million personal data records by the Octopus Card operator without card users’ direct consent.  The Personal Data (Privacy) (Amendment) Bill 2011 ("2011 Amendment") was introduced into the Legislative Council on July 8, 2011.  Most notably, the 2011 Amendment would require data users intending to sell personal data or use such data for direct marketing to provide data subjects with certain information and a means to opt out.  Unauthorized sale or disclosure of personal data would be subject to criminal liability.  The 2011 Amendment also addresses the powers of the Privacy Commissioner for Personal Data, and would increase penalties for violations of the PDPO, among other things.  At the time of this writing, the 2011 Amendment has not yet been enacted.           India Until recent years, Indian law had no provisions dealing with privacy protection.  The Information Technology Act 2000 was originally amended in 2009 to require a body corporate that possesses, deals with or handles any "sensitive personal data or information" in a computer resource which it owns, controls or operates to maintain "reasonable security practices and procedures."  But the task of defining these terms was delegated to the Central Government.  On April 11, 2011, the Ministry of Communications and Information Technology (Department of Information Technology), Government of India ("IT Ministry") issued the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 ("Data Privacy Rules").  The new Data Privacy Rules require "bodies corporate" to observe certain standards in the collection, maintenance and disclosure of "sensitive personal data or information." The Data Privacy Rules give the term "sensitive personal data or information" an exhaustive definition.  The term refers, inter alia, to (a) passwords, (b) financial information (details relating to bank accounts, credit cards, debit cards, or other payment instruments), (c) physical, physiological and mental health conditions, (d) sexual orientation, (e) medical records and history, and (f) biometric information.  Broadly speaking, a body corporate must observe the following standards while collecting sensitive personal data or information: Informed Consent–A body corporate must inform a "provider" of sensitive personal data or information of the purpose for which the data will be used, and must obtain the provider’s consent.  Consent may be withdrawn in writing. Lawful Purpose–Sensitive personal data or information cannot be collected except for a lawful purpose, one that is related to a function or activity carried out by the body corporate.  The information must only be collected and used for that purpose. Knowledge–A body corporate that collects information directly from the "person concerned" must ensure that the person knows (i) the fact that the information is being collected, (ii) the purpose for which the information is being collected, (iii) the intended recipients of the information, and (iv) the name and addresses of the agency that is collecting the information and the agency that will retain the information. Retention–The information may only be retained for as long as is required for the purpose for which the information has been collected. Review–Providers of information must be given an opportunity to review the information, and inaccuracies and deficiencies must be corrected as feasible. Sensitive personal data or information can only be disclosed to a third party if prior consent has been obtained from the provider, unless otherwise agreed in the contract between parties, or unless otherwise required by law.  Sensitive personal data or information cannot be published by the body corporate.  A body corporate which has adopted the international standard IS/ISO/IEC 27001 on "Information Technology–Security Techniques–Information Security Management System–Requirements" is deemed to have complied with its obligation to observe "reasonable security practices and procedures."  Alternatively, if an industry association does not follow the IS/ISO/IEC best practices for data protection, a body corporate that complies with a code of best practices approved and notified by the Central Government will also be deemed to have complied with its obligation to observe "reasonable security practices and procedures."  In both cases, the observance of best practices must be certified or audited on an annual basis by an independent auditor approved by the Central Government.  A body corporate will also be considered to have satisfied its obligation to observe "reasonable security practices and procedures" if it has demonstrably implemented a comprehensive, documented information security program that contains managerial, technical, operational and physical security control measures commensurate with the information assets being protected, in keeping with the nature of the business. Further, a body corporate must maintain a policy for dealing both with "sensitive personal data or information" and with "personal information."  The term "personal information" means any information that relates to a natural person which is capable of identifying such person, either by itself or in conjunction with other information likely to be available to the body corporate.  The policy must be published on the body corporate’s website. Once the Data Privacy Rules were issued, there was an outcry that these rules would make it difficult for Indian outsourcers to operate if they were required to take written consent from individuals in other countries whose data they collect and process through call centers and business process outsourcing operations.  On August 24, 2011, the IT Ministry clarified that the obligations under the Data Privacy Rules apply only to Indian companies.  Foreign companies are exempt.  In addition, it was clarified that Indian companies that provide outsourcing services and which possess information under contract are no longer bound by the requirements of the Data Privacy Rules to obtain consent from the data subject.  Also, "Providers of Information" as referred to in the Data Privacy Rules were limited only to natural persons. Given that the rules are fairly new and have not been tested, they are still open to interpretation. Back to Top   [1]       See, e.g., Jennifer Valentino-Devries, iPhone Stored Location in Test Even if Disabled, WALL ST. J., Apr. 25, 2011.   [2]       The Court in In re iPhone Application Litigation granted plaintiffs leave to amend their complaint, which they did in November 2011.  Apple and the Mobile Industry Defendants have filed motions to dismiss the amended complaint, which are scheduled to be heard on May 3, 2012.  Similar complaints are also pending against Google and Microsoft, and motions to dismiss those complaints are likely to be decided in the first part of 2012.  See In re Google Android Consumer Privacy Litig., No. 11-MD-02264-JSW (N.D. Cal. Aug. 15, 2011); Cousineau v. Microsoft Corp., No. 11-CV-01438-JCC (W.D. Wash. Aug. 31, 2011).   [3]       Somini Sengupta, Update Urged on Children’s Online Privacy, N.Y. Times (Sept. 16, 2011).   [4]       The current Act, by contrast, covers only a narrow set of persistent identifiers–those that are associated with individually identifiable information.   [5]       Amy E. Bivins, Web Services, Telecoms Challenge Proposed COPPA Extension to All "Persistent Identifiers", Bloomberg (Jan. 18, 2012).   [6]       Id.   [7]       Id.   [8]       Adam Thierer, Some Thoughts on FTC’s Proposed COPPA Revisions, The Technology Liberation Front (Sept. 16, 2011).   [9]       Ctr. for Democracy & Tech., CDT Statement on FTC’s Proposed COPPA Revisions (Sept. 15, 2011). [10]       Ponemon Inst., LLC, 2010 Annual Study: U.S. Cost of a Data Breach (Mar. 2011). [11]       See Nat’l Conference of State Legislatures, State Security Breach Notification Laws. [12]       Press Release, SEC, SEC Charges Brokerage Executives with Failing to Protect Confidential Customer Information (Apr. 7, 2011). [13]       A "cookie" is a file that a website places on a user’s computer to store user-specific information and track the user (for instance to keep them logged on to a website).  Advertising networks use cookies to offer ads based on users’ interests.  The rule prevents the storage or retrieval of any information from the user’s computer equipment.   The following Gibson Dunn attorneys assisted in preparing this client alert:  Ashlie Beringer, Catherine Brewer, Tzung-Lin Fu, Kai Gesing, Daniel Li, Justin Liu, Priya Mehra, Scott Mellon, Joshua Mitchell, Karl Nelson, Laura O’Boyle, Jessica Ou, Jai Pathak, Daniel Pollard, Shawn Rodriguez, Ilissa Samplin, Michael Saryan, Meredith Smith, Alexander H. Southwell, Oliver Welch and Susannah Wright. Gibson, Dunn & Crutcher’s lawyers are available to assist with any questions you may have regarding these issues.  For further information, please contact the Gibson Dunn lawyer with whom you work or any of the following members of the Information Technology and Data Privacy Group: United StatesS. Ashlie Beringer – Co-Chair, Palo Alto (+1 650-849-5219, aberinger@gibsondunn.com) M. Sean Royall – Co-Chair, Dallas (+1 214-698-3256, sroyall@gibsondunn.com)Alexander H. Southwell – Co-Chair, New York (+1 212-351-3981, asouthwell@gibsondunn.com)Debra Wong Yang – Co-Chair, Los Angeles (+1 213-229-7472, dwongyang@gibsondunn.com)Howard S. Hogan – Member, Washington, D.C. (+1 202-887-3640, hhogan@gibsondunn.com) Karl G. Nelson – Member, Dallas (+1 214-698-3203, knelson@gibsondunn.com) EuropeJames A. Cox – Member, London (+44 207 071 4250, jacox@gibsondunn.com)Andrés Font Galarza – Member, Brussels (+32 2 554 7230, afontgalarza@gibsondunn.com)Kai Gesing – Member, Munich (+49 89 189 33-180, kgesing@gibsondunn.com)Bernard Grinspan – Member, Paris (+33 1 56 43 13 00, bgrinspan@gibsondunn.com)Daniel E. Pollard – Member, London (+44 207 071 4257, dpollard@gibsondunn.com)Jean-Philippe Robé – Member, Paris (+33 1 56 43 13 00, jrobe@gibsondunn.com)Michael Walther – Member, Munich (+49 89 189 33-180, mwalther@gibsondunn.com) ChinaKelly Austin – Member, Hong Kong (+852 2214 3788, kaustin@gibsondunn.com) IndiaJai S. Pathak – Member, Singapore (+65 6507 3683, jpathak@gibsondunn.com)  Questions about SEC disclosure issues concerning data privacy and cybersecurity can also be addressed to any of the following members of the Securities Regulation and Corporate Disclosure Group: Amy L. Goodman – Co-Chair, Washington, D.C.  (202-955-8653, agoodman@gibsondunn.com)James J. Moloney - Co-Chair, Orange County, CA (949-451-4343, jmoloney@gibsondunn.com)Elizabeth Ising – Member, Washington, D.C. (202-955-8287, eising@gibsondunn.com)   © 2012 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 18, 2013 |
2012 Trade Secrets Litigation Round-Up

The past year saw continued expansion of trade secret law into the realm of cyberspace, with two federal courts of appeal tackling the scope of the federal Computer Fraud and Abuse Act of 1986, 18 U.S.C. § 1030, and numerous trial courts grappling with the application of trade secrets to social media.  The Department of Justice brought a number of successful criminal trade secret prosecutions, and Congress passed the Theft of Trade Secrets Clarification Act in an effort to strengthen the government’s ability to prosecute criminal trade secret theft under the Economic Espionage Act of 1996.  Senator Herbert H. Kohl (D-Wis.) also introduced the Protecting American Trade Secret and Innovation Act of 2012 which, if passed, has the potential to revolutionize civil trade secret litigation, until now almost entirely a creature of state law.  Jason Schwartz, Alexander Southwell, Molly Senger and Sue Bai of Gibson Dunn highlight these and other significant 2012 developments in their article "2012 Trade Secrets Litigation Round-Up" published in BNA’s Patent, Trademark & Copyright Journal in January 2013. Reprinted with permission from BNA’s Patent, Trademark & Copyright Journal, 1/18/2013.  © 2013, The Bureau of National Affairs, Inc.  Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update.  Please contact the Gibson Dunn lawyer with whom you work, the authors, Jason C. Schwartz (202-955-8242, jschwartz@gibsondunn.com), Alexander H. Southwell (212-351-3981, asouthwell@gibsondunn.com), Molly T. Senger (202-955-8571, msenger@gibsondunn.com), or Sue J. Bai (202-530-9587, sbai@gibsondunn.com), or any of the following practice group co-chairs: Labor and Employment Group:Eugene Scalia – Washington, D.C. (202-955-8206, escalia@gibsondunn.com)Catherine A. Conway – Los Angeles (213-229-7822, cconway@gibsondunn.com) Intellectual Property Group:Wayne Barsky – Los Angeles (310-557-8183, wbarsky@gibsondunn.com)Mark Reiter – Dallas (214-698-3360, mreiter@gibsondunn.com) Josh Krevitt – New York (212-351-2490, jkrevitt@gibsondunn.com) Information Technology and Data Privacy Practice Group:M. Sean Royall – Dallas (214-698-3256, sroyall@gibsondunn.com)Debra Wong Yang – Los Angeles (213-229-7472, dwongyang@gibsondunn.com)S. Ashlie Beringer – Palo Alto (650-849-5219, aberinger@gibsondunn.com) Alexander H. Southwell – New York (212-351-3981, asouthwell@gibsondunn.com) © 2013 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 31, 2014 |
2013 Trade Secrets Litigation Round-Up

Over the past year, there have been several significant developments in trade secrets law, amidst growing concern about the devastating effect of trade secret theft on U.S. companies–both by insiders-turned-competitors, and by those working for foreign companies and sovereigns.  In 2013, the White House announced a broad trade secret theft prevention strategy, and the Department of Justice continued to vigorously prosecute criminal trade secret theft, unsealing an indictment against two former Eli Lilly & Co. scientists alleged to have stolen trade secrets valued at $55 million for the benefit of a Chinese competitor.  In the legislative arena, Congress enacted a new amendment to strengthen the penalties available for those convicted under the Economic Espionage Act ("EEA"), while Texas became the forty-seventh state to adopt the Uniform Trade Secrets Act ("UTSA").  In the civil trade secrets realm, 2013 saw important appeals in the long-standing Bratz doll trade secrets dispute, and in the blockbuster DuPont-Kolon protective fiber battle.  Jason Schwartz, Alexander Southwell, Molly Senger and David Schnitzer of Gibson Dunn highlight these and other significant 2013 developments in trade secrets law in their article "2013 Trade Secrets Litigation Round-Up" published in BNA’s Patent, Trademark & Copyright Journal in January 2014. Reprinted with permission from BNA’s Patent, Trademark & Copyright Journal, 1/31/2014.  © 2014, The Bureau of National Affairs, Inc.  Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors: Jason C. Schwartz (202-955-8242, jschwartz@gibsondunn.com)Alexander H. Southwell (212-351-3981, asouthwell@gibsondunn.com)Molly T. Senger (202-955-8571, msenger@gibsondunn.com)David A. Schnitzer (202-887-3775, dschnitzer@gibsondunn.com) Please also feel free to contact any of the following practice group co-chairs: Labor and Employment Group:Eugene Scalia – Washington, D.C. (202-955-8206, escalia@gibsondunn.com)Catherine A. Conway – Los Angeles (213-229-7822, cconway@gibsondunn.com) Intellectual Property Group:Josh Krevitt – New York (212-351-2490, jkrevitt@gibsondunn.com)Wayne Barsky – Los Angeles (310-557-8183, wbarsky@gibsondunn.com)Mark Reiter – Dallas (214-698-3360, mreiter@gibsondunn.com) Information Technology and Data Privacy Group:M. Sean Royall – Dallas (214-698-3256, sroyall@gibsondunn.com)Debra Wong Yang – Los Angeles (213-229-7472, dwongyang@gibsondunn.com)Alexander H. Southwell – New York (212-351-3981, asouthwell@gibsondunn.com) © 2014 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 15, 2014 |
2013 Year-End German Law Update

2013 was a remarkable year for the German stock markets, industry, employees and the state budget. It ended with an all-time high of the DAX-index, the lowest unemployment rate for decades, record tax revenue allowing an almost fully balanced budget and rock-bottom refinancing rates. Taking all the above data together, it looks like the stars are aligned for the German economy to be very bullish about its future. Alas, all of this should be taken with a grain of salt in light of the many uncertainties that are lurking on the horizon. Germany has taken on a huge economic challenge to manage its helter-skelter exit from nuclear energy now labeled the "Energiewende" (meaning "energy change") that will require a massive re-regulation of the German energy markets, coupled with huge investments into a new energy infrastructure and alternative energy supplies. Rising energy prices not only concern consumers (and therefore politicians), but first and foremost affect the energy hungry German industry. This has already taken a toll on the competitiveness of the German industry and led to a redirection of investments by German companies into lower energy cost locations (notably the United States). The new grand coalition that was agreed in December between the centre-right CDU headed by long-time Chancellor Angela Merkel and the centre-left SPD headed by Sigmar Gabriel has finally put an end to weeks of uncertainty about the next German government (although there was never any doubt that any new government would be headed by Angela Merkel). However, the policy roadmap that was agreed for the next four years is a blend of bold and ambitious projects (like the Energiewende), concessions to the left-wing electorate (earlier entitlement to pensions and caps on residential rents) and more regulation in the financial sector and, generally, in the aftermath of the financial crisis. This mixture has raised concerns in German industry circles (in particular the vibrant companies of the German "Mittelstand") that the new grand coalition will compromise the competitive edge that has been gained in the last years due to de-regulation, austerity and open market politics in order to deliver on expensive (and unproductive) promises that have been made to the electorate by both parties. Since the grand coalition holds the supermajority in the parliament, there is no meaningful opposition to stop any legislative initiative (and folly) that is backed by this government. This is a very bold mandate that could do either a lot of good or a lot of damage. This Year-End German Law Update therefore pays particular attention to the plans of the grand coalition that are sufficiently granulated to allow meaningful forecasts of the likely follow-on legislation. We aim to update you on the major legal developments of the past year, but also aspire to provide you with information on some future developments that German companies and investors are likely to face over the next months. We hope that you will gain valuable insights helping you to successfully focus and steer your projects and investments in Germany in 2014 and beyond.  Table of Contents  Corporate, M&A Tax Insolvency and Restructuring Labor and Employment Real Estate Intellectual Property Data Protection Compliance Antitrust 1.      Corporate, M&A 1.1       Corporate, M&A – German Federal Supreme Court Tightens Disclosure Rules in Protracted Decision-Making Processes On April 23, 2013, the German Federal Supreme Court (Bundesgerichtshof – BGH) issued an important decision where it tightened the disclosure obligations of publicly listed companies in the context of protracted decision-making processes, i.e. in cases where the circumstances relevant to the disclosure develop over time and involve several intermediate steps. In the case at hand, a former shareholder of DaimlerChrysler AG (now Daimler AG, "Daimler") claimed damages from Daimler alleging delayed disclosure of insider information in connection with the resignation of its former CEO in 2005. Following a pre-ruling of the European Court of Justice (EJC) in June 2012, the BGH held that in the event of a protracted decision-making process aimed at a particular outcome, any intermediate step may in itself constitute insider information and thereby trigger a separate disclosure obligation, provided that the facts underlying the relevant intermediate step are (i) relevant for the share price, and (ii) share price specific, i.e. concern a specific information about circumstances which are not public knowledge that relates to insider securities or one of their issuers. According to the court, the relevant information must be sufficiently precise and, if publicly disclosed, likely to significantly affect the share price. The April 23, 2013 decision is not only relevant for contemplated changes to the formation of management boards, but for any significant event in the life of a public company characterized by protracted decision-making processes, including M&A projects or capital markets transactions that also typically develop over time. The decision will require practitioners to adapt to advanced ad-hoc publication requirements. To reduce legal uncertainty and to mitigate the corresponding liability risks in cases where a protracted decision-making process is still perceived to be in an early stage or in other cases where an early disclosure may harm the company, issuers may want to choose opting for an exemption from the disclosure requirements that is provided under statutory law. To qualify for such an exemption the issuers must (i) have a corresponding legitimate interest (provided there is no reason to expect that the public will be misled), (ii) maintain an insider list, as well as, (iii) implement adequate internal and external procedures ensuring that the insider information remains confidential. The issuer bears the burden of proof for fulfilling those requirements. For further details on the earlier ECJ judgment please see the Gibson Dunn Client Alert of July 9, 2012: http://www.gibsondunn.com/publications/pages/EuropeanCourtTightensDisclosureRules.aspx. Back to Top 1.2       Corporate, M&A – Mandatory Purchase Offer On June 11, 2013, the German Federal Supreme Court (Bundesgerichtshof – BGH) clarified that minority shareholders of a listed company cannot claim the purchase price or damages from a controlling shareholder if the latter fails to publish a so-called mandatory purchase offer. Pursuant to the German Takeover Act (Wertpapiererwerbs- und Übernahmengesetz – WpÜG), if a shareholder acquires "control" (i.e. 30% or more of the voting rights) of a listed company, that shareholder is obliged (i) to disclose such fact, (ii) to submit a mandatory purchase offer to the German Federal Authority for Financial Services (Bundesanstalt für Finanzdienstleistungen – BaFin) for review, and (iii) to publish such purchase or exchange offer for acceptance by the other shareholders. As the Takeover Act does not specify the legal consequences if the controlling shareholder fails to comply with its obligation to publish this so-called "mandatory offer", there was a dispute whether the minority shareholders are entitled to a direct payment claim against the controlling shareholder. With its June 11, 2013 decision, the BGH puts an end to this discussion and confirms once again its recent tendency towards judicial self-restraint: Neither the wording nor the purpose of the Takeover Act – in the opinion of the BGH – requires that the minority shareholders obtain a direct payment claim against the controlling shareholder. Rather, the law explicitly provides that the BaFin can fine controlling shareholders that do not comply with their obligations. In addition, the violating controlling shareholders automatically lose their voting and other shareholder rights, which – in the eyes of the Supreme Court judges – is a sufficient deterrent. Also, the Takeover Act allows the controlling shareholder to pay either in cash or with listed shares, a choice that would be taken away if a direct payment claim was awarded. Therefore, a direct payment claim (whether for the purchase price, damages or interest) is not seen by the court as a remedy necessary to enforce the law. 1.3       Corporate, M&A – New Rules on Delisting from the German Stock Market On November 12, 2013, the German Federal Supreme Court (Bundesgerichtshof – BGH) published a landmark judgment concerning the requirements for a delisting of a public company from the regulated market in Germany. In its decision the BGH overturned its own guidelines in the earlier Macrotron case by establishing that shareholders of a company withdrawing from a regulated market can no longer request a compensation offer (Abfindungsangebot) for their shares. For further details please see the Gibson Dunn Client Alert of November 18, 2013: http://www.gibsondunn.com/publications/Pages/DelistingReloaded-German-Supreme-Court-Abandons-Cumbersome-Restrictions.aspx. Back to Top 1.4      Corporate, M&A – Position of Investors in Profit Participation Certificates Strengthened On May 28, 2013, the German Federal Supreme Court (Bundesgerichtshof – BGH) ruled that holders of profit participation certificates (Genussscheine) are entitled to their entire coupon if the independent issuer later becomes a subordinated entity under a control and profit pooling agreement, subject only to a positive profit prognosis at such time. With its decision the BGH resolved the persistent controversy regarding the appropriate protection for holders of profit participation certificates. The terms of the original profit participation certificates provided for fixed payments subject only to the generation of balance sheet profits. In 2007, Eurohypo AG, the legal successor of the two issuers, became a subordinated entity under a control and profit pooling agreement with its majority shareholder. Such an agreement under German law has the effect of subjecting the subordinated entity to disadvantageous instructions by the controlling entity. Its annual financial statements no longer reflect profits or losses in the balance sheet as profits are directly allocated to the controlling entity and losses are compensated by the controlling entity. In such a case, the German Stock Corporation Act (Aktiengesetz – AktG) protects outside shareholders by granting them a right to sell their shares to the controlling entity or to claim a guaranteed dividend as a consequence of the loss of independence. However, no such statutory protection exists for holders of profit participation rights and the terms and conditions of issuance typically also did not cover such a change in circumstances of the subordinated entity. This lead to a controversial discussion on how to appropriately protect holders of profit participation rights against such unforeseen changes of the corporate constitution. Possible protective measures discussed ranged from a restriction of the controlling entity’s capacity to issue disadvantageous instructions to reliance on profits at the level of the controlling shareholder. Others, like Eurohypo AG, decided to make payments only depending on the fictitious profits/losses generated under the regime of the control and profit pooling agreement. The BGH rejected all these options and issued a ruling that is much more beneficial to investors: If at the time the control agreement is entered into it can be assumed that the entity subject to subordination will generate profits going forward, the payments owed under the coupon must be made to investors for the entire term, in the absence of specific stipulations pursuant to the terms and conditions of the profit participation certificates. The BGH thus effectively turned the profit participation certificate into a fixed interest bearing instrument. While clarifying the handling of existing profit participation certificates already issued, issuers are now facing the resulting challenge that the profit participation capital may no longer qualify as equity due to the fixed payment irrespective of actual losses (if they occur). Going forward, the critical question for issuers will be if and to what extent the framework of the ruling allows a contractual restriction on the rights of holders of profit participation certificates at all. Back to Top 1.5      Corporate, M&A – German Federal Supreme Court Specifies Rules on D&O Liability in Connection with Alleged Waste of Corporate Resources In its June 18, 2013 decision, the German Federal Supreme Court (Bundesgerichtshof – BGH) specified the conditions under which (i) a managing director may avoid personal liability based on the business judgment rule in connection with the entering into commercial agreements, and (ii) a limited partnership (Kommanditgesellschaft – KG) may claim damages from the managing director of the limited liability company that acts as the limited partnership’s general partner (Komplementär-GmbH) for a breach of his or her fiduciary duties. In the case at hand, the managing director of a limited liability company that acted as the general partner of a limited partnership hired external legal counsel on behalf of the limited partnership at rates that exceeded the statutory fee schedule. Further, the managing director – allegedly for no discernible good reason – waived certain rights under a production service agreement. The court held in essence that a managing director has broad discretion under the business judgment rule when taking a managerial decision under which terms he may enter into, or waive rights under, an agreement on behalf of the company. The fact that the contractual consideration exceeds customary levels per se does not create personal liability for the managing director. However, in such a case the managing director carries the burden of proof that the measures taken, and particular the costs incurred, are acceptable. The managing director may argue but also needs to prove that the damage at hand would have occurred even if he or she had acted lawfully. Further, the decision clarifies that the managing director of a limited liability company acting as the general partner of a limited partnership will be personally and directly liable to the limited partnership for breach of his or her fiduciary duties as managing director if the only or substantial purpose of the limited liability company is to manage the limited partnership. The decision was well received by the business community as it is consistent with the court’s established case law pursuant to which entrepreneurial activity is unimaginable without granting a broad scope of discretion to the manager. It makes clear that the standards for the manager’s burden of proof should not be excessive. As a consequence, the decision makes a valuable contribution toward establishing more legal certainty in connection with managerial decision-making, such as the negotiation of, entering into, and amendment of, commercial agreements. Nevertheless, managers are reminded to take precautionary measures against subsequent allegations of wasting corporate resources by documenting their managerial decision-making process in an appropriate manner. Back to Top 1.6       Corporate, M&A – Liability of Directors/Board Members of Foreign Companies under German Law On June 11, 2013, the German Federal Supreme Court (Bundesgerichtshof – BGH) issued an important decision with regard to the potential liability under German law of a director or board member of a foreign company. The court had to decide on a damage claim for alleged non-payment of social insurance contributions by a foreign entity. The responsibility for the payment of social insurance contribution withholdings for its German employees and the liability for their non-payment lies with the relevant employing entity, but the authorized directors bear joint and several liability for these payments. In the case at hand, the foreign defendant sued under this liability was the "president della direzione", i.e. the chairman of the board of directors of a Swiss stock corporation. Under normal circumstances, such a damage claim would only be considered successful if the individual defendant was the claimant’s employer, which was not the case here. For purposes of a damage claim against an individual not being the employer, the court held that the defendant will, nonetheless, be treated as employer (i) if he or she acts as the authorized representative body of the relevant legal entity or as a member of such representative body, or (ii) if he or she has been (a) commissioned to manage the business, in whole or in part, or (b) expressly commissioned to perform autonomous duties which are incumbent on the owner of the business and acts on the basis of such mandate. According to the BGH, the decisive factor is the specific job profile of the individual defendant only. The fact that the relevant legal entity itself is a foreign company (if and to the extent German law applies under conflict of law principles) does not automatically lead to the exclusion of any liability. The claimant has to prove that the specific profile of the defendant allows for the latter being treated as representative body or commissioner as described above. For Swiss stock corporations the registration of the defendant with the relevant commercial register as "president della direzione" might be sufficient evidence to assume a comprehensive management authorization and, thus, the defendant’s liability. However, the BGH could not finally decide on this as further fact-finding was required and remanded the case back to the lower instance. In essence the BGH clarified that corporate liability under German law does not necessarily apply to a German employer and/or its directors only, but does also cover foreign legal entities and their representative bodies. Members of such bodies are therefore reminded to seek out adequate local legal advice in order to manage or exclude their liability risks appropriately. Back to Top 1.7      German Investment Act (KAGB) and Investment Tax Act (Investmentsteuergesetz) a.         Regulatory Regime As widely expected, Germany has implemented the European Union Directive 2011/61/EU on Alternative Investment Fund Managers ("AIFMD") into German law just before the implementation deadline expired. The German Investment Act (Kapitalanlagegesetzbuch – KAGB) was adopted on July 4, 2013 and went into effect on July 22, 2013. The KAGB is not a mere transformation of the minimum AIFMD requirements into national law, but provides for a much broader, overreaching, unified codification of the entire investment law in Germany for open-end funds and, for the first time, closed-end funds and covering both undertakings for collective investment in transferable securities (UCITs) and alternative investment funds ("AIFs"). This unusual, all-inclusive approach to implementation means that international market participants who intend to market AIFs to investors based in Germany will need to be aware of several "gold plating" provisions and national peculiarities which they would not be familiar with in the AIFMD itself and/or its implementation into national law in other jurisdictions. With regard to the coming year 2014, it is also important to recall that certain safe havens provided in the grandfathering rules of the KAGB for existing AIFs where marketing had already started prior to the KAGB coming into effect and continued thereafter will expire on July 21, 2014. The deadline, after which existing and new German and EU AIFMs will only be able to continue operating in Germany once they have obtained a KAGB-compliant permit or registration, also lapses on this date. b.         New Investment Tax Regime The AIFM Tax Act (AIFM-Steuer-Anpassungsgesetz) that did not pass the legislative procedure prior to the federal election in September 2013 has been approved by both German legislative bodies and entered into force on December 24, 2013. Its wording corresponds to the original draft of May 2013. Contrary to widely held expectations, the AIFM Tax Act in large parts did not apply retroactively. With the effectiveness of the AIFM Tax Act funds organized as a corporation (e.g. German GmbH, Irish PLC) or a contractual type fund (e.g. Luxembourg FCP, French FCPR) are subject to the tax regime for corporations. However, the favorable tax rules for investments in corporations only apply if (i) a EU/EEA fund does not benefit from a tax exemption, or (ii) a fund is subject to corporate income tax of a least 15%, provided the fund resides outside the EU/EEA. The tax consequences for FCPs which have been treated as transparent in the past are uncertain. Investment funds which do not comply with the new requirements but which have been validly established under the old rules are subject to a temporary grandfathering provision that terminates in principle on December 31, 2016. For further details on the KAGB and the AIFM Tax Act please see the Gibson Dunn Client Alert of July 22, 2013: http://www.gibsondunn.com/publications/pages/Germany-Adopts-Capital-Investment-Act-%28KAGB%29-to-Implement-European-AIFM-Directive.aspx. Back to Top 2.      Tax 2.1       Tax – New Portfolio Dividend Taxation The Tax Bill 2013 changed the taxation of dividends received by shareholders who are subject to German corporate tax. In October 2011, the European Court of Justice (ECJ) held that the German withholding tax levied on portfolio dividends paid to EU corporate shareholders holding less than 10% in the dividend-distributing company is not in line with European law if there is no equivalent taxation for German corporate shareholders. Until 2012, dividends distributed to German corporate shareholders were subject to a 95% tax exemption irrespective of their percentage share in the distributing company. In the case of a German dividend distributing company German shareholders received a tax credit for German withholding tax imposed. When the annual tax return was filed, the withholding tax was effectively refunded to the respective German corporate shareholder if only dividend income was generated. On the other hand, for EU corporate shareholders not covered by the EU-Directive (i.e. with a shareholding of less than 10% in the dividend-distributing company) who did not file a tax return in Germany, the withholding tax became final (subject to refunds under an applicable Double Tax Treaty) and was therefore a real cost. The ECJ ruled that this unequal treatment between German and EU corporate shareholders constituted a restriction of free movement of capital and could not be justified. As of 2013, dividends paid to corporate shareholders, owning less than 10% of the shares in the distributing company, will be fully taxable regardless of whether the corporate shareholder is a German or foreign corporation. German and foreign corporations are still subject to withholding tax on their dividend income. For foreign corporations the withholding tax remains final. For German corporations the dividend received is now taxable but the withholding tax is creditable against the corporate tax to be paid by the relevant German corporation. Shareholdings of at least 10% in the dividend-distributing company are still subject to the 95% tax exemption on dividend income. Whether the holding in the dividend-distributing company amounts to at least 10% is determined at the beginning of a calendar year. If at least 10% in the dividend-distributing company are acquired during the calendar year, the 95% tax exemption on dividend income will still be granted for the year of the share acquisition even if there was no participation at the beginning of the calendar year. The new rule applies to dividends paid after February 28, 2013. The 95% tax exemption on capital gains (irrespective of the percentage share) is not affected by this new rule but is likely to be changed in the near future. Back to Top 2.2     Tax – Elimination of RETT Blocker Structures and Extension of the RETT Exemption for Intragroup Restructurings Germany levies a real estate transfer tax (RETT) on transfers of at least 95% of the shares in partnerships and corporations holding German real estate. The previous rules took a merely formalistic approach as to whether a transfer was taxable. This meant that a transfer was not taxable if the relevant threshold was formally below 95% not taking into account any indirect participation. Under these rules RETT blocker structures were implemented where only 94.9% of shares were transferred legally but economically almost 100% of the shares were transferred to the buyer without triggering RETT: The investor acquired up to 94.9% of the shares in a corporation holding the German real estate. The remaining shares were held by a partnership, in which the investor again held up to 94.9% and a third-party the remaining 5.1%. In order to prevent these structures a more flexible and economic approach has now been implemented into the RETT Act. Under the new rules, the implementation of RETT blocker structures is now subject to RETT. The new rules apply if the accrued amount of the direct and indirect shareholding in the property holding company is at least 95%. An indirect shareholding will be calculated by multiplying the participations in the capital of all the entities involved. The new rules apply to any acquisitions realized after June 7, 2013. Moreover, the RETT exemption for intragroup restructurings has been extended. According to the new rules and subject to certain conditions, not only restructurings according to the German Transformation Act (Umwandlungsgesetz – UmwG) but also the contribution of assets or other asset transfers based on a corporate act may benefit from the tax relief. Back to Top 3.      Insolvency and Restructuring 3.1       Insolvency – Shareholder Loans in M&A-Transactions A decision by the German Federal Supreme Court (Bundesgerichtshof – BGH) dated February 21, 2013 has cast doubts on the consequences of the common practice of selling and transferring outstanding shareholder loans (whether granted individually or within a cash pool) together with the sale of a target company by way of a share deal. Under German statutory law shareholder loans are subordinated and repayments made within one year prior to the insolvency of the subsidiary borrower can be contested by the insolvency administrator and have to be paid back into the insolvent estate. In the past, the sale of the shareholder loans together with the target to the purchaser gave maximum flexibility to the purchaser to make use of the tax-shield provided by such shareholder loans and thereby create tax efficiencies for the target company. Due to the new ruling, the seller of the shareholder loan is now at risk of being liable for the repayment in case of the target’s insolvency within one year of the sale and transfer of the loan. The BGH ruled that if a shareholder grants a down-stream loan to its subsidiary and then sells such shareholder loan to a third party, both the seller and the purchaser of the loan shall be jointly and severally liable under insolvency law for pre-insolvency loan repayments made by the subsidiary, even if the relevant payments were made to and received by the purchaser of the loan alone. While in the case at hand the shareholder selling the loan did not simultaneously sell also the shares in the subsidiary, the principles set forth in the court ruling may also apply in cases of a combined sale of shares and shareholder loan, which is typically seen in the course of an M&A or private equity transaction. Keeping in mind this ruling, each seller needs to seek adequate protection against the risk of being held liable in case of the target’s insolvency after the transfer of the shareholder loan. Possible safeguards to address this issue could be a purchaser indemnity to the seller (ideally backed by a bank guarantee), or, as a structural alternative, the contribution of the shareholder loan into the capital reserve of the target prior to the share transfer. Back to Top 3.2.      Insolvency – Invalidity of Termination Rights Triggered by Insolvency On November 15, 2012, the German Federal Supreme Court (Bundesgerichtshof – BGH) ruled that a widely used clause that uses insolvency as a trigger event for contract termination rights was invalid. The court held that clauses using the insolvency as a trigger event for a contractual termination right circumvented the insolvency administrator’s statutory rights under the German Insolvency Code (Insolvenzordnung – InsO). Under the InsO the insolvency administrator is entitled to elect to either maintain or terminate during insolvency proceedings partially unfulfilled mutual agreements. The case at hand concerned a long-term supply agreement with an energy supplier. While it is not clear to which other contract types the court would apply a similar logic, the judgment is undeniably of great importance for the drafting of termination rights in German commercial contracts. The clause now invalidated by the BGH was one that could be typically found in many German (and international) contracts. Going forward, attorneys and in-house counsels may be well advised to review the wording in their standard contracts (and individually negotiated contracts) and consider to no longer linking termination rights to the insolvency as such. If the right to terminate a contract is linked to other criteria that indicate the beginning of financial distress rather than the actual insolvency itself, a violation or circumvention of the statutory rights of the insolvency administrator may be prevented. Back to Top 3.3       Insolvency – Licenses in Insolvency Scenarios An analysis of the court ruling on Qimonda concerning the protection of licenses in insolvency of the licensor can be found in Section 6.1 of this 2013 Year-End Update. Back to Top 4.      Labor and Employment 4.1       Labor Law – Minimum Wage and Other Changes to Labor Market The new German government has announced several changes to regulations of the labor market. These proposed changes include: (i) the introduction of a statutory minimum wage of EUR 8.50 per hour as of 2015, (ii) curbing de-facto employment, and (iii) a limitation on the term for leasing out personnel to 18 months. In its policy roadmap (Koalitionsvertrag), the newly-elected grand coalition intends to address perceived negative developments in the labor market. Answering to a growing number of very low-wage workers, the government wishes to grant them the ability to sustain themselves and to pay sufficient pension contributions. To this end, and for the first time in German history, the government plans to establish a statutory minimum wage of EUR 8.50 per hour as of 2015. Certain tariff agreements with the unions can provide for lower wages. As a further change, the period for leasing out a temporary employee ("temp") shall be limited to 18 months. Afterwards, the temp could be automatically employed by the operational company. This change is a response to the enormous growth in the personnel leasing sector during the past years which was used to gain flexibility in light of the strict dismissal protection law in Germany. This development has led to a split in the workforce working in the same production line of a company, with temps earning considerably less than their colleagues who enjoy direct employment by the operational company. For a similar reason, the misuse of de-facto employment relationships shall be curbed by stronger investigation activities of the authorities and by an increase of works council rights. The latter is a response to recent cases of misusing free-lance schemes by many companies. For employers, the changes somewhat restrict the flexibility to adapt the number of its workforce to market demands. Additionally, the modifications will bring about the need for an increased awareness in HR processes, in order to pay closer attention to the handling of free-lancers and temps in the future. Back to Top 4.2       Labor Law – Gender Equality on Boards – Revisited The policy roadmap (Koalitionsvertrag) of the new grand coalition provides for the prompt enactment of German domestic legislation prescribing a fixed 30% gender quota in supervisory boards. The future legislation shall apply to listed corporations and to companies subject to employee co-determination and will cover vacant board positions as of 2016. Most importantly, if the quota is not met, the relevant seat on the supervisory board shall remain vacant. In addition, the fixed quota shall be supported by complimentary measures such as the obligation on companies to determine and publish targets for the increase of female representatives not only on supervisory boards but also in management boards and the management tier below and to report on progress. Parallel to German domestic announcements of forthcoming legislation, draft EU gender equality legislation also progressed in 2013. In November 2012, the European Commission proposed a directive on a target gender quota of 40% of non-executive directors by 2020. The quota is not directly binding, but puts a strong focus on procedural safeguards to tackle the glass ceiling in the appointment process. On November 20, 2013, the draft directive was approved by an overwhelming majority in the European Parliament. It is now up to the European Council of Ministers to enact the directive in 2014. However, neither German domestic legislation nor the EU directive will apply to the numerous small- and medium-sized companies that are the economy’s key drivers throughout Europe and employ the vast majority of the workforce. Still, these entities may feel incentivized to follow suit in order to remain equally attractive employers when compared to large international groups of companies. Companies which are directly affected by the forthcoming legislation should timely (i) review the appointment procedures for vacant supervisory board positions in their constitutional documents as well as the practical handling of nominations for supervisory board membership, and (ii) consider appropriate and realistic target quotas to be at the forefront of board gender diversity. Back to Top 4.3       Labor Law – General Meeting to Determine Board Compensation The grand coalition has announced its intention to change the governance for determining the compensation of managing board members of a German stock corporation (Aktiengesellschaft, or AG). Currently, the supervisory board (Aufsichtsrat) is in charge of negotiating all the contractual terms with these managers. In order to enhance transparency, the general meeting of shareholders (Hauptversammlung) shall now decide the managers’ contractual compensation on the supervisory board’s suggestion. For those multinational groups whose German subsidiary is structured as an AG, this new legislation will change their corporate governance – and possibly also their public affairs. Many other groups, however, will not be affected, as their German subsidiaries are limited liability companies (GmbH), where the shareholder is competent in any event. Back to Top 5.      Real Estate 5.1       Real Estate – Scope of Necessary Disclosure for the Seller of Real Property On February 1, 2013 the German Federal Supreme Court (Bundesgerichtshof – BGH) decided that the seller of real property must clarify distorting information regarding the factual rental income derived from the property if (i) such information is of recognizable importance to the purchaser’s decision to acquire the real property, and (ii) the purchaser was right to assume that such information would be disclosed according to the principles of good faith and trust or if such duty of disclosure results from the parties’ agreement. In the case at hand, the purchase price for the real property was based on a multiplier of the annual rent payable by the main tenant under a long-term lease agreement even though the actual rental income realized by the main tenant under a sub-lease was considerably lower. The BGH held that under the principles of good faith and trust each contract party could pre-contractually be obliged to disclose any information and circumstances that might put the purpose of such contract at risk and/or that are of substantial importance for the decision of the other party. A significant difference between the rental income as stipulated in the lease agreement (and thus in the purchase agreement) and the factual rent paid by the subtenants could in principle qualify as such relevant information. The BGH further held that even though the principles of good faith and trust might not require such pre-contractual disclosure in a particular case, the parties could provide for contractual obligations to disclose such information in the purchase agreement. According to the purchase agreement in the case at hand, the seller was obliged to disclose to the purchaser all lease agreements including any amendments, additional agreements as well as any correspondence with the tenants. However, the seller did not disclose any correspondence related to the sublease and the substantially lower rental income. This led the court to conclude that the seller had neglected its contractual disclosure obligations which may result in a damages claim for the purchaser. The BGH confirmed that sellers of real property do not generally have the obligation to disclose any and all information and circumstances relating to the real property to be sold. Based on the principles of good faith and trust, however, sellers may be obliged to disclose information that is of recognizable importance for the purchaser’s decision to acquire the real property. Back to Top 5.2     Real Estate – Consequences of the Termination of a Lease Agreement by the Insolvency Administrator for the other Contract Parties The German Federal Supreme Court (Bundesgerichtshof – BGH) decided on March 13, 2013 that the termination of a commercial lease agreement by the insolvency administrator on behalf of the insolvent tenant simultaneously terminates the lease agreement vis-à-vis the landlord and the non-insolvent co-tenant, i.e. with effect for all contract parties. Before this ruling, the consequences of the termination of a commercial multi-party lease agreement by the insolvency administrator for the other contract parties were debated controversially in the German legal literature. Some argued that the termination of the lease on behalf of the insolvent tenant did not affect the co-tenant and the lease subsisted in the relationship between the other parties. The BGH held, however, that the termination by the insolvency administrator terminates the lease with effect for all parties but stated that the co-tenant and the landlord are free to conclude a new lease agreement in such cases. This decision should be kept in mind when concluding future commercial lease agreements with more than one tenant. It might be advisable to include a provision in the commercial lease agreement that the lease remains in force for the other contract parties in case of a termination of the lease agreement by the insolvency administrator of one party. Back to Top 5.3      Real Estate – Policy Roadmap of the new German Government for Residential Leases The grand coalition has announced various changes to the residential lease market in Germany. The two major proposed changes are: (i) a cap on rent increase for residential leases (Mietpreisbremse), and (ii) the facilitation of energy efficient constructions and restorations. a.         Cap on Rent Increase According to its policy roadmap (Koalitionsvertrag), the grand coalition intends to limit permissible rent increases to secure "affordable living" in Germany. Thus, the policy roadmap would entitle the German states to limit potential rent increases in connection with a re-letting of residential properties to new tenants in areas where a competitive housing market exists to 10% above the respective comparative local rent. This does not, however, apply to rents that have already been above the comparative local rent before the re-letting. Thus, this cap on rent increases does not result in mandatory rent decreases in these cases. With regard to the increase of rent under existing lease agreements (Bestandsmieten) the policy roadmap sticks to the rule that, in certain areas as defined by the German states, existing rents may only be increased by 15% within every three years but only up to the comparative local rent. b.         Energy Efficiency The policy roadmap of the new grand coalition further states that energy efficient constructions and restorations shall be facilitated. As part of these energy efficiency efforts, the new German government plans to support new energy saving technologies. "Compulsory modernizations" (Zwangssanierungen), however, are not part of this energy efficiency program. The rationale behind this energy efficiency program is to support Germany’s efforts to replace nuclear power (Energiewende) by way of reducing energy consumption through more energy efficient construction and reconstruction of buildings. Back to Top 6.      Intellectual Property 6.1       Intellectual Property – Licenses in Insolvency Scenarios In July 2013, the Higher Regional Court of Munich (Oberlandesgericht München) rendered an important judgment concerning the protection of licensees in the case of insolvency of their licensors. Under German law it is presently uncertain whether non-exclusive licenses can be terminated by an insolvency administrator in case of the insolvency of the licensor as executory contract (i.e. a contract that has not yet fully been performed) under Section 103 of the German Insolvency Code (Insolvenzordnung – InsO). The present case concerned various non-exclusive patent licenses that were granted by Qimonda to Infineon when Qimonda was spun-off from Infineon and went public. When Qimonda went bankrupt, the patent portfolio constituted its most valuable remaining asset. Qimonda’s insolvency administrator had terminated these licenses based on the German Insolvency Code to protect the interests of the estate and Qimonda’s debtors. The Munich Court now found that the irrevocable, perpetual, fully paid-up, non-exclusive patent licenses granted to Infineon did not constitute executory contracts which had not yet been fully performed and were thus not subject to the administrator’s termination right for ongoing contractual obligations. Interestingly, the decision of the Higher Regional Court of Munich is widely in line with a December 2013 decision by the US Court of Appeals for the Fourth Circuit which ruled that Section 365(n) of the US Bankruptcy Code also prevented a termination of the US patent licenses in foreign main insolvency proceedings by Qimonda’s insolvency administrator as a violation of the United States’ public policy and its promotion of technological innovation because the licensee’s interests outweighed the interests of Qimonda’s debtors as represented by the insolvency administrator. These proceedings are highly relevant to the entire semiconductor industry (due to the various cross-licensing arrangements in that industry) and all patent licensees generally. The underlying question whether non-exclusive licenses may be terminated when the licensor becomes insolvent remains highly important and, so far, open: On the one hand, the Munich Court decision has been appealed to the German Federal Supreme Court (Bundesgerichtshof – BGH) and, on the other hand, the Munich Court decision itself left ample room for individual assessments and thus did not bring the hoped-for clarity and guidance for the drafting of insolvency-safe patent licenses. Hopefully the decision of the BGH will provide more clarity in this regard. Back to Top 6.2       Intellectual Property – Proposed New Block Exemption on Technology Transfers Licensing arrangements and other technology transfer arrangements are likely to undergo some significant changes following an EU Commission proposal for a revised block exemption regulation and revised accompanying guidelines for the assessment of transfer of technology agreements under EU competition rules. The proposed regulations and guidelines include a number of substantive changes that affect many aspects of the current "safe harbor" regime applicable to technology transfer agreements including, inter alia: (i) clarifying the scope of application of the regulation and safe harbor, (ii) providing additional guidance on the method of calculating market shares in the context of technology licensing agreements, (iii) re-defining certain "hard-core" (i.e. virtually "per se" rules) and exclusivity restrictions, and (iv) the provision of more extensive guidance regarding the compatibility of technology pools with EU antitrust rules. The finalized legal instruments are likely to enter into force by April 30, 2014, upon expiry of the current regime. For further details please see the Gibson Dunn Client Alert of April 1, 2013: http://www.gibsondunn.com/publications/pages/EuropeanCommission-Proposes-Stricter-EUAntitrustRules-Technology-Transfer.aspx. Back to Top 7.      Data Protection 7.1       Data Protection – More Certainty Regarding Email Reviews On May 27, 2013 the Administrative Court of Karlsruhe (Verwaltungsgericht Karlsruhe) issued an important judgment that brings more certainty into the review process of emails, e.g. during an internal investigation. Under German law it has been heavily disputed whether an employer is allowed to review its employees’ emails, if the employer has permitted employees to use its email infrastructure also for private emails. One opinion would classify employers as providers of telecommunications services in the meaning of the German Act for Telecommunications Services (Telekommunikationsgesetz – TKG) in such cases. Thus, employers who review employees’ emails that are saved on an employer’s server risk violating the telecommunications secret of the relevant employees which is sanctioned under the German Criminal Code (Strafgesetzbuch – StGB). It is important to note that pursuant to a decision of the German Federal Supreme Court (Bundesgerichtshof – BGH), emails – which have already been read by an employee but not been removed from the provider’s server – remain within the scope of the telecommunications secret. The opposing view denies that the employer can be classified as a provider of telecommunications services. This view has been strengthened by a number of decisions by German labor and administrative courts, although the respective Federal High Courts have not yet ruled on this issue. One argument is that an employer usually does not provide telecommunications services to its employees on a commercial basis. Moreover, an employer provides these services not to third parties, but within its organization with the primary goal to ensure that its employees can fulfill their contractual obligations. The recent decision of the Administrative Court of Karlsruhe backs the latter viewpoint by stating that the purpose of the German Act for Telecommunications Services is not designed to regulate the internal relationship between employers and employees, but the regulation of the relationship between telecom companies and public authorities or among telecommunications providers. However, a non-applicability of the German Act for Telecommunications Services does not mean that an email review can be conducted without hurdles: the German Data Protection Act (Bundesdatenschutzgesetz – BDSG) stipulates that an email review is only permitted if it is necessary and proportionate, and – in cases of investigations of alleged criminal offences – concrete grounds for such suspicion must exist with regard to the specific employee whose electronic data is subject of the review. For further details, see article by Walther/Zimmer, BB 2013, 2933 et seq. (available as pdf copy upon request). Back to Top 7.2       Data Protection – Regulatory Enforcement and Developments The German data protection authorities and courts had a very intense year. A lot of their enforcement activity and relevant case load concerned the internet and social media. Additionally, German data privacy authorities published important statements with regard to the EU-US safe harbor framework with reference to the recent disclosures on NSA surveillance. The authorities expressly announced that they would review data transfers under the safe harbor framework or other contractual basis very thoroughly and also indicated that they might eventually suspend such transfer frameworks. Below is an overview of some important data privacy decisions throughout 2013: A Berlin Court held various clauses in Google’s and Apple’s terms of use and data privacy statements to be void. In addition, Google had to pay a fine of approximately EUR 145,000 for the unintended collection of personal data during its Google Street View recording tours. Good news for companies that operate so-called fanpages on Facebook: The Administrative Court of Schleswig (Verwaltungsgericht Schleswig) stopped a data privacy regulator’s attempt to prevent companies from using fanpages on Facebook because of data privacy concerns. The Court found that companies operating a fanpage cannot be considered "data controllers" for the data that Facebook obtained from its members while visiting a company fanpage and therefore are not responsible for such data. This decision is, however, still under appeal. Facebook itself obtained an important favorable ruling in another proceeding before the Higher Administrative Court of Schleswig (Oberverwaltungsgericht Schleswig). The Court found that the European Facebook network was validly governed by Irish data privacy laws and fell under the competence of the Irish data privacy regulators – due to the specific circumstances also with respect to its German users. The Court therefore revoked data privacy orders imposed against Facebook by a German regulator who requested from Facebook the implementation of a feature through which German Facebook users could anonymously use the Facebook network. In another important decision, the Higher Regional Court of Hamm (Oberlandesgericht Hamm) decided that YouTube did not have to remove a video clip that revealed information about a German diplomat involved in a car accident in Moscow where he was not prosecuted for immunity reasons. Back in Germany, he was sentenced by a German Court, and the Higher Regional Court found that in this case the public information interest outweighed the diplomat’s privacy interests. The Bavarian data privacy authority fined an employee for using "open" email distribution lists. The employee had unintentionally sent mass emails to customers disclosing the recipients identity in the "To" or "cc" line of the email and thus enabling all recipients to obtain personal data (e.g. name and email address information) of other customers, which in the regulator’s view constituted a data privacy violation. A data privacy regulator in Lower Saxony has prohibited private companies from copying personal identification cards and passports for data privacy reasons. This decision was appealed but upheld by the competent appeal court. Copying customer identification documents is a wide-spread practice in many industries and it will be interesting to see if other regulators share the very strict view of the Lower Saxony data protection authority. Back to Top 7.3       Data Protection – Employee Data Privacy Protection Since the German government withdrew its proposal for more detailed rules on employee data protection in February 2013, no further progress has been made to modernize the legislative framework for employee data privacy laws in Germany. It now remains to be seen whether the grand coalition will make a renewed attempt and resume a legislative initiative on employee data privacy protection or primarily fosters this process by supporting the enactment of an EU data privacy regulation. Back to Top 8.      Compliance 8.1       Compliance – Increased Corporate Liability for Law Violations In 2013, corporate liability for compliance violations committed by management or employees was considerably increased. Such liability occurs in cases of illegal conduct such as bribery, fraud against third parties, falsification of books and records or antitrust violations to the benefit of the corporation. Effective June 30, 2013, the German Administrative Offences Act (Gesetz über Ordnungswidrigkeiten – OWiG) constituting corporate liability was amended as follows: (i)    A tenfold increase of corporate fines for offences committed by bodies or executives of corporations in violation of legal duties affecting the corporation, or for the failure to establish effective controls to prevent law violations, to up to EUR 10 million for intentional conduct, and up to EUR 5 million for negligent conduct, respectively; (ii)   The right of enforcement authorities to impose administrative fines on legal successors of corporations in cases of universal or partial succession under the German Transformation Act (Umwandlungsgesetz – UmwG) up to the value of the assets assumed; and (iii)  An acceleration of the authorities’ options to freeze assets of corporations that are subject to pending administrative fine proceedings, to the effect that assets can already be confiscated or seized by attachment in rem once the regulatory authority competent for the misconduct in question has issued a fine order, even if the authority’s order is later found to be illegal or excessive by the courts, which may take several months or even years. The amendments are relevant for all German-based legal entities, German branches of foreign entities and foreign persons committing crimes or administrative offences on Germany territory. The latter amendment may become particularly relevant for foreign and international corporations doing business in Germany, as the risk that assets may be expatriated or the lack of significant domestic assets frequently provides sufficient legal reason and justification for the authorities to order confiscation or seizure. Further, it is worth noting that the aforementioned maximum fines can be exceeded without limitation up to the benefits the corporation derived from the misconduct, e.g. including profits made under a contract that was illegally obtained by bribery. Such indirect disgorgement of profits may easily exceed the mere administrative fine amount by a multiple. For further details please see the Gibson Dunn Client Alert of July 9, 2013: http://www.gibsondunn.com/publications/Pages/Tenfold-Increase-of-CorporateFines-ComplianceViolations-in-Germany.aspx. Back to Top 8.2     Compliance – New Legislation regarding Criminal Liability of Corporations on the Horizon An even more fundamental development to watch out for is the proposed adoption of a "Corporate Criminal Code" (Verbandsstrafgesetzbuch), under which – for the first time under German laws – criminal sanctions could be imposed directly against corporations. On November 14, 2013, a majority of the German states’ justice ministers resolved to introduce a bill for such a Corporate Criminal Code. The draft bill includes profoundly aggravated liability exposure for corporations facing criminal investigations and sanctions. This includes a legal obligation of prosecutors to open investigations into allegations of corporate misconduct, limiting currently existing discretionary powers. Further, the range of possible sanctions against corporations would be widened not only to include monetary fines, but also warnings with suspended sentences, the publication of criminal convictions, a debarment from public subsidies or public tenders, and, as a last resort, the compulsory liquidation of the corporation. Monetary fines would no longer be limited to statutory maximums (as described above), but could rise to up to 10% of the average total revenue of the corporation. On the other hand, the bill proposes that the court may refrain from sanctions if the corporation has adopted or installed adequate organizational measures or resources to prevent similar corporate misconduct in the future, and (i) no significant damage has occurred or such damage has been retrieved, or (ii) the corporation has materially contributed to have the corporate misconduct uncovered by voluntary disclosure and providing evidence to the enforcement authorities, provided, however, that such voluntary disclosure was made prior to the opening of criminal proceedings. Thus, for the first time German law would expressly acknowledge effective compliance management systems and cooperation as mitigating factors to decrease fines, or even to prevent corporate liability for employees’ misconduct. In addition, the grand coalition in its policy roadmap (Koalitionsvertrag) committed to further legislative anti-corruption initiatives, including amendments to the German Criminal Code (Strafgesetzbuch – StGB) regarding the adoption of an extended criminal offence of "bribing members of parliament", as well as a new criminal offence of "active and passive bribery in the healthcare business". The latter offence is intended to close a gap resulting from a restrictive interpretation of current German laws by the courts according to which key statutory offenses of active and passive bribery do not apply to private medical practitioners because they cannot be regarded as public officials even when making decisions on medical treatments paid for by public health insurance. In a similar vein, the (private) German Association for the Voluntary Self-Monitoring of the Pharmaceutical Industry on November 27, 2013, decided on a new Transparency Code, which among other things prohibits its members to make any gifts (including those of nominal value such as pens or writing pads) to members of the healthcare profession, and constitutes the obligation to publish all benefits of monetary value to such members. The key provisions of the Code shall come into effect after approval by the German Federal Cartel Office ("FCO"), but not before July 1, 2014. The legal amendments and legislative initiatives described once more stress the need for corporations to conduct thorough risk assessments and take preventive measures to avoid corporate responsibility for white collar crimes and other illegal conduct. If necessary, companies should review existing compliance procedures to test whether they are sufficiently robust and effective to control such risks, and further refine such procedures where required. Back to Top 8.3     Compliance – European Union responds to new Threats with stronger Anti-Money Laundering Rules On February 5, 2013 the European Commission has adopted the 4th Anti-Money Laundering Directive to update and strengthen the existing rules on anti-money laundering and terrorist financing. The new Directive consists of two proposals which are based on recommendations of the Financial Action Task Force (FATF), the international anti-money laundering body founded at the initiative of the G7 states. With the Directive, which emphasizes the risk based approach, the European Commission aims to extend the scope of the anti-money laundering rules and to establish consistent regulations across the Member States. The following aspects of the Directive are especially noteworthy: (i)    A tightening of the rules on customer due diligence shall ensure more transparent and effective procedures. Specifically, a clear mechanism to identify beneficial owners will be required and companies must hold accurate and adequate information on the persons who in fact stand behind the company. (ii)   The scope of the provisions dealing with politically exposed persons will be expanded. (iii)  Furthermore, the gambling sector will also be covered by the rules. (iv)  For persons dealing in goods or providing services against cash payment, the relevant threshold will be lowered to EUR 7,500 instead of EUR 15,000 as per today. Persons handling cash transactions above the designated threshold will need to carry out customer due diligence, maintain records, conduct internal controls and report suspicious transactions. The European Parliament and the Council of Ministers will have to adopt the proposal, supposedly in the beginning of 2014. Subsequently, the Member States will get a two-year timeline to implement the Directive into national legal frameworks to comply with the requirements of the new provisions. Back to Top 8.4       Compliance – Reform of Foreign Trade Regime, New Leniency Program As of September 1, 2013, the German legislator has reformed the entire German regime of foreign trade legislation by replacing the two applicable sets of rules, the Act on Foreign Trade (Außenwirtschaftsgesetz – AWG) and the Regulation on Foreign Trade (Außenwirtschaftsverordnung – AWV). This complete legal reform became necessary because the previous provisions had become somewhat unmanageable due to several amendments. The new set of rules is clearly structured and thereby resolves several uncertainties such as discrepancies between the lists on controlled dual use goods at the German national and the European Union (EU) levels. At the same time some material modifications have been made, the most prominent of which are a review of the penalty system, a simplification for the export within the European Economic Area (EEA) and a leniency program for minor offenses. The changes in the penalty system for breaches of the AWG or AWV have two sides. On the one hand, willful breaches of material rules, such as the undeclared export of controlled goods or the violation of embargos, result in stricter penalties. These breaches are now all considered criminal offenses with a possible sentence of up to 15 years of imprisonment. On the other hand, minor offenses, such as incomplete information in the permit process, are all reduced to administrational offenses, not carrying the risk of jail sentences. The newly introduced possibility to apply for a leniency program with regard to most administrative offences is available as long as a breach has not yet been detected by the authorities. A person or entity becoming aware of such an offence can now notify the offence to the authorities, which in return can exempt the offender from the fine. As in anti-trust leniency proceedings, this procedure also requires detailed information on what steps have been taken and are planned to avoid such offences in the future. In sum, the new set of rules provides a necessary simplification of the German foreign trade legislation which also incorporated some adaptations to EU law. A practical result is the increased importance of foreign trade compliance systems, as not only the penalties for breaches have been increased but a functioning compliance program is key to benefit from the leniency program. Back to Top 9.      Antitrust 9.1       Antitrust – Merger Control a.         Merger Control after the 8th Amendment of the ARC The 8th Amendment of the German Act against Restraints of Competition (ARC) entered into force in June 2013. The reform which is mainly intended to align domestic competition law with the European framework brought about several changes in the area of merger control. Most importantly, the amended ARC introduces the so-called significant impediment of effective competition ("SIEC") test. The new test-criterion replaces the old test which was solely based on an establishment or strengthening of a dominant market position. In the amended ARC, the establishment or strengthening of a dominant market position remains relevant only as an example for a significant impediment of effective competition but is likely to continue to play a vital role due to its practical importance. In that regard, the relevant threshold for a presumption of market dominance by a single undertaking has been increased from 33% to 40% market share. Additionally, under the new law, it will become impossible to circumvent German merger control by means of so-called "salami tactics". Under the old regime it was technically possible to avoid a filing in Germany if the target was split in several pieces whereby none would generate a turnover exceeding EUR 5 million in Germany. Under the new ARC, transactions occurring between the same undertakings within a timeframe of two years have to be accumulated. The amended ARC also introduces an exception from the general prohibition of closing before merger clearance has been obtained in the event of public bids or a series of transactions in securities admitted to trading on a stock exchange in order to facilitate transactions which involve publicly traded companies. For further details on the relevant changes of German merger control stemming from the 8th ARC Amendment please see the Gibson Dunn Client Alert of June 14, 2013: http://www.gibsondunn.com/publications/pages/8thAmendment-Act-Against-Restraints-of-Competition-in-Germany.aspx. b.         Merger Control: Foreign-to-Foreign Draft Guidelines In December, the German Bundeskartellamt (Federal Cartel Office – FCO) published draft guidelines regarding its jurisdiction over foreign-to-foreign mergers for public consultation. In addition to meeting the revenue thresholds, appreciable domestic effects are a further prerequisite for triggering a merger filing requirement in Germany. While the publication provides important guidance that facilitates the assessment whether a transaction fulfills the domestic effects test, the final determination if a transaction has effects on the German market still requires a careful case-by-case analysis. In fact, for the sake of legal certainty and in order to avoid the invalidity of a transaction, the FCO in its draft guidelines concludes that businesses should notify a transaction in case of doubt. c.         Fine for Incomplete Merger Filing From an enforcement perspective, the FCO seems to put a focus on and stress the formalities of merger control filings. Most significantly, in late 2013, the FCO imposed a fine of EUR 90,000 (approximately USD 120,000) on an individual for submitting incomplete information during a merger notification. The notification failed to contain complete information regarding other shareholdings of the lead shareholder of the acquiring group. In addition to the acquiring group, the individual also held share participations in a major competitor by way of a trustee relationship. This link between the acquiring group and the competitor was not initially disclosed to the FCO but subsequently found relevant for the FCO’s market assessment. Back to Top 9.2       Antitrust – Anti Cartel Enforcement Update The year 2013 marked another year with very high fines resulting from the FCO’s antitrust enforcement activities, with reported fines totaling approximately EUR 240 million (approximately USD 314 million). The FCO’s activity in 2013 concentrated on the manufacturing of railways, confectionaries, and consumer goods as well as flour production. The 8th Amendment of the ARC also brought about significant changes to the enforcement of German antitrust law. Of particular importance is a new obligation for businesses to report their turnover upon request of the FCO for purposes of calculating an antitrust fine. Previously, the FCO lacked the necessary competence to issue information requests for this purpose and, therefore, frequently had to launch dawn raids in order to obtain relevant data. Additionally, and following a deviating German Federal Supreme Court (Bundesgerichtshof – BGH) decision, the legislator clarified that in cases of at least partial succession in law, the FCO may impose a fine on the antitrust infringer’s successor. It should be noted that this rule is not applicable in cases where only assets have been acquired from the original infringer. The amended ARC also provides for more enforcement tools for the FCO. The FCO may now as an ultima ratio also order structural measures such as unbundling in order to sanction cartels. Furthermore, the amended ARC allows for orders made by the FCO that cartel infringers must reimburse profits generated by means of illegal cartel activities. Therefore, in principle the FCO may already anticipate later damage awards by means of administrative orders to some extent. In June 2013, as a consequence of a landmark ruling by the BGH in February 2013, the FCO published new fining guidelines. Under the ARC, a fine imposed on a company involved in a cartel can amount to up to 10% of its annual group turnover. The new fining guidelines now comply with the February 2013 decision of the BGH which held that the 10%-of-turnover limit for cartel fines is not a capping threshold (for a potentially otherwise higher fine), but constitutes the maximum value within the possible range of fines (assuming the worst possible antitrust infringement). Key factors for calculating fines according to the new guidelines are the company’s group turnover and the turnover that was achieved on the market in which the anti-competitive practice took place for the duration of the infringement. Compared to the old regime, the new guidelines focus more on the size of the company. Consequently, it can be expected that large conglomerate companies may face significantly higher fines in the future while fines for smaller one-product companies are likely to decrease. A case which drew a lot of public attention but which ultimately did not result in a fining decision, concerned Amazon’s general terms for its platform Amazon Marketplace. Due to a price parity clause, sellers were prohibited from selling products they offer on Amazon Marketplace cheaper on any other internet sales channel. The prohibition applied to both other internet platforms as well as the sellers’ own online shops. The FCO’s main concern was that the restriction of the sellers’ freedom to determine their sales prices also resulted in a restriction of competition between different internet marketplaces. After the FCO started its investigation including a market survey, Amazon abandoned its price parity clauses for good. Back to Top 9.3       Antitrust – Private Enforcement The 8th ARC Amendment introduced material changes to private antitrust enforcement. One of the key changes has been that consumer associations now also enjoy standing for claims for omission and rectification. They may also bring claims whereby cartel infringers are ordered to pay damages for the benefit of the German federal budget. Such claims may be brought where damages have been inflicted on a large number of cartel victims (scatter damages). Consequently, it can be expected that consumer associations may assume a more prominent role in private antitrust enforcement in Germany. Furthermore, the German courts delivered several judgments in 2013 which further clarified if and to what extent damages can be awarded as a consequence of illegal cartel conduct. The Higher Regional Court of Munich (Oberlandesgericht München) issued a judgment which further clarified the allocation of the burden of proof between claimant and defendant in damage proceedings. The ARC provides for so-called follow-on actions whereby civil courts in damage proceedings are bound by prior administrative or court decisions which finally determine breaches of antitrust law (e.g. a final court decision confirming an antitrust fine). The Munich Court held that this binding effect does not, however, apply to the factual basis of the damages which actually occurred and the necessary chain of causation between antitrust conduct and damage. Therefore, claimants are still required to provide a sufficient factual basis in that regard in order to prove their claim. In this context the Higher Regional Court of Cologne (Oberlandesgericht Köln) held that economic projections and business plans invoked in order to prove damages resulting from antitrust infringements need to be sufficiently precise and based on realistic assumptions in terms of their feasibility from a business perspective. The Court decision applies a rather strict burden of proof for antitrust damages. Therefore, there remain realistic chances for defendants to tackle alleged damages in antitrust cases on factual grounds. Efforts to bring "class action style"-claims for damages in Germany have been curtailed to some extent due to a December 2013 judgment rendered by the Higher Regional Court of Düsseldorf (Oberlandesgericht Düsseldorf). The Court dismissed a claim worth EUR 131 million (approximately USD 174 million) brought by the Cartel Damage Claims company (CDC) against six members of a cement cartel. Before launching the action for damages, CDC acquired and bundled individual claims from 36 cement purchasers. Despite the fact that the Court in 2007, by way of an interim judgment, had held that the claim was permissible from a procedural perspective, it now dismissed the action based on substantive grounds. According to the Court’s reasoning, the assignment of individual claims to CDC was partially in breach of rules against the unauthorized practice of law applicable at the time of assignment because CDC did not hold a permission to liquidate third party claims. Additionally, the Court found that the assignment of individual claims to CDC was contrary to public order because the claimant, a corporate vehicle established for the purpose of pursuing this action, would own far from sufficient funds to compensate the defendants’ statutory legal fees in case the action were dismissed and thus provided an inappropriate and unjustified risk for the defendants and inappropriate shield for the original cartel purchasers. The Court indicated, however, that a different contractual structure may have resulted in a different outcome. Hence, besides the fact that the judgment can be appealed, the judgment leaves room for interpretation and offers options how to structure such claims going forward. Defendants need to remain mindful that mass litigation is likely to remain an issue also in Germany. Back to Top Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. The Munich office of Gibson Dunn brings together lawyers with extensive knowledge of corporate, tax, labor, real estate, antitrust, intellectual property law and extensive compliance / white collar crime experience. The Munich office is comprised of seasoned lawyers with a breadth of experience who have assisted clients in various industries and in jurisdictions around the world. Our German lawyers work closely with the firm’s practice groups in other jurisdictions to provide cutting-edge legal advice and guidance in the most complex transactions and legal matters. For further information, please contact the Gibson Dunn lawyer with whom you work or any of the following members of the Munich office: General Corporate, Corporate Transactions and Capital MarketsBenno Schwarz (+49 89 189 33 110, bschwarz@gibsondunn.com)Lutz Englisch (+49 89 189 33 150), lenglisch@gibsondunn.com)Philip Martinius (+49 89 189 33 121, pmartinius@gibsondunn.com)Markus Nauheim (+49 89 189 33 122, mnauheim@gibsondunn.com)Birgit Friedl (+49 89 189 33 151, bfriedl@gibsondunn.com)Marcus Geiss (+49 89 189 33 154, mgeiss@gibsondunn.com)Eike Grunert (+49 89 189 33 121, egrunert@gibsondunn.com) Finance, Restructuring and InsolvencyBirgit Friedl (+49 89 189 33 151, bfriedl@gibsondunn.com)Marcus Geiss (+49 89 189 33 154, mgeiss@gibsondunn.com)Hubertus Schröder (+49 89 189 33 152, hschroeder@gibsondunn.com) TaxHans Martin Schmid (+49 89 189 33 110, mschmid@gibsondunn.com)Christian Schmidt (+49 89 189 33 110, cschmidt@gibsondunn.com) Labor LawMark Zimmer (+49 89 189 33 130, mzimmer@gibsondunn.com) Real EstatePeter Decker (+49 89 189 33 115, pdecker@gibsondunn.com)Daniel Gebauer (+ 49 89 189 33 115, dgebauer@gibsondunn.com) Antitrust and Intellectual Property Michael Walther (+49 89 189 33 180, mwalther@gibsondunn.com)Kai Gesing (+49 89 189 33 180, kgesing@gibsondunn.com) Corporate Compliance / White Collar MattersBenno Schwarz (+49 89 189 33 110, bschwarz@gibsondunn.com)Michael Walther (+49 89 189 33 180, mwalther@gibsondunn.com)Mark Zimmer (+49 89 189 33 130, mzimmer@gibsondunn.com)Eike Grunert (+49 89 189 33 121, egrunert@gibsondunn.com)  © 2014 Gibson, Dunn & Crutcher LLP Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

July 31, 2014 |
2014 Mid-Year eDiscovery Update: Is This the ‘Year of Technology’ in eDiscovery?

Orange County partner Gareth Evans and New York partner Jennifer Rearden are the authors of “2014 Mid-Year eDiscovery Update: Is This the ‘Year of Technology’ in eDiscovery?” [PDF] published in the July 31, 2014 issue of Bloomberg BNA’s Digital Discovery & e-Evidence. Reproduced with permission from Digital Discovery & e-Evidence, 14 DDEE 372, 7/31/14. Copyright 2014 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com

July 22, 2014 |
2014 Mid-Year French Law Update

While the first year of President Hollande’s mandate has been focused on societal reforms (same-sex marriage, immigration, justice, reform of school timetables), his New Year’s Address confirmed that the Government’s efforts should concentrate on employment and growth for 2014.  Pledges to cut public spending, reduce labor costs for businesses and lower taxes have been made. The current Administration is trying to place greater emphasis on social negotiation, which has been the case notably with the "responsibility pact" for business, entered into with French employers’ associations.  At the same time, faced with the duty to deal with certain controversial public debates, the French Administration has been pressed, in certain circumstances, to take urgent legislation (as opposed to legislation deliberated and voted by Parliament).  While this process offers the advantage of speediness, it may result in recent legislation being affected by a lack of consistency and hindsight as it aims at coping with specific situations. In this article, we aim at giving you a brief overview of some major legal changes at the beginning of 2014.  Some entail future developments that both French companies and potential investors in France should take into account with respect to their French operations in the coming months. _______________________ Table of Contents 1.  Corporate, M&A 2.  Insolvency and Restructuring 3.  Contracts 4.  Tax 5.  Real Estate 6.  Labor and Employment 7.  Data Protection 8.  Public Law 9.  Antitrust _______________________ 1.                 Corporate, M&A 1.1              Corporate, M&A – Impacts of the law aimed at recovering control over the real economy dated March 29, 2014 on listed companies The recent law aimed at "recovering control over the real economy" dated March 29, 2014 (the "Statute") contains a chapter devoted to listed companies, which notably impacts the rules governing double voting rights, takeovers and grants of free shares.  Double voting rights The Statute expands the scope of double voting rights, which were a mere option before, and shall now automatically apply (as from April 1, 2016) to listed companies’ shares provided they are entirely subscribed and held in the shareholders’ name for at least two years.  However, it will still be possible for companies to avoid automatic double voting rights by amending their bylaws prior to April 1, 2016.  Takeovers The Statute introduces a waiver threshold which renders the public offering null and void if it has not been reached by the offeror. Indeed, a voluntary or mandatory public offering shall be automatically null and void if, upon expiry of the offer, the offeror has not obtained a sufficient number of shares representing at least 50% of the share capital or voting rights of the target company.  In such a case, all shares that would have been brought to the offer would return to their initial holders. With regard to mandatory public offerings triggered as soon as a shareholder exceeds certain thresholds set by the law (as a basic rule, 30% of the share capital), the Statute introduces an additional mechanism allowing to suspend voting rights associated with the portion of shares that exceeds the threshold set by law until the relevant shareholder acquires 50% of the share capital or sells its portion of shares held in excess of the threshold.  This mechanism aims at preventing de facto takeovers where the offeror would not pay the entire price associated with taking over the control.  The Statute also lowers from 2% to 1% of the share capital the possibility offered to a shareholder holding between 30% and 50% of the share capital or voting rights to increase its stake over 12 consecutive months.  In addition, the prerogatives granted to workers’ councils have been reinforced by the Statute, as the target company’s workers’ council is now associated to the entire takeover process.  Indeed, whereas the workers’ council was only informed of a takeover before the entry into force of the Statute, it must now be consulted and issue an opinion on the contemplated offer, within a specific timeframe.  In addition, the Statute provides for so-called "rendezvous" clauses between the offeror and the workers’ council every 6, 12 and 24 months following takeover of the company, during which the offeror reports to the workers’ council about the implementation of its intentions in terms of employment and business activity.  Finally, the Statute suppresses the neutrality duty imposed on the management of the company during a takeover.  From now on, the management is entitled to implement anti-takeover actions with no need for shareholders’ prior approval, within the limit of the company’s corporate interest.  However, it is possible for companies to maintain the management’s neutrality duty by inserting such duty into the company’s bylaws. Grants of free shares Last but not least, the Statute also raised the cap for the allocation of free shares to employees to 30% of the share capital, compared to 10% before.  1.2              Corporate, M&A – French Decree requiring Government approval for foreign investments in strategic business sectors On May 14, 2014, the French government extended the blocking power of the French Ministry of the Economy with respect to foreign investments, whether from EU or non-EU investors, regarding six new business sectors.  The new rules came into effect on May 15, 2014 and concern the energy, water, transport, communications, defense and health sectors.  These new rules supplement existing regulations requiring foreign investors, prior to making an investment in specified sectors, to obtain an authorization from the French Ministry of the Economy. Extension of the protected sectors The new rules extend the list of business sectors subject to this prior authorization.  Now covered are the activities related to goods, products or services, essential to preserve French interests in relation to public order, public security and national defense listed below: Integrity, security and continuity of energy supply (electricity, gas, hydrocarbon or other sources of energy); Integrity, security and continuity of water supply in compliance with the rules established in the interest of public health; Integrity, security and continuity of the operations of transportation networks and services; Integrity, security and continuity of the operations of electronic communication networks and services; Integrity, security and continuity of operations which are essential for the defense, security or survival of the French nation and nuclear plants; and Public health protection. Authorization process Any foreign investor contemplating investing in an entity or line of business which falls into one of the business sectors mentioned above, is required to seek an authorization from the French Ministry of the Economy, irrespective of the size of the investment. The Ministry of the Economy has a two-month period of time to review the contemplated investment.  Failing an answer within this time-line, the investment is deemed to be authorized.  An authorization may be subject to the divestment of assets.  Please note, however, that the two-month period starts running only from the time the file is deemed complete by the Ministry. Failure to comply with the procedure may lead the Ministry of the Economy to order the investor to withdraw from the investment, to modify the scope of its investment or to annul the investment.  Failure to comply with this order exposes the foreign investor to a fine in a maximum amount equal to twice the investment amount (in addition to the annulment of the investment). Examination by the European Commission The European Commission has already publicly indicated that the protection of strategic interests by an EU member state is essential but that the means put in place to achieve the protection must be proportionate to their goal.  The European Commission stated it will examine these new rules and decide whether they comply with EU rules. For further details on this new Decree, please see the Gibson Dunn Client Alert of May 16, 2014: http://www.gibsondunn.com/publications/Pages/French-Decree-Requires-Government-Approval-for-Foreign-Investments-in-Strategic-Business-Sectors.aspx 1.3              Corporate, M&A – Introduction of class actions in France for consumer and competition infringements After the French Constitutional Council (Conseil constitutionnel) approved the compatibility of the class action mechanism with the French Constitution, the French Statute on Consumer Protection n°2014-344 of March 17, 2014 has finally been enacted (hereinafter the "Statute").  French class actions must be differentiated from US class actions where all people meeting the criteria are automatically included in the class unless they "opt-out".  In France, the procedure is based on an "opt-in" system whereby consumers must express their consent to be part of the group and claim their individual compensation after a judgment on the professional’s liability has been handed down by a civil court.  A limited scope A class action can only be brought in case of consumer and competition infringements, excluding infringements of health and environmental laws at the moment. In order to go to court, consumers must have been wronged by one or several professionals of the same category whether in the context of a sale of goods or a provision of services or as a result of an infringement of competition law.  At least two consumers must have been placed in an identical or similar situation due to the breach by a professional of its contractual or legal obligations.  The class action only allows for financial or in kind compensation of individual economical damages; losses resulting from bodily or moral injuries are thus excluded. Class actions can only be brought before the courts by a few nationally and accredited consumer associations as defined in Article L. 411-1 of the French Consumer Code (15 for the time being).  Procedure The Statute distinguishes two types of procedure, the "regular" procedure and a "simplified" procedure. With regard to the "regular" procedure, the court will determine, in a first judgment, whether the conditions required for the launching of a class action are met and will rule, should the case proceed, on the professional’s liability on the basis of individual cases presented by the association. The court will thus also determine: (i)           the group of consumers entitled to compensation or set the criteria for group inclusion; (ii)          the damages that can be awarded to each  consumer or class of consumers forming the group and the amount of those damages; (iii)        the practical means for consumers to join the group and obtain compensation; (iv)        the timeframe for consumers to join the group (opt-in) and the timeframe for liquidation of the assessed damage; and (v)          the measures needed to inform the consumers potentially concerned by the class action of the court decision. At any stage of the procedure, the court may order any measures it deems necessary to preserve and produce evidence. Once the consumers have opted in to participate in the class action, the damages will either be collected directly from the professional or through the association or legal professional assisting the association with the proceedings.  Any difficulty that may arise during the liquidation of the losses will be solved by the same court in a second judgment.  Consumers who have not received compensation from the professional will be represented by the association in order to obtain the enforcement of this second judgment which will rule on the difficulty and order the professional to pay. In cases where the identity and number of consumers are identified, a "simplified" procedure may be followed.  In such cases, the court may, in a single judgment, rule on the professional’s liability and order the person to directly and individually compensate the consumers under the terms and within the timeframe set by the court.  When the decision becomes final, all the consumers must be individually informed of the decision at the professional’s expense and each must then accept compensation as provided by the court. Specific provisions regarding competition law Class actions for anti-competitive practices can only be brought on the basis of a final violation decision from French or EU competition authorities, which can no longer be appealed as regards the findings of a violation.  The suit must be filed within five years from the date on which the final decision is no longer appealable. Mediation The Statute allows negotiated settlements through mediation.  Only the association that brought the class action can participate in the mediation.  The agreement resulting from mediation must be endorsed by a court in order to be binding and enforceable on the parties.  As the Statute introduces a new concept in the French legal system, it is difficult to anticipate its practical consequences.  However, it appears that the class action procedure is long and complex and is more in the hands of the accredited consumer associations than the courts.  In addition, the procedure requires human and financial resources that said associations do not necessarily have.  Despite this, it is likely that that the new Statute will have a significant impact, first in the fight against anti-competitive practices and second if the law is extended (as expected) to health, environment, discrimination and, later, to any type of damages suffered by consumers. 1.4              Corporate, M&A – Introduction in France of non-binding shareholder say-on-pay vote on executive corporate officers’ compensation Despite Mr. Hollande’s campaign pledge to regulate the compensation of executives in large corporations, and after extensive and heated public debate on this topic, France finally decided to implement a softer approach by inserting an ex-post control by the shareholders of the compensation of corporate officers of listed companies. The latest version of the AFEP-MEDEF Code of Corporate Governance for Publicly Traded Companies (which is the corporate governance code most commonly used by French listed companies) issued in June 2013 introduced non-binding shareholder say-on-pay vote on executive corporate officers’ compensation.  This recommendation is effective since January 2014 and requires the board to include advisory say-on-pay resolutions in every annual shareholders meeting.  Thus, the board should submit to the shareholders’ vote all elements of compensation of each executive corporate officer with respect to the fiscal year under review, whether they are stock options, performance shares or any long term incentives, termination or retirement benefits, or benefits of any kind.  The proposed resolution of the shareholders, which requires a simple majority vote for its approval, is purely advisory and non-binding.  Therefore, the compensation of corporate executive officers remains exclusively set by the board.  In the event of a negative vote, the board after consultation of the compensation committee should call a subsequent special board meeting to reexamine the issue.  The board should thereafter publish a press release on the company’s website mentioning any actions taken in response to shareholders expectations that were expressed during the shareholders meeting.  It should be noted however, that negative vote decisions are extremely rare.  As mentioned the vote is not binding on the board of directors and the board still has the power to modify unilaterally the compensation of executive corporate officers.  However a negative say-on-pay vote may adversely affect the brand of a company and the repute of its board in the mind of investors and of the public at large.  A negative vote could even potentially lead to the resignation of the corporate executive officer concerned. In practice, in France, for a large majority of companies, the resolution proposed to the shareholders does not provide the elements or amount of executive officers’ compensation, details of which are usually set forth in companies’ annual reports.  Therefore, the new system does not significantly increase shareholders’ rights of information.  In addition, for the first year of its application, we are not aware of any CAC 40 companies where the proposed say-on-pay resolution received a negative vote.  More specifically, for most CAC 40 companies say-on-pay resolutions have been approved with approximately the same percentages as other resolutions.  Only one say-on-pay resolution of CAC 40 companies was adopted with substantially less number of votes whereas the majority of other resolutions were adopted by more than 80%. From a comparative standpoint, the French system is much less constraining than the one implemented in October 2013 in the United Kingdom which introduced a new obligation for all listed UK companies to put the remuneration policy to a binding shareholder resolution at least every three years, in addition to the pre-existing requirement to have, at each annual general meeting, an advisory shareholder vote on an implementation report on how the approved compensation policy has been implemented during the past year. However, France’s say-on-pay regulations can be compared with those of the majority of countries which tend to choose advisory say-on-pay votes rather than binding ones.  This is for example the case in Germany, where parliament’s upper house voted in September 2013 against a proposed statute that would require a binding annual shareholder vote. It is worth mentioning that the European Commission has recently published a proposal to review the Shareholders’ Rights Directive, whereby the Commission proposes to introduce a binding vote on remuneration policy every three years and an advisory annual vote on how the remuneration policy has been implemented.  Given the significant differences of European Union Member States’ company law, it will be set out in detail for Member States how these principles will be complied with and what procedures would need to be followed if shareholders reject the remuneration policy. 1.5              Corporate, M&A – Employee representatives appointed as members of the board of directors in large companies Designed to increase collective expression of employees and greater consideration for employees’ collective interests, the June 14, 2013 statute on the securing of employment introduced new requirements for employee representation in large companies that employed more than 5,000 employees over the last two financial years.  These companies are now required to appoint employee representatives as members of their board of directors or supervisory board.  From now on, at least one employee representative must be appointed in companies where the number of directors is less than or equal to twelve, while companies with more than twelve directors are required to appoint two employee representatives.  These employee representatives holding a seat in the board of directors are granted similar rights and prerogatives as other directors.  Their eligibility is notably conditioned to the fact that they are hired under an employment agreement for at least two years.  Also, the duties of employee representative at the board of directors are incompatible with the mandate of member of the Workers’ Council. 1.6              Corporate, M&A – The creation of a specialized Public Prosecutor: the financial Public Prosecutor The statute n° 2013-1117 on the fight against tax fraud and serious economic and financial crime and the organic statute n° 2013-1115 on the financial Public Prosecutor dated December 6, 2013 provide for the creation of a financial Public Prosecutor’s office headed by the financial Public Prosecutor under the authority of the General Prosecutor at the Paris Court of Appeal.  This new Public Prosecutor is specifically in charge of financial matters, with jurisdiction over offences committed over the entire national territory. The financial Public Prosecutor has been granted several levels of competence: (i)           he has an exclusive jurisdiction to investigate and pursue offences related to stock market activities (until now vested in the General Prosecutor of Paris), i.e., insider trading, dissemination of false or misleading information and market manipulation; (ii)          he shares concurrent jurisdiction with that of the courts of first instance (tribunaux de grande instance) regarding bribery of foreign public officials (art. 435-1 to 435-10 of the French Criminal Code and private bribery and bribery regarding highly complex sports betting (art. 445-1 to 445-2-1 of the French Criminal Code); and with that of the Inter-regional Specialized Jurisdictions (Juridictions inter-régionales spécialisées or "JIRS") with regards to certain specific offences when such offences have a high degree of complexity due to the number of authors, accomplices or victims, or their geographical reach: damages to probity including bribery in the public sector, influence peddling, unlawful taking of interest, pantouflage/revolving door (i.e., employment of former state officials in the private sector; VAT fraud, tax fraud and organized tax fraud; and Money laundering in connection to the aforementioned offences as well as any related offences.  The creation of this new specialized Public Prosecutor has raised concerns as to the scope of its nationwide competence which overlaps with that of the JIRS.  Indeed, the "high degree of complexity" criterion appears in both the provisions on the JIRS and those regarding the financial Public Prosecutor.  To clarify the potential overlap of jurisdiction between that of the JIRS and that of the financial Public Prosecutor in said specific offences, the French Minister for Justice issued a circular on January 31, 2014 which notably indicates that the financial Public Prosecutor is intended to have jurisdiction over cases likely to have a major national or international impact.  2.                 Insolvency and Restructuring – The Latest Reform of French Insolvency Proceedings On March 12, 2014, ordinance n°2014-326 (the "Ordinance") introduced several significant changes in French insolvency law.  The contemplated purpose of this reform was to increase the creditors rights in French pre-insolvency and insolvency proceedings or, at least, to rebalance the powers between debtors and creditors in such proceedings.  The final reform is somehow less ambitious, since one of the main contemplated changes (the possibility for the commercial tribunal to force the majority shareholder to transfer its shares to certain creditors) was removed from the final version of the Ordinance. This Ordinance came into force on July 1st, 2014, but will be applicable only to proceedings opened after this date (and not to pending proceedings). Conciliation One of the major changes brought by this reform is the introduction in the conciliation proceedings (procédure de conciliation) of the possibility for the debtor to prepare a so-called "pre-packaged" plan.  Thus a mission "aiming at the sale, in whole or in part, of the debtor’s business, which could be implemented, if necessary, within the frame of subsequent safeguard, recovery or liquidation proceedings" can now be vested in the conciliator.  This mission can only be vested in the conciliator at the request of the debtor, with creditors giving their advisory opinion.  Financial contributions made during conciliation proceedings but prior to the execution of the conciliation agreement can now benefit from the so-called "conciliation privilege" (privilège de conciliation) (previously, only the contributions made pursuant to such an agreement and simultaneously with, or after, its execution could benefit from that privilege).  In case of subsequent safeguard, recovery or liquidation proceedings (procédures de sauvegarde, de redressement judiciaire et de liquidation judiciaire), claims benefiting from such a conciliation privilege (i) are paid by priority just after the super privileged wages claims and legal expenses arising from the proceedings, and (ii) cannot be subject to an extension of the payment term or a reduction of their amount under a subsequent plan approved by the commercial tribunal.  Any provision of the conciliation agreement pursuant to which the debtor bears the costs for a creditor’s advisor is now deemed unenforceable.  Similarly to the legal provisions applicable in connection with safeguard, recovery and liquidation proceedings, any contractual provision triggered by the opening of an ad hoc mandate (mandat ad hoc) or conciliation proceedings and resulting in worsening the debtor’s situation (most of the time, by providing the early termination of the agreement) is deemed unenforceable. Finally, the major change is the possibility now offered to the debtor subject to conciliation proceedings, who receives, "during the proceedings" a payment notice or is being sued by a creditor for payment, to request from the commercial tribunal an extension of the term of the relevant liabilities pursuant to the ordinary civil law provisions of Articles 1244-1 and seq. of the French civil code (i.e., for a maximum of two years). Safeguard proceedings Prior to the reform, only the debtor (and not the creditors), with the assistance of the court-appointed administrator could submit a draft safeguard plan, the members of the creditors’ committee being only allowed to make suggestions to the debtor for the drafting of this proposal and vote on this proposal.  Now, if the creditors’ committee (financial and/or suppliers’ committee) has been convened (i.e.,  only for companies reaching a certain size), any creditor, member of such a committee, can submit a draft safeguard plan for approval by the committees (and subsequently, if approved by the committees, by the commercial tribunal), on which the court-appointed administrator of the debtor’s business has to file a report.  The underlying idea of this change is to overcome a potential unwillingness to act from the debtor. "Accelerated safeguard proceedings" (procédure de sauvegarde accélérée) have been created by the reform, following the introduction, in 2011, of accelerated financial safeguard proceedings (procédure de sauvegarde financière accélérée).  While the latter were opened only to financial creditors, the new one now also includes non-financial creditors. The purpose of these new accelerated proceedings is to allow debtors to negotiate a "pre-packaged" plan, under conciliation, with the majority of their creditors, prior to the opening of safeguard proceedings and to adopt a safeguard plan, within a limited time period, based on this pre-package (see-above).  Accelerated financial safeguard has now become a specific category of accelerated safeguard proceedings. Such proceedings shall not impact either the creditors whose claim would arise after the opening of the proceedings nor the employees of the business. Accelerated safeguard proceedings can be opened only in case of failure of conciliation proceedings (conciliation must be pending), in case the debtor is not insolvent or has been insolvent for less than 45 days.  Such proceedings are only opened to companies: the financial statements of which have been certified by statutory auditors or drafted by a certified public accountant and which have reached one of the following thresholds in terms of employees (20), turnover (EUR 3,000,000 tax excluded) and aggregate amount of balance sheet (EUR 1,500,000); or which have filed consolidated financial statements. Accelerated safeguard proceedings can be opened for a maximum of 3 months (only 1 month for accelerated financial safeguard proceedings). Recovery proceedings The Ordinance removed the right for the commercial tribunal having jurisdiction over a debtor to examine ex officio the potential opening of recovery proceedings (procédure de redressement judiciaire) against a debtor. Some provisions have been introduced aiming at facilitating the acquisition of share capital by a third-party (e.g., a creditor).  First, as in safeguard proceedings, creditors are allowed to submit to the creditors’ committees an alternative recovery plan.  This draft plan may provide for the acquisition by a third party of an equity share (or its participation to a share capital increase) and is, in that case, submitted to the shareholders’ meeting for approval.  Creditors are now entitled to have a representative appointed by court to convene the shareholders of the debtor for such a general meeting.  The court-appointed representative can also vote in the place of reluctant shareholders, in order to overrule these shareholders and to vote a share capital increase in favor of one or more persons (e.g., certain creditors), as required, as the case may be, pursuant to the recovery plan (plan de redressement).  The purpose is to facilitate the transformation of liabilities into shares, which necessarily results in existing shareholders being diluted.  One limit has however been set: the court-appointed representative is authorized to vote only up to the amount required for the net assets to equal to half of the amount of the share capital (legal minimum requirement). In addition, in case the draft recovery plan or the plan provides for a share capital increase or a share transfer, any provision (of the by-laws, notably) establishing a prior approval before a transfer of shares are deemed unenforceable. Yet, as indicated hereabove, contrary to what was initially contemplated, the provision allowing courts to force the transfer of shares from an existing shareholder was set aside.  Therefore, despite the fact that the Ordinance is a step forward towards creditors, French insolvency law still significantly favors shareholders. 3.                  Contracts – Proposed reform of contract and quasi-contract law After a decade of projects and reports as well as multiple debates and discussions with social and economic actors, the government’s proposed reform of contract and quasi-contract law was disclosed on October 23, 2013.  After discussions between the Senate and the government, senators are against a modification of the French Civil Code by the government by way of ordinance and would like the project to be subject to a parliamentary debate.  In the weeks to come, the National Assembly will have to decide whether the government should be entitled to adopt, by ordinance, the project.  At first glance, the project essentially aims at codifying general approved standards and principles set forth by French courts over the past years.  The project is organized in a chronological order and clarifies the rules of contract formation and performance.  Its major trends are to try and increase legal security but also, at the contract performance stage, to leave a wider intervention capacity to judges.  Contract formation The project proposes notably to codify French case law rules related to promises and pre-emption agreements.  The project provides that the revocation of a promise during the option period shall not prevent the conclusion of the contract.  Additionally, the conclusion of the contract in violation of a promise would be null.  Regarding pre-emption agreements one of the major French case law decisions would be partially codified: a contract concluded in violation of a pre-emption agreement by a third party knowing of the existence of such pre-emption agreement shall be vacated or the non-breaching party to the pre-emption agreement shall have the right to be substituted with the third party.  To allow such cancellation or substitution, the project does not take up the requirement (which existed in the French Supreme Court famous decision and has been continuously criticized by several authors because of the evidentiary difficulties it raises), according to which the third party had to have knowledge of the beneficiary party’s intent to implement the pre-emption agreement. More importantly, the project proposes to clarify the well-known French case law solution of December 1995 related to framework contracts and contracts involving sequential performance.  After having refused to allow a party to unilaterally set the contract price on the ground that the price of a contract should be determined at the conclusion of the contract, the French Supreme Court ruled in 1995 that a framework contract or a contract involving sequential performance is valid even though the parties did not agree on the contract price.  However the Court did not expressly recognize the ability for the party to determine the price unilaterally.  The project proposes to explicitly introduce the ability for the parties to a framework contract or a contract involving sequential performance to decide that the price will be unilaterally determined by one of the parties.  In case of abuse, the judge would be able to interfere within the contract to review the contract price.  Another important provision of the project is the ability for the judge to vacate a clause when it is significantly disproportionate between the parties’ rights and obligations (this ability, which is currently granted in consumer contracts through protection systems against unfair terms, would thus be extended to all contracts).  The project is silent on how judges will appreciate whether a clause is disproportionate.  Finally, the project intends to remove the concept of cause.  This proposed change is explained by recent case law decisions toward a more business-oriented interpretation of the contract.  However, it shall be noted that the principal functions of the concept of "cause" would nevertheless be maintained.  Thus, for example, the project provides that a consideration must exist in all contracts concluded for a pecuniary interest; it also proposes to codify the famous Chronopost case law according to which a clause depriving the debtor’s essential obligation of its substance shall be deemed null and void. Contract Performance At the contract performance stage, the project proposes to enable judges to modify the contract and restore its financial equilibrium in the face of unexpected and uncontrollable events.  According to the project, when the performance of the contract would become excessively expensive for a party, such party would be entitled to request the renegotiation of the contract even though no renegotiation clause was initially set forth in the contract.  In the event of the parties’ failure to renegotiate the contract, they may agree by mutual consent to invite the judge to decide upon appropriate changes to the contract.  Failing such agreement, either party could ask the judge to terminate the contract, on the date and on such terms as it may decide.  The project also proposes to introduce the anticipatory breach concept: a party would be entitled to suspend the performance of its obligation when it is unlikely that the other party would perform its obligations in time and provided that the consequences of the threatened breach would likely be significant for the non-breaching party.  Finally, another crucial provision proposed by the project would be the ability for the judge to refuse specific performance of the contract when the costs of such performance would be manifestly unreasonable.  French courts generally entitle a party to request specific performance from the breaching party provided such specific performance is feasible.  By giving the judge the ability to exercise control over specific performance, the project would introduce a balance between the principle of the binding force of contracts and the power of judicial review.  However, the project is silent on how judges will appreciate the costs of specific performance.  4.                  Tax 4.1              Tax – Can a company decide to not deduct an accounting depreciation (CE Foncière du Rond Point, December 23, 2013)? A company had booked a depreciation in 1996 on real estate assets but had decided to not tax deduct it.  In 1998 and 1999, following the sale of the assets, the company had recaptured the depreciation from an accounting point of view but had considered that such recapture was not tax deductible (since the depreciation had not been tax deducted).  However, the Supreme Court held that since the 1996 depreciation was justified from an accounting and tax point of view, the company should have tax deducted such depreciation in 1996.  Thus, the Supreme Court decided that the recapture of the depreciation in 1998 and 1999 was taxable.  As a result of this decision, the company has been subject to a double taxation (no right to deduct the depreciation from a tax point of view in 1996 and taxation of the recapture of the depreciation in 1998 and 1999). Prior to this decision, companies usually considered that they had the choice to not tax deduct accounting depreciations on buildings (as the tax authorities often challenged this tax deductibility in the 90’s).  Based on this new decision held by the French Supreme Court, companies will usually have no choice but to tax deduct accounting depreciation provisions, asserting the primacy of the inherent connection between tax and accounting rules.  This jurisprudence raises various adverse tax consequences which need to be carefully monitored.  In particular, the situation of companies having booked accounting depreciations in previous financial years which they have not tax deducted needs to be reviewed.  In addition, companies which have to book such depreciations have to consider the fact that the tax loss carried forward deriving from such depreciations may only be used to offset 50% of the recapture profit exceeding EUR 1 million. 4.2              Tax – Hybrid financing and interest deduction (2014 Finance Law) Article 22 of the 2014 Finance Law introduced new rules affecting the tax deduction of interest accrued on advances among related companies.  Thus, such interest is tax deductible for the borrower company provided that the lender company is subject to corporate income tax on such interest.  Such tax must amount to at least 25% of the corporate income tax which would have been due, had the lender company been established in France.  These new provisions are applicable to financial years closed from September 25, 2013 on. This provision addresses particularly the situation where the lender company is a transparent entity or a collective investment fund located abroad.  The "subject to tax" test is carried out at the level of the lender company.  According to the French tax authorities, such test is met if the gross interest income is taxed at a rate at least equal to 25% of the French corporate income tax rate.  In particular, the fact that such income is offset by various expenses at the lender’s level seems to be irrelevant. 4.3              Tax – Need to notify the assignment of a shareholders’ current account (CE SCI Immotel, June 11, 2014) This decision confirms that in case of assignment of a shareholders’ current account, it is essential that such assignment is notified to the debtor by a bailiff in accordance with article 1690 of the French civil code.  If not, it is usually almost impossible for the debtor to evidence the existence of the assignment based on this jurisprudence.  As a result, the French tax authorities are entitled to tax the debtor on the amount of the shareholder’s current account amount assigned to the third party.  It is thus highly recommended to comply with the formalities of article 1690 of the French civil code in case of assignment of a shareholder’s current account. 5.                  Real Estate – The "Pinel" Statute and its Impact on Leases The "Pinel" Statute (the "Statute"), passed by the Senate on June 5, 2014 comprises a number of provisions in favour of local retailers.  Among these provisions, the first seven articles of the Statute bring important changes to the leases regime.  The Statute, with regard to leases, aims to "limit rent increases" and "balance the relationship between small commercial tenants and lessors".  The provisions related to leases are applicable to contracts entered into or renewed as of the first day of the third month following the publication of the Statute in the Official Journal.  Some of the provisions of the Statute, which may affect not only small local businesses, but also any company which enters, or has entered, into a commercial lease, are described hereafter. Tenant’s Possibility to Terminate the Lease every Three Years The lessor loses the possibility to ask the tenant to waive its right to terminate the lease at the expiry of every three-year period.  This modification of the Statute does not apply to lessors of leases exceeding nine years, office leases or single-use leases. Furthermore, the Statute facilitates the terms of the notification of the termination of the lease and enables the parties to choose to notify the lease termination by "registered letter with acknowledgement of receipt" or by "extra-judicial act". Modification to the Provisions relating to the Renewed or Adjusted Rents The ICC is no longer the standard index of commercial leases.  After the entry into force of the Statute, the ILC and the ILAT indexes will replace the ICC with regard to lease renewal and rent adjustment.  However, the Statute is silent with regard to the index applicable to rent indexation clauses. Article 4 of the Statute provides for a variation of the rent capped at 10% of the amount of the rent of the precedent year in case there is a significant modification of the elements determining the rental value or if there is an exception to the rent cap rules (article L. 145-34 of the Commercial Code).  This 10% cap also applies to triennial rent adjustments (article L. 145-38 of the Commercial Code) and to leases including a rent indexation clause (article L. 145-39 of the Commercial Code). This statutory cap applies only to the leases which rent is contractually uncapped.  This statutory cap applies neither to the leases where of duration is longer than nine years, nor to the leases where parties have expressly waived the possibility to cap the rent, nor to "article L. 145-36 leases" (vacant lands, single-use premises and office premises). Statutory Obligation to draw up Entry and Exit Inventories Article 5 of the Statute provides for a new article in the Commercial Code, i.e., article L. 145-40-1 which makes compulsory the contradictory entry and exit inventories between the lessor and the tenant.  If appropriate, these inventories can also be drawn up by a bailiff. Statutory Obligation to draw up a precise and exhaustive Inventory of all Expenses and Taxes related to the Lease The same article 5 of the Statute provides for a new article L. 145-40-2 indicating that any lease shall include a schedule containing a precise and exhaustive inventory of all expenses and taxes related to the lease.  This inventory should also indicate the allocation of such expenses between the lessor and the tenant. Furthermore, the lessor shall communicate, upon execution of the lease and every three years thereafter, an estimated budget of the works to be carried out for the next three years, as well as a statement of the works carried out during the previous three years.  A subsequent decree shall provide for the implementing measures.  Some lessors may be unable to recoup some expenses on their tenants, if these expenses were by their nature at the lessor’s mandatory charge.  Thus, there is a risk that these provisions challenge the performance of "triple net" leases. As a general comment and although the Statue intends to help small commercial tenants, its provisions are likely to have a larger scope since they generally affect the French general commercial leases regime. 6.                  Labor and Employment 6.1              Labor and Employment – Key Elements of the Statute on the Securing of Employment and its Impact on French Labor Law The entry into force of the June 14, 2013 Statute on the securing of employment (the "Statute") has reshuffled French labor law and practice quite significantly over the first six months of 2014, especially in terms of collective expression of employees.  Extension of the scope of Workers’ Council consultation The Statute increased the Workers’ Council’s prerogatives notably by expanding the scope of mandatory consultation.  Under French law, the Workers’ Council is notably tasked with a general mission of conveying collective expression of employees to ensure that their collective interests are taken into consideration by the employer prior to making any significant decision that would notably impact the management or evolution of the economic and financial situation of the company, work organization, professional training or production technique.  The Workers’ Council is also informed and consulted on numerous occasions, notably on issues relating to the organization, management and running of the enterprise, on projects resulting in a decrease in workforce or restructuring of the business and notably in case of takeover of an enterprise, or in the event of insolvency proceedings. In addition to the above-mentioned situations where prior information and consultation of the Workers’ Council is traditionally required, the Statute increased the scope of the Workers’ Council’s prerogatives to include an annual consultation notably on the enterprise’s strategic orientations and their impact on business activity, on employment, on the evolution of positions and skills, on the organization of work, on the use of subcontractors, temporary work, temporary contracts and internships.  A new consultation procedure for the Workers’ Council: nature of the information to be transmitted and applicable delays Nature of the information to be transmitted When consulted, the Workers’ Council must be in a position to issue an informed opinion on the decision to be made by the employer.  French labor law thus provides that the Workers’ Council must receive "precise and written information" from the employer, as well as the employer’s explanations to the Worker’s Council’s observations prior to being consulted on a contemplated decision.  If the Workers’ Council considers that it did not receive sufficient information to issue an informed opinion, it can seize the competent jurisdiction to have it issue an order compelling the employer to communicate the missing information.  The court’s decision is rendered within eight days, yet such procedure does not result in extending the applicable consultation delays, determined as detailed below.  Applicable delays Prior to the enactment of the Statute, the Workers Council’s opinion (whether positive or negative) was legally required though no timetable was set to limit the consultation period, which often resulted in blocking prospected deals or similar operations.  This created potentially huge hurdles in France since such opinion could easily be delayed by several months if the Workers Council so decided.  The Statute introduced a new consultation procedure which gives greater powers to the employer and the Workers’ Council to organize the consultation timetable, thus preventing potential blockage.  Subject to the minimum 15-day delay set by the Statute, the employer and the Workers’ Council are encouraged to enter into an agreement setting out the timeframe of the contemplated consultation taking into consideration the nature and complexity of the question subject to its consultation, provided the agreement is approved by the majority of the Workers’ Council’s members.  In the event no agreement has been agreed upon on a given matter, the Workers’ Council is granted one month to issue its opinion.  This 1 month delay is however increased in case of expertise (2 months), in case of consultation of one or several hygiene, security and working conditions committee(s) ("CHSCT") (3 months) and in case an entity coordinating the various CHSCT is implemented (4 months).  These delays start running as soon as the information necessary to support the consultation procedure is made available by the employer to the Workers’ Council.  Information is considered to be available as soon as it is communicated by the employer or uploaded on the new social data base that was also created by the Statute.  Once the aforementioned consultation delays have been exceeded, the Workers’ Council is deemed to have been properly consulted and to have issued a negative opinion.  The employer is thus no longer at risk of committing a criminal offense of obstruction, sentenced by a EUR 3,750 criminal fine and a one-year jail sentence. A new procedure applicable to collective dismissals on economic grounds The Statute also modified the procedure applicable to collective dismissals on economic grounds (i.e., dismissals of ten or more employees over a period of 30 days) notably with regard to the consultation of the Workers’ Council.  In companies with more than 50 employees, collective dismissals on economic grounds require implementing a Plan for the Safeguarding of Employment ("PSE").  The PSE includes provisions designed to reduce the number of dismissals or to ensure redeployment of impacted employees within the group.  It also includes provisions on the modalities of information and consultation of the Workers’ Council, on the weighting of the criteria selected to determine the orders of dismissals, on the dismissals’ timeline, on the number of prospected dismissals and the type of impacted professional categories, on the modalities pursuant to which the employer’s training, adaptation and redeployment obligations are to be implemented, etc. Following the entry into force of the Statute, the employer is now required to consult the Workers’ Council on the rationale and the terms of the prospected dismissals during at least two meetings, held no sooner than 15 days apart.  The employer must communicate to the Workers’ Council all relevant information concerning the contemplated restructuring of the company and related dismissals beforehand.  This information includes: economic, financial or technical rationale of the prospected dismissals, number of prospected dismissals, affected professional categories, etc. The Workers’ Council issues two opinions: one on the restructuring of the company and another one on the PSE, within a delay that cannot exceed two months following the Workers’ Council first meeting when less than 100 dismissals are contemplated.  The Workers’ Council may decide to be assisted by an expert auditor.  The Statute also changed the form of the PSE, which may either take the form of: a majority collective agreement, negotiated between the employer and representative unions.  In such a case, the labor administration is granted a limited role: it is informed of the opening of negotiations and then only operates a light and limited control of the agreement during the certification process; or a unilateral document issued by the employer alone.  In such a case, the PSE is subject to a more heavy control by the labor administration, which controls the relevance and proportionality of the measures proposed by the employer during the certification process.  If the proposed measures are deemed unsatisfactory, the labor administration may very well deny certification to the PSE, thus considerably delaying the dismissal process.  6.2              Labor and Employment – Survival of the obligation to pay profit-sharing bonuses to employees in case of increase in dividends paid to shareholders On April 8, 2014, the French Ministry of Labor, in a response to the Managing Director of the Association Française des Entreprises Privées (French Association of Private Sector Companies), took the view that French rules relating to profit-sharing bonuses (prime de partage des profits) resulting from article 1 of Statute n°2011-894 dated July 28, 2011 which amended the statute relating to social security for 2011 (the "Statute") are still in force. The AFEP asked the French Ministry of Labor for clarifications because of the provisions of paragraph XIV of article 1 of the Statute according to which the aforesaid article 1 applies until the intervention of a law following the results of an inter-professional national bargaining, on December 31, 2013 at the latest, on value added sharing which may notably propose legislative adaptations in the field of participations and incentive provided for in the French Labor Code. According to the French Ministry of Labor, only a law following an inter-professional national bargaining on value added sharing is limited in time and not the profit sharing bonus itself: therefore, given that no law has been adopted prior to January 1, 2014, the provisions of the statute relating to profit sharing bonuses remain in force, including the provisions relating to social security exemptions. As a reminder, according to Article 1 of the Statute, commercial companies with more than 50 employees have to pay a bonus to all employees if such companies distribute an increased dividend to their shareholders compared to the average dividends per share distributed in the last two financial years.  From a social security standpoint: a profit sharing bonus is exempted from social security contributions, up to the limit of EUR 1,200 per year and per employee.  Beyond that, it will be subject to social security contributions for the part exceeding this ceiling.  This profit sharing bonus is also subject to the CSG (the general social security contribution) and CRDS (the indirect tax for the repayment of the social security debt) and to the corporate social contribution of 20%. From a tax standpoint: a profit sharing bonus is considered as an additional compensation in favor of the employee and is subject to income tax (as salary). This position of the French Ministry of Labor is not shared by the Association Nationale des Sociétés par Actions (French Association of Joint Stock Companies): it considers that, in the absence of the adoption of the statute referred to in paragraph XIV of article 1 of the Statute on December 31, 2013, the Statute is no longer applicable since January 1, 2014.  However, these are only interpretations of the statute with no legal value, and the position of the French Ministry of Labor cannot be ignored. 6.3              Labor and Employment – Reform of unemployment benefit indemnification Under French law, the payment of unemployment benefits is postponed by two "suspension" delays: a fixed period of time of 7 days, and a variable period of time known as "deferred compensation delay" (différé d’indemnisation) calculated based on two sets of amounts paid to the terminated employee.  Starting July 1, 2014, the convention relating to unemployment benefits entered into between employers’ representatives and trade unions on May 14, 2014 modified, inter alia, the calculation of the deferred compensation delay. This delay is the result of two delays (expressed in a number of days) determined based on two different sets of amounts paid to the employee upon termination of the employment contract: (i) first, a delay calculated as amounts paid as a compensation for accrued but unused paid leave divided up by the employee’s reference daily salary and (ii) second, a delay calculated as amounts paid as "non-statutory" indemnities divided up by ninety.  Prior to the reform, this last specific delay was limited to a maximum of 75 days.  It can now reach up to 180 days. This increased delay postponing the payment of unemployment benefits is likely to be taken into consideration during negotiations triggered by the departure of an employee notably in the context of a mutually agreed-upon termination (rupture conventionnelle homologuée).  In such a situation, it appears that as soon as the terminated employee receives more than EUR 16,200 as indemnities under a mutually agreed-upon termination, the cap of 180 days is reached regardless of the nature (statutory vs. contractual) of these indemnities. 7.                  Data Protection 7.1              Data Protection – Deliberation n°2013-420 of the CNIL Sanctions Committee imposing a financial penalty against Google Inc. On March 1, 2012, Google decided to merge into one single policy the different privacy policies applicable to about sixty of its services, including Google Search, YouTube, Gmail, etc.  Nearly all Internet users in France are impacted by this decision due to the number of services concerned.  The "G29" (EU Data Protection Authorities working group) then decided to carry out an assessment of this privacy policy.  It concluded that it failed to comply with the EU legal framework and thus issued several recommendations, which Google Inc. did not effectively follow-up upon.  In this context, the Sanctions Committee of the CNIL (French Data Protection Authority) issued a monetary penalty of EUR 150,000 to Google Inc. on January 3, 2014, upon considering that it did not comply with several provisions of the French Data Protection Act (the "Act").  One of the most interesting aspects of this decision relates to the applicability of the Act, which provides in its Article 5 that it is applicable to the processing of personal data where (i) the data controller is established on the French territory, it being specified that the data controller which carries out an activity on the French territory within the framework of an installation, whatever its legal form, is deemed to be established thereon and (ii) the data controller, without being established on the French territory or on that of another Member State uses means of processing located on the French territory, with the exception of processing carried out only for purposes of transit through this territory or that of another Member State.  Google Inc. notably maintained that (i) the services accessed by users located in France are provided exclusively by Google Inc., which is established in the United States and that since Google France does not effectively carry out any operation in which Google Inc. processes personal data, it would not qualify as an "establishment" within the meaning of the Act and that (ii) it has recourse to no means of processing located in France.  On this last aspect, Google Inc. notably argued that the Data Protection Directive 95/46/EC was not intended to apply to data processing carried out on the computers and mobile terminals of users through cookies (which Google Inc. qualifies as mere "text files") or similar tools. (a)               On the concept of "establishment": the Sanctions Committee points out that Google France does effectively participate in activities related to the processing of data relating to users of its services.  It points out in this respect that the activity of on-line advertising, which generates the majority of its income, is inseparable from the processing of users’ personal data, since it is because of the considerable volume of data about them available to it that it may guarantee to advertisers its services of extremely precise targeted advertising.  Given the volume of these activities located in France, the Sanctions Committee considers that Google France should be qualified as an establishment within the meaning of Article 5 of the Act, concerning data processing implemented for the purpose of advertising.  The circumstance that the technical operations of processing happen to take place outside of France has no impact on this interpretation. (b)               On the concept of "means of processing": in any event, even if one were to consider that only Google Inc. is the data controller in the case, the Sanctions Committee considers that the Act is applicable to the case in as much as Google Inc. uses means of processing located in France.  Indeed, the Sanctions Committee, while admitting that a text file does not itself qualify as processing, points out that both reading and writing of information on the browser installed on the user’s terminal are done by means of cookies, with the purpose of collecting information of which Google Inc. is the sole recipient.  Further, Article 2 of the Act defines processing specifically as any operation of collection, recording, consultation, extraction, communication by transmission, broadcast or any other form of sharing.  Thus, access to user information through the medium of a cookie and the reading thereof do indeed constitute processing as understood in this provision.  Moreover, Article 32-II of the Act explicitly provides for an obligation of prior information on any party initiating "any action tending to access, via electronic transmission, information already stored in its electronic communications terminal equipment, or to write information on such equipment", this party being expressly defined in the law as the data controller.  Consequently, any resource making it possible to perform such actions must be qualified as "means of processing" as understood in the Act.  This confirms the opinion 8/2010 on applicable law, issued by the G29 on December 16, 2010, which had already considered that cookies qualified as "means of processing". The financial penalty imposed against Google Inc. in this case is the highest the Sanctions Committee has issued until now.  Google confirmed on January 15, 2014 that it had lodged an appeal against this decision.  The procedure is now on-going before the French Council of State (Conseil d’Etat). 7.2              Data Protection – The CJEU new Google judgment and the contour of the "right to be forgotten" Data protection law is about to fundamentally change the functioning of search engines.  The CJEU (the "Court of Justice of the European Union") decision of May 13, 2014 regarding Google is giving valuable insight on the legal approach of the activity of research engines, and on their liability with regard to the European data protection regulation.  This decision is important not only for search engines, but also for every individual, since it creates a tangible right to protect one’s e-reputation. In 2010, a Spanish citizen lodged a complaint with the Spanish data protection authorities against a newspaper and against Google in order to obtain the deletion of personal data contained in webpages dating from 1998.  These webpages, as well as the links leading to them after a search, were considered as infringing on the plaintiff’s right to privacy. On the one hand, with regard to search engine providers, this CJEU judgment is relevant for the applicability of the Data Protection Directive to intermediary service providers such as search engines.  From the European judges’ point of view, the Data Protection Directive is materially applicable to search engine providers as the latter are actually performing a secondary processing of personal data when indexing and sorting data.  Although the definition of a controller as "the person who determines the purposes and means of processing of personal data" is hardly applicable to Google’s search engine, which cannot detect data containing personal data from other data, the European judges dismissed this argument, considering that Google is "collecting", "extracting", "registering" and "organizing" data within its indexation programs, which is "communicated" or "made available" to research users.  The automatic collection of data by Google makes thus the latter a "controller". The second aspect of the decision interesting search engine providers consists in the territorial application of the Data Protection Directive.  Google argued that the Directive was not applicable to its search engine activity, which is located in the U.S.  However, as the display of search results is accompanied, on the same page, by the display of advertising linked to the searched terms, the Court considered that the processing of personal data necessary to the search engine activity is carried out in the context of the commercial and advertising activity of Google Spain, thus qualifying Google Spain as an establishment of Google Inc. in the EU within the meaning of the Data Protection Directive.  This may not be the case for all search engines and will require a case-by-case analysis as to whether data processing is "carried out in the context of the activities of an establishment" within a Member State.  This test is highly fact specific and will apply differently to different search engines. On the other hand, with regard to clients of search engine providers, this CJEU judgment brings a clear improvement of the protection of their privacy.  Prior to this decision, search engine providers used to refuse European citizens’ requests for the deletion of links towards websites containing their personal data, invoking their neutrality.  With this decision, individuals can require the deletion of links towards websites containing personal data although the personal data could not be erased from the said website.  Therefore, by recognizing a right for European citizens to ask for the deletion of links towards webpages relating to their personal data, the CJEU is actually inferring from the Data Protection Directive a "right to be forgotten".  However, at the same time, the CJUE explicitly clarified that the right to be forgotten is not absolute but will always need to be balanced against other fundamental rights, such as the public interest or the freedom of expression and of the media (since, notably, publishers and journalists benefit from a special exception to the access right for processing carried out "solely for journalistic purposes").  Thus, a case-by-case assessment is needed considering the type of information in question, its sensitivity for the individual’s private life, how easy it is to obtain access to the information and the interest of the public in having access to that information.  The CJEU decision is remarkable as it strengthens a purely European view of data protection, much stricter than under U.S. law.  This CJEU decision also reminds of the French first instance court’s "Max Mosley" decision dated November 6, 2013.  This latter decision made an injunction to Google Images to immediately withdraw pictures infringing on the plaintiff’s right to privacy and to monitor that these pictures do not appear again on Google Images during five years.  It should be noted that in this decision, as opposed to CJEU’s decision, French judges upheld Google Inc.’s liability, considering that the involvement of Google France in the search engine activity was not proved. 8.                  Public Law 8.1              Public Law – Case Law overruled: Conseil d’État Allows Third Parties Direct Recourse against a public Contract In a decision Département Tarn et Garonne (CE, Ass., 4 April 2014, n° 358994), the Conseil d’État, overruling its ancient case-law (CE, 4 August 1905, Martin, n° 14220), ruled that third parties can contest the validity of a public contract or some of its clauses. According to this 2014 decision, any third party to a public contract whose interests are likely to be harmed directly by that contract may contest its validity or any specific, non-statutory clauses. Third parties can also possibly request the suspension of the performance of the contracts. The period to contest or to request the suspension lasts for two months as from the publication of notices of public contract awards. The new principle will only apply to contracts signed after April 4, 2014. 8.2              Public Law – The Status of EPIC is likely to constitute State Aid under European Law The Court of Justice of the European Union (CJUE, 3 April 2014, France vs. Commission, C-559/12 P) has confirmed that the unlimited guarantee provided by the French State to companies having the status of an EPIC (établissement public et commercial / public industrial and commercial entity), constituted State aid under Articles 107 and 108 of the Treaty on the functioning of the European Union. According to the Commission, the EPIC status is deemed to be favorable to public companies by preventing their bankruptcy and by allowing them to obtain more favorable credit terms. This solution had in fact already been partly admitted for other public establishments, such as EDF (Commission decision n° 2005/145/CE, December 16, 2003) and LNE (National Laboratory of meteorology and testing; Commission decision n° 2007/2017/CE, November 22, 2006), at the time they had the status of an EPIC. Currently arises the question of maintaining the EPIC status for several public bodies (such as SNCF or RATP). 8.3              Public Law – Publication of Three New Directives on Public Procurement The European Parliament approved on January 15, 2014 three new directives on Public Procurement (Public Contracts Directive 2014/24/EU, Utility Contracts Directive 2014/25/EU, Concession Contracts Directive 2014/23/EU). These new Public Procurement Directives were published on March 28, 2014 in the Official Journal of the European Union and they came into force on April 17, 2014. Member States must implement these Directives into national law no later than April 18, 2016. The new directives aim to simplify the rules and procedures, to increase recourse to carry out negotiations and the use of e-procurement. The new Concession Contracts Directive introduces for the first time a legal framework for the award of concessions across both the public and private sectors. In particular, this directive will improve transparency by imposing publication of concession’s notices in the Official Journal of the European Union as well as publication of notices of contract awards. 8.4              Public Law – Publication of the statute creating mixed-economy companies of unique operation (sociétés d’économie mixte à opération unique (SEMOU)) A statute allowing the creation of mixed-economy companies of single action (SEMOU) has been passed on June 18, 2014 and was published on July 2, 2014 (statute n° 2014-744). The new provision will be introduced in the General Local Authorities Code under a specific title (articles L. 1541-1 to L. 1541-3). The SEMOU is a new form of local public company, which takes the form of a limited company, created for a limited period in consideration of the fulfillment of its purpose. It can operate exclusively for the performance of the contract for which it was created and not for any other purpose. The selection of the shareholder(s)/economic operator and the award of the contract to the SEMOU are performed under a single public tendering procedure (tendering procedure, negotiated procedure or competitive dialogue). The local authority should own between 34% and 85% of the share capital and the other shareholder(s)/economic operators not less than 15%. 9.                  Antitrust – Recognition of the Right to Effective Assistance of Counsel in Case of Dawn Raid Through a decision of June 25, 2014, the French judicial Supreme Court (Cour de Cassation) ordered the French competition authority (Autorité de la concurrence) to return evidence seized from Crédit Agricole during a dawn raid. According to the Supreme Court, the French Ministry for the Economy, which was in charge of on-spot inspections at the time of the events, had denied the bank access to its counsel during the dawn raid, thereby breaching the rights of the defense guaranteed by the European Convention on Human Rights. It should be noted that the on-spot inspections were made before 2008. Since that date, article L. 450-4 of the French Commercial Code was amended by Order n° 2008-1161 of November 13, 2008. Within the new provision, a person subject to a down raid may seek counsel of his choice who can access the premises visited, get acquainted with all documents before their dawn raid and make submissions in the course of the proceedings.     Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update.  The Paris office of Gibson Dunn brings together lawyers with extensive knowledge of corporate, insolvency, tax and real estate, antitrust, labor and employment law as well as regulatory and public law.  The Paris office is comprised of a dynamic team of lawyers who are either dual or triple-qualified, having trained in both France and abroad.  Our French lawyers work closely with the firm’s practice groups in other jurisdictions to provide cutting-edge legal advice and guidance in the most complex transactions and legal matters.  For further information, please contact the Gibson Dunn lawyer with whom you usually work or any of the following members of the Paris office: Corporate/M&A/Private EquityBernard Grinspan (+33 1 56 43 13 00, bgrinspan@gibsondunn.com)Benoît Fleury (+33 1 56 43 13 00, bfleury@gibsondunn.com)  Ariel Harroch (+ 33 1 56 43 13 00, aharroch@gibsondunn.com)Jean-Philippe Robé (+33 1 56 43 13 00, jrobe@gibsondunn.com)Patrick Ledoux (+33 1 56 43 13 00, pledoux@gibsondunn.com)Judith Raoul-Bardy (+33 1 56 43 13 00, jraoulbardy@gibsondunn.com)Audrey Obadia-Zerbib (+33 1 56 43 13 00, aobadia-zerbib@gibsondunn.com) Restructuring/Insolvency Jean-Philippe Robé (+33 1 56 43 13 00, jrobe@gibsondunn.com)Benoît Fleury (+33 1 56 43 13 00, bfleury@gibsondunn.com)   Public Law/Regulatory/AntitrustNicolas Baverez (+33 1 56 43 13 00, nbaverez@gibsondunn.com)Nicolas Autet (+33 1 56 43 13 00, nautet@gibsondunn.com)Maïwenn Beas (+33 1 56 43 13 00, mbeas@gibsondunn.com) TaxJérôme Delaurière – (+33 1 56 43 13 00, jdelauriere@gibsondunn.com)Ariel Harroch (+ 33 1 56 43 13 00, aharroch@gibsondunn.com) LitigationJean-Philippe Robé (+33 1 56 43 13 00, jrobe@gibsondunn.com)Benoît Fleury (+33 1 56 43 13 00, bfleury@gibsondunn.com)Patrick Ledoux (+33 1 56 43 13 00, pledoux@gibsondunn.com)Nicolas Autet (+33 1 56 43 13 00, nautet@gibsondunn.com) Real EstateJean-Philippe Robé (+33 1 56 43 13 00, jrobe@gibsondunn.com)Benoît Fleury (+33 1 56 43 13 00, bfleury@gibsondunn.com)Jérôme Delaurière – (+33 1 56 43 13 00, jdelauriere@gibsondunn.com) Labor and EmploymentBernard Grinspan (+33 1 56 43 13 00, bgrinspan@gibsondunn.com)Jean-Philippe Robé (+33 1 56 43 13 00, jrobe@gibsondunn.com) Intellectual Property/Data ProtectionBernard Grinspan (+33 1 56 43 13 00, bgrinspan@gibsondunn.com)Audrey Obadia-Zerbib (+33 1 56 43 13 00, aobadia-zerbib@gibsondunn.com) © 2014 Gibson, Dunn & Crutcher LLP Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 13, 2015 |
2014 Trade Secrets Litigation Round-Up

2014 saw a flurry of activity in response to an increase in threats to U.S. trade secrets.  Both the House of Representatives and the Senate introduced bipartisan amendments to the EEA that would create a federal civil cause of action for the misappropriation of trade secrets.  The Department of Justice secured the first-ever indictment against foreign government actors for trade secret theft and economic espionage, charging five officers of the Chinese military with engaging in a sophisticated cyber-hacking scheme to steal U.S. company trade secrets for the benefit of Chinese competitors.  There were also further developments in several ongoing and high-profile civil litigation matters, including the Fourth Circuit’s vacatur of a nearly $1 billion jury verdict in a closely watched trade secrets misappropriation case.   Jason Schwartz, Alexander Southwell, Martin Hewett, Andrea Lucas, and Christopher Smith discuss these and other significant 2014 developments in trade secrets law in their article "2014 Trade Secrets Litigation Round-Up" published in BNA’s Patent, Trademark & Copyright Journal in January 2015. Reprinted with permission from BNA’s Patent, Trademark & Copyright Journal, 1/9/2015.  ©  2015, The Bureau of National Affairs, Inc.  Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors: Jason C. Schwartz – Washington, D.C. (202-955-8242, jschwartz@gibsondunn.com)Alexander H. Southwell – New York (212-351-3981, asouthwell@gibsondunn.com)Martin A. Hewett – Washington, D.C. (202-955-8207, mhewett@gibsondunn.com)Andres R. Lucas – Washington, D.C. (202-887-3766, alucas@gibsondunn.com)Christopher Smith* – Washington, D.C. (202-887-3764, csmith@gibsondunn.com) Please also feel free to contact any of the following practice group co-chairs: Labor and Employment Group:Eugene Scalia – Washington, D.C. (202-955-8206, escalia@gibsondunn.com)Catherine A. Conway – Los Angeles (213-229-7822, cconway@gibsondunn.com) Intellectual Property Group:Josh Krevitt – New York (212-351-2490, jkrevitt@gibsondunn.com)Wayne Barsky – Los Angeles (310-557-8183, wbarsky@gibsondunn.com)Mark Reiter – Dallas (214-698-3360, mreiter@gibsondunn.com) Information Technology and Data Privacy Group:M. Sean Royall – Dallas (214-698-3256, sroyall@gibsondunn.com)Debra Wong Yang – Los Angeles (213-229-7472, dwongyang@gibsondunn.com)Alexander H. Southwell – New York (212-351-3981, asouthwell@gibsondunn.com) * Mr. Smith is a recent graduate, not yet licensed to practice law.        © 2015 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 20, 2015 |
2014 Year-End E-Discovery Update

Click for PDF In our Mid-Year E-Discovery Update, we reported that 2014 was shaping up to be the “year of technology” in e-discovery. The remainder of the year more than lived up to those expectations. Powerful new data analytics tools have become available for search and review, predictive coding pricing is becoming more accessible and its use appears to be gaining more traction, e-discovery technologies are becoming available through the cloud, and technologies that automate aspects of information governance are becoming increasingly available. New technologies are also creating new challenges, such as the increasing use of texting and other applications on smart phones and other mobile devices. The important case law trends in 2014 have focused on (1) predictive coding and technology assisted review; (2) sanctions and the duties of counsel in connection with implementing legal holds; (3) text messaging and mobile devices; (4) proportionality; and (5) social media. After a lengthy process that began in 2010, the Judicial Conference issued a final set of proposed amendments to the Federal Rules of Civil Procedure in September that, if approved by the Supreme Court, will become effective on December 1, 2015. The most significant proposed amendments deal with building in proportionality considerations to the scope of discovery, new requirements for responding to document requests, and uniform standards for imposing sanctions for preservation failures. Most significantly, the Judicial Conference substantially overhauled its proposed sanctions rule following the public comment period. We also saw in late 2014 a greatly heightened interest emerge in information governance and the need to defensibly delete data for which there is no legal obligation or business need to retain. While information governance was primarily viewed in the past as a means of bringing high e-discovery costs under control, data breaches in 2014 that have resulted in highly publicized leaks of sensitive company emails and other confidential corporate information have added new urgency to the proper management and defensible deletion of data. Looking forward to 2015 and beyond, we expect to see the following likely trends: An increasing recognition that quite often there is not a single “magic bullet” to solve the challenges of enormous document volumes, high review costs and often inflexible production deadlines. More “holistic” approaches will be taken to search and review, utilizing more than one methodology or technology at different stages of the process or in combination with one another. The continued adoption of predictive coding at a relatively slow pace, as its use is being hampered by an absence of consistent and well-reasoned jurisprudence–or a general consensus in the legal community–regarding key issues such as whether irrelevant documents used to train and validate predictive coding models must be shared with opposing counsel. A greatly increased adoption of information governance programs, including defensible disposal of data, and the emergence of automated document classification and disposal technologies to carry out such programs. The defensibility of these programs and technologies also will also likely become an increasingly common subject in judicial decisions. Text messaging, social media and other data created or stored on mobile devices and in the “personal cloud” will increasingly become the subject of discovery and sanctions decisions. More sanctions decisions generally, even with the adoption of the proposed amendment to Rule 37(e), as the challenges and complexities of preservation and timely review and production of electronically stored information (ESI) grow. The increased use of lawyers with practices focused on e-discovery to address increasingly complex issues regarding preservation, collection, search and review strategies and technologies, and defending the reasonableness of processes employed by clients and counsel related to e-discovery. We invite you to review our discussion of these trends below, and to look out for our client updates, webinars and articles in the upcoming year.                                                                          Table of Contents The Year of Technology in E-Discovery             Data Analytics in Search and Review             Predictive Coding             Information Governance and Insourcing E-Discovery Sanctions and Ethics in E-Discovery Text Messaging and Mobile Devices Proportionality Social Media Federal Rule Amendments                         Cooperation (Rule 1)                         Proportionality and the Scope of Discovery (Rule 26(b)(1))                         Proposed Limits on Discovery Methods Withdrawn (Rules 30, 31, 33 and 36)                         Objections to Document Requests (Rule 34)                         Sanctions for Failure to Preserve ESI (Rule 37(e)) Conclusion                                                                                 The Year of Technology in E-Discovery In 2014, powerful new data analytics tools became available for search and review, predictive coding pricing became more accessible and its use appeared to be gaining more traction, e-discovery technologies became available through the cloud, and technologies that automate aspects of information governance began to emerge. While we reported on these trends in our Mid-Year E-Discovery Update, we saw them continue during the remainder of 2014, along with an increasing recognition that quite often there is not a single “magic bullet” to solve the challenges of enormous document volumes, high review costs and often inflexible production deadlines. Rather, various approaches can be taken to search and review, including a holistic approach that uses more than one methodology or technology at different stages of the process, or in combination with one another. The use of search terms has continued to be, by far, the predominant approach to search. But increasingly parties are combining the use of search terms with other technologies to improve the effectiveness and efficiency of their search and review processes. Looking forward to 2015 and beyond, counsel who are literate in the use of the latest search and review technologies will realize substantial efficiencies and advantages in litigation for their clients. Additionally, in light of leaks of sensitive emails and other corporate information as a result of highly publicized hacks and thefts of terabytes of company data, we are likely to see a greater interest in information governance and the use of technological solutions–such as automated classification and disposal–to help ensure implementation of document retention and disposal policies. A significant challenge, however, will be reconciling more complex approaches to search and review–often still using search terms as part of the process–with a judiciary and legal community that is very comfortable with the relatively straightforward, but often burdensome, methodology of running search terms through the document collection and having attorneys review every document that the search terms retrieve. Disputes related to the use of predictive coding, either alone or in combination with search terms, are an example of these growing pains. Back to Top Data Analytics in Search and Review In the past, the term “technology-assisted review” or “TAR” was often used as a synonym for predictive coding. While predictive coding has garnered much of the publicity about new search and review technologies, other technologies rightfully fall within the meaning of technology-assisted review. Indeed, in Chen-Oster v. Goldman, Sachs & Co., Magistrate Judge James Francis IV of the Southern District of New York even referred (correctly) to the use of search terms as a form of TAR. See Chen-Oster v. Goldman, Sachs & Co., 2014 WL 716521 (S.D.N.Y. Feb. 18, 2014), (holding that a party’s use of a technology-assisted review process does not mean that it must produce documents that the process identifies as potentially relevant without further human review). One of the hallmarks of 2014 is that new visual analytics applications have become available that can be a powerful supplement to other search methodologies such as search terms and predictive coding. Such analytics applications organize documents based on their internal content and their similarity to other documents in the set. While concept clustering technologies have been available for a while, the new visual analytics applications provide a more powerful user interface that visually shows clusters of documents that users click through to more detailed levels, shows how the documents are related to one another, and shows their relationships with other clusters of documents. Once a relevant or important document is found, the tool can help find similar documents. Visual analytics and other concept clustering applications can be used to find important documents early in a case and to supplement or confirm the effectiveness of other methodologies, such as search terms or predictive coding.  See Gareth Evans and David Grant, Tools Let Attorneys Follow the Breadcrumbs, The National Law Journal (Sept. 1, 2014); see also David Grant, Seeing is Believing: Using Visual Analytics to Take Predictive Coding Out of the Black Box (FTI Technology White Paper). Various analytics applications to improve the search and review process are not new, of course, but anecdotal evidence suggests they are being used more frequently than in the past. These include conceptual searching, using analytics to find documents similar to those already found, conceptual near duplicate detection, and clustering to group similar documents together into virtual folders displayed by topic. These tools can be used to find important documents more quickly and to code groups of documents more efficiently. Back to Top Predictive Coding It has become popular of late to count the growing number of judicial decisions mentioning predictive coding and to interpret that as an indication of the increasing adoption of predictive coding as a search and review methodology. By that measure, 2014 was seemingly a banner year for predictive coding, with 17 cases mentioning predictive coding compared to 9 in 2013 and 6 in 2012). But many of these cases, as in past years, merely involved references to the technology and not substantive discussions or approval of its use in the particular case. See, e.g., FDIC v. Bowden, No. 4:13-cv-245, 2014 WL 2548137 (S.D. Ga. Jun. 6, 2014) (ordering parties to “consider the use of predictive coding”); In re Domestic Drywall Antitrust Litig., 88 Fed. R. Serv. 3d 966 (E.D. Pa. 2014) (referring to the availability of predictive coding for searching ESI); Deutsche Bank Nat. Trust Co. v. Decision One Mortg. Co., LLC, No. 13 L 5823, 2014 WL 764707 (Ill. Cir. Ct. Jan. 28, 2014) (“If the parties agree that predictive coding would be appropriate in this case, they are encouraged to use that tool.”); Aurora Coop. Elevator Co. v. Aventine Renewable Energy, No. 4:12-civ-230, slip op. at 1-2 (D. Neb. Mar. 10 2014) (ordering parties to “consult with a computer forensic expert to create search protocols, including predictive coding as needed, for a computerized review of the parties’ electronic records.”); U.S. v. Exxonmobil Pipeline Co., No. 4:13-cv-00355, 2014 WL 2593781 (E.D. Ark. Jun. 10, 2014 (defendants suggested the use of predictive coding to ease the burden of production and to meet their production deadline, but the issue was not presented to the court for approval); Green v. Am. Modern Home Ins. Co., No. 1:14-cv-04074, 2014 WL 6668422 (W.D. Ark. Nov. 24, 2014) (entering parties’ stipulated ESI protocol allowing the parties with the option of using a “technology assisted review platform” in lieu of search terms to search documents); Good v. American Water Works, No. 2:14-cv-01374, 2014 WL 5486827 (S.D. W. Va. Oct. 29, 2014) (encouraging defendants to use technology-assisted review in combination with manual review to expedite privilege review). Two cases reflected that plaintiffs’ counsel had used predictive coding in analyzing and reviewing documents they had received in document productions from defendants and third parties.  In The New Mexico State Investment Council v. Bland, No. D-101-cv-2011-01434, 2014 WL 772860 (N.M. Dist. Feb. 12, 2014), the court in approving settlements in the litigation stated that “[i]n reviewing documents, [plaintiff’s counsel] implemented various advanced machine learning tools such as predictive coding, concept grouping, near-duplication detection and e-mail threading.” Id. at *6. The court further stated that “[t]hese tools . . . enabled the reviewers on the document analysis teams to work more efficiently with the documents and identify potentially relevant information with greater accuracy than the standard linear review.” Id. In approving a settlement and an award of attorney’s fees in Arnett v. Bank of America, No. 3:11-cv-1372, 2014 WL 4672458 (D. Or. Sept. 18, 2014), the court stated that plaintiff’s counsel reviewed the more than 1.1 million documents produced in the case using “search terms, predictive coding, and manual review methods.” Id. at *9. Similarly, three cases reflected that defendants had used predictive coding in reviewing documents for production in response to the initial round of document requests.  In United States v. Univ. of Nebraska at Kearney, No. 4:11-cv-3209, 2014 WL 4215381 (D. Neb. Aug. 25, 2014), the defendant objected to subsequent document requests in light of its prior use of predictive coding. Id. at *3. Although the defendant argued for cost-shifting for the additional production, the court held that the additional document requests were overbroad and did not reach the cost-shifting issue. See id. at *5. In Smilovits v. First Solar, No. 2:12-cv-00555, slip op. at 1-2 (D. Ariz. Nov. 20, 2014), the court held that defendants’ use of predictive coding did not confine plaintiffs’ document discovery to the first round of requests and noted that defendants had not provided any information about the costs to “retrain” the predictive coding tool to deal with subsequent requests. And in In re Bridgepoint Educ., Inc. Sec. Litig., No. 12-cv-1737, 2014 WL 3867495 (S.D. Cal. Aug. 6, 2014), the court denied plaintiffs’ request to require the defendant to use predictive coding on custodians’ documents that it had previously searched using traditional search terms. Id. at *4. In one case, the court ordered the defendant to use predictive coding to search more than 2 million documents after “little or no discovery was completed” before the discovery cutoff and the parties had ongoing disputes after “months of haggling” over search terms that yielded large numbers of documents for review. See Independent Living Center v. City of Los Angeles, No. 2:12-cv-00551, slip op at 1-2 (C.D. Cal. Jun. 26, 2014).  The court also held that the defendant was not necessarily required to engage in a quality assurance process as part of the predictive coding protocol, but if the plaintiff insisted upon such a process, then plaintiff would be required to pay for 50% of its costs. Id. at 2-3. A handful of cases addressed parties’ requests to use predictive coding over the objection of the opposing party. In Federal Housing Finance Agency v. JPMorgan Chase & Co., Inc., et al., No. 11-cv-6189, 2014 WL 584300, at *3 (SDNY Feb. 14, 2014), Judge Denise Cote indicated that she had approved the use of predictive coding over the objections of the plaintiff at an earlier hearing in the case. At that earlier hearing, Judge Cote is quoted in the transcript as having stated that “[i]t seems to me predictive coding should be given careful consideration in a case like this, and I am absolutely happy to endorse the use of predictive coding and to require that it be used as part of the discovery tools available to the parties.”  Id. (transcript of Jul. 24, 2012 hearing at 8). In Progressive Casualty Ins. Co. v. Delaney, No. 2:11-cv-00678, 2014 WL 3563467, at *8-*11 (D. Nev. Jul. 18, 2014), Magistrate Judge Peggy Lean of the District of Nevada denied the plaintiff’s request to use predictive coding, primarily because the request was made extremely late in the discovery period and the plaintiff had previously agreed in the parties’ ESI protocol to use search terms and human review. Nevertheless, Judge Lean described in very positive terms the potential effectiveness of predictive coding and stated that she would not have hesitated to approve a predictive coding protocol had it been submitted earlier in the case. See id. at *8. The court also criticized the plaintiff’s plan to apply predictive coding to documents hitting the search terms and not to the entire document population. Id. at *10. The Progressive decision is controversial, however, in that it also criticized plaintiff’s unwillingness to share with opposing counsel the irrelevant documents used to train the predictive coding tool. Judge Lean erroneously stated that, in the reported decisions that have approved predictive coding, “the courts have required the producing party to provide the requesting party with full disclosure about . . . the documents used to ‘train’ the computer.” See id. at *10 (emphasis added) (citing Da Silva Moore and In re: Actos). In both Da Silva Moore and Actos, which Judge Lean cited in Progressive (and in other cases allowing the opposing party to see irrelevant documents in the training sets), however, the parties seeking to use predictive coding had voluntarily stipulated to allow access to the irrelevant training documents. While in those matters the parties may not have been concerned about disclosing irrelevant documents to opposing counsel, that is often not the case–for example, in disputes among competitors, in disputes where the stakes are extraordinarily high, where there are concerns that counsel will use the knowledge gained from the irrelevant documents either in the present case or in the next case he or she brings (i.e., the “you can’t un-ring the bell” phenomenon), or where there are concerns that mistakes can be made in keeping the information confidential and the consequences of such disclosure are too great. Additionally, where document volumes are large and the prevalence of relevant documents is low, there can be several thousand irrelevant documents in the training and validation sets. In those circumstances, using predictive coding may be a non-starter if it means that the opposing party will get to see the irrelevant documents. In contrast with Progressive, the court in Bridgestone Americas, Inc. v. IBM permitted the plaintiff to change its search and review methodology mid-stream to predictive coding.  See Bridgestone Americas, Inc. v. IBM, No. 3:13-1196, 2014 WL 4923014, at *1 (M.D. Tenn. Jul. 22, 2014). The court also permitted plaintiff to undertake a hybrid approach, using predictive coding on documents initially identified through the use of search terms (nevertheless, resulting in over two million documents requiring review). The court expressly recognized that using predictive coding “is a judgment call” and that, in a case involving “millions of documents to be reviewed with costs likewise in the millions . . . . [t]here is no single, simple, correct solution possible under these circumstances.” Id. In Dynamo Holdings Ltd. Partnership v. Commissioner of Internal Revenue, 143 T.C. No. 9, 2014 WL 4636526 (Sept. 17, 2014), the tax court approved the petitioner’s use of predictive coding over the respondent’s objection that it is an “unproven technology.” Addressing one of the issues that those considering using predictive coding frequently face–i.e., whether court approval is necessary–the court observed that the petitioner’s request to use predictive coding “is somewhat unusual.” Id. at *3. The court stated that, “although it is a proper role of the court to supervise the discovery process and intervene when it is abused by the parties, the court is not normally in the business of dictating the process that they should use when responding to discovery.” Id. “If our focus were on paper discovery,” the court continued, “we would not (for example) be dictating to a party the manner in which it should review documents for responsiveness or privilege, such as whether that review should be done by a paralegal, a junior attorney, or a senior attorney.” Id. While stating that, if the respondent believes “the ultimate discovery response is incomplete,” then it could file a motion to compel “at that time,” the court nevertheless took up the issue of whether predictive coding would be allowed “because we have not previously addressed the issue of computer-assisted review tools[.]” Id. In response to the respondent’s assertion that predictive coding is an “unproven technology,” the court stated that while predictive coding is a relatively new technique, “the understanding of e-discovery and electronic media has advanced significantly in the last few years, thus making predictive coding more acceptable in the technology industry than it may have previously been.” Id. at *5. The court added that, “[i]n fact, we understand that the technology industry now considers predictive coding to be widely accepted for limiting e-discovery to relevant documents and effecting discovery of ESI without an undue burden.” Id. Whether these cases are the tip of a small or large iceberg–or something in between–of cases where predictive coding is being used is impossible to tell. By any measure, however, the number of reported decisions reflecting the use of predictive coding is very small compared to the overall number of cases being litigated. The increased number of decisions discussing predictive coding does appear to reflect an increase in awareness among the judiciary and litigants of predictive coding as an option for search and review. Some vendors of predictive coding technology claim that predictive coding is quietly gaining usage, and that it has particularly done so in 2014. Additionally, vendors’ pricing for predictive coding applications has generally come down quite significantly, making it more frequently a viable option from a cost perspective than in the past. Regardless, it is apparent that predictive coding is still in its early stages and the existing jurisprudence has not finally resolved significant issues relating to its use. Those issues include (1) whether the use of predictive coding must be disclosed to the opposing party; (2) whether court approval is necessary; (3) whether predictive coding may be used in combination with keywords; (4) whether a party must disclose irrelevant documents in the seed, training and validation sets; (5) whether the review decisions on such documents are protected attorney work product; and (6) whether and under what circumstances a party may be compelled to use predictive coding when it has selected an alternative methodology. Until there are more consistent and definitive rulings on these issues, or a general consensus emerges in the legal community, it is likely that the use of predictive coding will grow, but it will continue doing so at a slow pace. Back to Top Information Governance and Insourcing E-Discovery Information governance–generally defined as an integrated approach to records management that involves legal, business operations and IT in managing, controlling and defensibly deleting data–has been a hot topic for the past three years. Information governance can help control the rising costs of e-discovery by helping to ensure that companies do not keep data that they have not legal obligation or business need to retain. In 2014, data security became a much more prominent reason to implement an information governance program. Recent highly publicized leaks of sensitive company emails and other confidential corporate information in data breaches involving thefts of terabytes of company data have added urgency to the need to defensibly dispose of unneeded information. While in the past many companies may have merely considered implementing information governance procedures or made only marginal changes in their existing practices, we expect that in 2015 there will be much more attention paid to actually undertaking information governance programs. Technologies such as automated document classification and disposal (think predictive coding for information governance) will also increasingly play a role in such programs. What remains to be seen is courts’ reaction to the very short retention periods that some companies are implementing. As we reported in our Mid-Year Update, companies are also increasingly insourcing aspects of the e-discovery process that previously were handled by outside e-discovery vendors. One 2014 survey found that 90% of responding companies have internal teams, rather than an outside service provider, handle preservation and collection. See also Gareth Evans, Technology: Self-Collection is Not Always the Fox Guarding the Henhouse (Inside Counsel Dec. 27, 2013). Exceptions were noted for high-stakes matters where a third-party expert may need to testify on the defensibility of the collection process, matters where compliance with foreign data privacy regulations is an issue, and social media platforms and “bring your own device” environments involving more complex collection issues. Additionally, many companies are now handling data processing for e-discovery internally, which has been estimated to account for almost 20% of e-discovery costs. The availability of e-discovery software and storage through the cloud has also meant that more companies and law firms can handle internally some or all of the process that has traditionally been provided by outside e-discovery service providers. While many companies are finding that preservation and collection may be well-suited to be managed in-house, they continue to outsource other aspects of the e-discovery process. The same survey, for example, found that 83% of respondents outsource review and production. Respondents cited staffing and internal budget limitations–as well as the expertise of outside providers–among the reasons for the ongoing need to outsource. Back to Top Sanctions and Ethics in E-Discovery A series of opinions focusing on legal holds and the obligations of counsel in their implementation featured prominently in the e-discovery sanctions area in 2014. In Brown v. Tellermate Holdings, Ltd., No. 2:11-cv-1122, 2014 WL 2987051 (S.D. Ohio July 1, 2014), the court imposed evidence preclusion and monetary sanctions for the defendant’s failure to timely preserve and produce relevant ESI in an age discrimination case. In doing so, the court focused on the duty of counsel to examine critically the client’s representations about the existence and availability of responsive documents. The most significant failures the court found in Brown v. Tellermate related to a web-based application utilized by the defendant’s sales force, including the plaintiffs. See id. at *17-*20. When information from the application was requested, the defendant and its counsel asserted that the defendant was not in control of the data and could not produce it, which turned out to be untrue. Id. No steps had been taken to preserve the information based, at least in part, upon counsel’s “unfounded” and “mistaken” belief that a third-party service provider would preserve the data. See id. at *20. By the time counsel checked this assumption, the integrity of the data (which was ultimately produced) was in question because it had been subject to possible changes by the defendant’s sales force, which was still using the application. Id. The court stated that “[l]ike any litigation counsel, Tellermate’s counsel had an obligation to do more than issue a general directive to their client to preserve documents which may be relevant to the case. Rather, counsel had an affirmative obligation to speak to the key players at Tellermate so that counsel and client together could identify, preserve, and search the sources of discoverable information.” Id. The court held that in this case counsel fell “far short” of their obligation to “examine critically” the information that Tellermate gave them about the existence and availability of documents the plaintiffs requested. See id. at *1. The court stated that counsel “have a duty (perhaps even a heightened duty) to cooperate in the discovery process; to be transparent about what information exists, how it is maintained, and whether and how it can be retrieved; and, above all, to exercise sufficient diligence (even when venturing into unfamiliar territory like ESI) to ensure that all representations made to opposing parties and to the Court are truthful and are based upon a reasonable investigation of the facts.” Id. at *2. Similarly, in Procaps S.A. v. Patheon Inc., No. 12-civ-24356, 2014 WL 800468 (S.D. Fla. Feb. 28, 2014), in an opinion invoking the Paul Newman film Cool Hand Luke (“what we’ve got here is a failure to communicate”) and the band U2 (“but I still haven’t found what I’m looking for”), the court faulted plaintiff’s counsel in an antitrust suit for (i) failing to ensure that the plaintiff implemented a legal hold; (ii) failing to travel to Colombia (where the plaintiff is based) to meet with the plaintiff’s IT team or other executives to discuss how relevant ESI would be located; (iii) failing to retain an “ESI retrieval consultant” to help it implement a legal hold and to search for relevant ESI; and (iv) relying on the plaintiff’s own executives and employees to self-search for documents. See id. at *1-*2. The court ordered the plaintiff to retain an e-discovery vendor to conduct an extensive analysis of its data sources, make forensic images of sources where potentially relevant ESI was located, identify custodians whose files must be searched, interview the custodians, and use agreed-upon search terms to search the documents. Id. at *3 –*5. The court also imposed monetary sanctions, requiring that the plaintiff’s law firm be responsible for paying 50% of the sanctions.  Furthermore, the court expressly urged–though it did not require–that the plaintiffs’ law firm identify “which attorneys caused, or helped cause, this discovery failure and to determine whether those attorneys (rather than the firm itself) should pay all or some” of the monetary sanctions imposed upon the law firm. Id. at *6. In Knickerbocker v. Corinthian Colleges, 298 F.R.D. 670 (W.D. Wash. 2014), the court imposed monetary sanctions on the defendant and its counsel for a series of alleged failures, including (i) failure to issue a legal hold notice or to implement preservation procedures; (ii) reliance on employees to search for relevant documents and, compounding the problem, testimony from employees that they had not, in fact, been asked to search for relevant documents; (iii) allowing all of the plaintiff’s emails to be deleted from the defendant’s email server after commencement of the case pursuant to the company’s six-month retention period for emails; and (iv) counsel’s certification that all available sources had been searched despite the fact that the defendant had not searched its backup tapes.  Id. at 678-81. Based on the court’s finding that both the defendant and its counsel’s conduct constituted bad faith, the court imposed monetary sanctions on both. Id. at 681-82. There were other cases illustrating things that can go wrong in implementing legal holds.  See, e.g., Vincente v. City of Prescott, No. CV-11-08204, 2014 WL 3894131 (D. Ariz. Aug. 8, 2014) (defendant issued legal hold notices but (i) did not coordinate with IT department, which failed to suspend autodelete for email; and (ii) relied upon individual custodians for self-collection); Osberg v. Foot Locker, No. 07–cv–1358, 2014 WL 3767033 (S.D.N.Y. July 25, 2014) (court held that the defendant failed to implement a legal hold until three years after suit was originally filed–although the suit was dismissed and later re-filed during that time–and that defendant conducted “spring cleanings” that destroyed potentially relevant documents). With respect to the duties of counsel in handling e-discovery, the State Bar of California Standing Committee on Professional Responsibility and Conduct issued in 2014 its Formal Opinion Interim No. 11-0004 (ESI and Discovery Requests) for public comment. The interim opinion recognizes that while attorney competence related to litigation generally requires a basic understanding of and ability to handle issues relating to e-discovery, cases involving more complex e-discovery issues “may require a higher level of technical knowledge and ability[.]” See id. The interim formal opinion states that “[a]ttorneys handling e-discovery should have the requisite level of familiarity and skill to, among other things, be able to perform (either by themselves or in association with competent co-counsel or expert consultants) the following: (1) initially assess e-discovery needs and issues, if any; (2) implement appropriate ESI preservation procedures, including the obligation to advise a client of the legal requirement to take actions to preserve evidence, like electronic information, potentially relevant to the issues raised in the litigation; (3) analyze and understand a client’s ESI systems and storage; (4) identify custodians of relevant ESI; (5) perform appropriate searches; (6) collect responsive ESI in a manner that preserves the integrity of that ESI; (7) advise the client as to available options for collection and preservation of ESI; (8) engage in competent and meaningful meet and confer with opposing counsel concerning an e-discovery plan; and (9) produce responsive ESI in a recognized and appropriate manner. Id. According to the interim formal opinion, “[s]uch competency requirements may render an otherwise highly experienced attorney not competent to handle certain litigation matters involving ESI. An attorney lacking the required competence for the e-discovery issues in the case at issue has three options: (1) acquire sufficient learning and skill before performance is required; (2) associate with or consult technical consultants or competent counsel; or (3) decline the client representation. Lack of competence in e-discovery issues can also result, in certain circumstances, in ethical violations of an attorney’s duty of confidentiality, the duty of candor, and/or the ethical duty not to suppress evidence.” Id. Back to Top Text Messaging and Mobile Devices Emails have traditionally been the primary source of relevant communications and documents.  Increasingly, text messages and other data on mobile devices are becoming important and, not too surprisingly, the subject of sanctions decisions where a party has failed to preserve and collect relevant text messages. The United States Supreme Court’s landmark decision in Riley v. California, 134 S. Ct. 2473 (2014), highlighted both the importance of mobile devices such as smart phones as a source of potentially relevant information and the privacy interests that can be involved in discovery of the information from such devices. In Riley, the Court unanimously held that the Fourth Amendment generally requires law enforcement to obtain a warrant before reviewing digital information that is stored on a smart phone seized incident to arrest. Id., 134 S. Ct. at 2485, 2493. The Court observed that modern cellphones have the capacity to store “millions of pages of text, thousands of pictures or hundreds of videos” and thus “implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet, or a purse.”  See id. at 2478, 2488-89. The Court also stated that “it is no exaggeration to say that more than 90% of American adults who own a cellphone keep on their person a digital record of nearly every aspect of their lives.”  See id. at 2490. The Court further stated that a cellphone’s immense storage capacity “has several interrelated consequences for privacy. First, a cellphone collects in one place many distinct types of information–an address, a note, a prescription, a bank statement, a video–that reveal much more in combination than any isolated record. Second, a cell phone’s capacity allows even just one type of information to convey far more than previously possible.” Id. at 2478-79. The Court further recognized that “[a]lthough the data stored on a cell phone is distinguished from physical records by quantity alone, certain types of data are also qualitatively different.” Id. at 2490. The Court referred to Internet search and browsing history that may reveal an individual’s private interests and concerns, such as “symptoms of disease, coupled with frequent visits to WebMD.” Id. While Riley dealt with the requirement of a warrant for law enforcement to search smart phones, the privacy interests that the Court recognized will likely lead to challenges in civil litigation to broad requests for information off of such devices. See, e.g., Bakhit v. Safety Marking, Inc., 2014 WL 2916490 at *2 (D.Conn. Jun. 26, 2014) (citing Riley in denying motion to inspect the data stored on individual defendants’ cell phones). Now that mobile devices and the immense volumes of data they can store have become a feature of modern life, it is not surprising that data on such devices–in particular, text messages–have become the subject of sanctions decisions regarding alleged failures to preserve relevant information. In 2014, the Seventh Circuit upheld sanctions imposed in In Re Pradaxa (Dabigatran Etexilate) Prods. Liab. Litig., MDL No. 22385, 2013 WL 6486921 (S.D. Ill. Dec. 9, 2013), aff’d, 745 F.3d 216, 218 (7th Cir. 2014). In Pradaxa, the court held that the defendant had a duty to suspend an auto-delete function that operated on relevant text messages and imposed nearly $1 million in sanctions for having failed to do so on company-issued smart phones, among other things. The court found that the plaintiffs had expressly requested the text messages by including text messages in the boilerplate definition of “document,” but the defendants failed to halt the auto-programmed delete function for text messages once a litigation hold was in place. In Calderon v. Corporacion Puertorrique de Salud, 992 F. Supp. 2d 48, 52-53 (D.P.R. 2014), an employment discrimination case, the court held that an adverse inference instruction against the plaintiff was appropriate where the plaintiff had only selectively preserved relevant text messages between himself and a third-party. The court found that the plaintiff’s failure to preserve more than 38 text messages prejudiced the defendants by precluding a complete review of potentially relevant conversations and pictures sent via text messages. The court viewed the plaintiff’s actions as a “conscious abandonment of potentially useful evidence,” indicating that “he believed those records would not help his side of the case.”  Id. at 52. In Hosch v. BAE Systems Information Solutions, Inc., No. 1:13-cv-00825 (AJT/TCP), 2014 WL 1681694, at *2 (E.D. Va. Apr. 24, 2014), the district judge adopted the magistrate judge’s findings that the plaintiff had engaged in a series of intentional and bad faith discovery violations, including the permanent deletion of all text messages and voicemails, by wiping his iPhone just two days before turning it over to counsel. The court dismissed the plaintiff’s action with prejudice and awarded the defendant attorney’s fees and costs incurred in bringing motions to compel and a motion for sanctions. In Ewald v. Royal Norwegian Embassy,  No 11-cv-2116, 2014 WL 1309095 (D. Minn. Apr. 1, 2014), the court declined to impose spoliation sanctions against a defendant for failure to preserve the contents of a cell phone because the plaintiff failed to produce sufficient evidence of prejudice. Id. at *1. The plaintiff presented evidence relating to just one lost but potentially relevant text message, and the plaintiff had failed to pursue other avenues of discovery (e.g., deposition testimony) relating to that message or the existence of others. Id. at *2, *19. We expect that decisions involving the discoverability of and duty to preserve text messages and other information on smart phones and other mobile devices will increase in the future. The defensibility of using “disappearing text” messaging apps that automatically delete text messages either immediately after they are read or within a period of time set by the sender also likely will be an issue that courts are called upon to address. Back to Top Proportionality Limiting the scope of discovery based on proportionality interests has been a significant topic in e-discovery for several years, and 2014 was no exception. Several significant cases addressed proportionality in 2014. In Lord Abbett Municipal Income Fund, Inc. v. Asami, No. C–12–03694, 2014 WL 5477639 (N.D. Cal. Oct. 29, 2014), the court invoked proportionality in granting the plaintiff’s motion that it not be required to continue to preserve 159 computers where there was no basis from which to reasonably conclude that the computers contained relevant evidence. The court stated that Federal Rule of Civil Procedure 26(b)(2)(C)(iii) “sets forth a proportionality principle which requires courts to limit the frequency or extent of discovery where it determines that the ‘burden or expense of the proposed discovery outweighs its likely benefit, considering the needs of the case, the amount in controversy, the parties’ resources, the importance of the issues at stake in the action, and the importance of the discovery in resolving the issues.'” Id. at *3. Citing the Northern District of California’s Guidelines for the Discovery of Electronically Stored Information, the court further stated that “[t]his district recognizes that the proportionality principle applies to the duty to preserve potential sources of evidence.” Id. In United States v. Univ. of Nebraska at Kearney, No. 4:11-cv-3209, 2014 WL 4215381 (D. Neb. Aug. 25, 2014), the court denied a motion to compel production of documents in response to broad document requests. Even if it assumed that the requested documents might be relevant, the court stated that it must weigh the burden versus the benefit pursuant to Federal Rule of Civil Procedure 26(b)(2)(C)(iii). See id. at *5. The court found that the additional costs of the proposed discovery would “far outweigh” what could be gained from it. Id. It rejected the government’s proposed broad search terms, such as “document* w/25 policy,” as they would retrieve “thousands of documents that have no bearing on this case.” Id. at *6. Additionally, the court rejected the government’s proposal that the defendant produce documents without review subject to a claw back agreement on the grounds that the review was necessary to protect the privacy interests of the students who were the subjects of the documents. Id. In Kellogg Brown & Root Services, Inc. v. United States, 117 Fed. Cl. 1 (Jun. 26, 2014), an action against the federal government alleging breach of a contract to provide a broad range of support services for various Army operations in Iraq, the Court of Federal Claims granted a motion for protective order regarding a broad document request on proportionality grounds. The document request sought “all documents related to” the government’s creation, receipt, circulation, exchange, response to, or use of an Army officer’s presentation on substandard wiring conditions (the presentation had already been produced). Id. at 6-7. The court found that the request sought “potentially marginally relevant” information, yet would impose an enormous burden. Id. at 8. “This generic request–for ‘all documents’ having virtually any association or relation to the 2006 presentation–targets potentially massive quantities of material. The request fails to delineate any specific custodians by, inter alia, limiting the request to one or more individuals, or even specific government entities. Rather, the request encompasses all government entities, and all of their current and former employees who served at all levels of government (ministerial to senior executive). Moreover, the request lacks any temporal limitation and, thus, requires the government to search, and potentially produce, at least eight to ten years of files in order to capture materials related to the presentation’s initial creation in 2006 through to its present use.” Id. Additionally, the court stated that the request “would require the government to invade an overwhelming number of computers, email accounts, and paper files from both past and present government employees and would require the government to devote substantial time and resources to the review of the material for relevancy, privilege, and security.” Id. Citing the proportionality principle of Rule of Civil Procedure 26(b)(2)(C)(iii), the court granted the motion for a protective order with respect to the document request. Id. With the proposed amendments to the Federal Rules of Civil procedure moving proportionality from its current place as a potential limit on discovery in Rule 26(b)(2)(C)(iii) to the definition of the scope of discovery itself in Rule 26(b)(1), we can expect frequent litigation of proportionality issues in the future. Back to Top Social Media The number of cases focusing on the discovery of social media continued to skyrocket in the second half of 2014. Reflecting that the use of social media continues to proliferate in business and social contexts, courts and commentators alike have noted that discovery of social media is now routine. As reflected by the volume of reported decisions relating to social media, courts are still struggling to develop rules and protocols applicable to social media evidence, including whether special authentication rules should govern social media evidence, what threshold showing of relevance must be made before discovery of personal social media data should be allowed, and when the duty to preserve social media evidence arises. Bar associations have jumped into the fray to offer guidance to attorneys regarding the ethical duties implicated by preservation of clients’ social media evidence. As explained in our Mid-Year Update, courts have taken two basic approaches to the authentication of social media evidence, which the Delaware Supreme Court coined “the Maryland approach” and “the Texas approach.” Parker v. State, 85 A.3d 682, 684 (Del. 2014). Under the Maryland approach, there are three permissible methodologies for authenticating social media evidence:  “the testimony of the creator, documentation of the internet history or hard drive of the purported creator’s computer, or information obtained directly from the social networking site.” Id. at 683 (citing Griffin v. State, 19 A.3d 415 (Md. 2011)). Unless the proponent can “convince the trial judge that the social media post was not falsified or created by another user” via one of these methods, the evidence “will not be admitted and the jury cannot use it in their factual determination.” Id. Conversely, under the Texas approach, “a proponent can authenticate social media evidence using any type of evidence so long as he or she can demonstrate to the trial judge that a jury could reasonably find that the proffered evidence is authentic.” Id. (citing Tienda v. State, 358 S.W.3d 633 (Tex. Crim. App. 2012)). The Second Circuit recently considered the issue, noting that “[s]ome courts have suggested applying ‘greater scrutiny’ or particularized methods for the authentication of evidence derived from the Internet due to a ‘heightened possibility for manipulation.'” U.S. v. Vayner, 769 F.3d 125, 131 n.5 (2d Cir. 2014) (citing Griffin). The court went on to hold that, “[a]lthough we are skeptical that such scrutiny is required, we need not address the issue as the government’s proffered authentication in this case falls under Rule 901’s general authentication requirement.”  Id. In Vayner, the defendant was accused of transferring a false identification document. Id. at 127. The primary evidence submitted by the state was testimony from a witness who said he had received the document from defendant via a particular email address, and a profile page from a Russian social networking site (VK.com), which included a variation of defendant’s name, a photo of defendant, two places of employment where defendant had allegedly worked in the past, and a skype moniker that matched the moniker contained in the email address alleged to have been used to transfer the false document. Id. at 127-28. The district court found the document to be authentic, noting “The information on there, I think it’s fair to assume, is information which was provided by [the defendant],” and “There’s no question about the authenticity of th[e] document so far as it’s coming off the Internet now.” Id. at 128. A Special Agent with the State Department’s Diplomatic Security Service then testified regarding the content of the profile page, admitting on cross-examination he only had “cursory familiarity” with VK.com and did not know whether any identity verification was required in order for a user to create an account. Id. at 128-29. The Second Circuit reversed, finding the district court abused its discretion in admitting the social networking profile page “because the government presented insufficient evidence that the page was what the government claimed it to be–that is, [defendant’s] profile page, as opposed to a profile page on the Internet that [defendant] did not create or control.” Id. at 127. The court compared the profile page to “a flyer found on the street that contained [defendant’s] Skype address and was purportedly written or authorized by him,” and reasoned “the district court surely would have required some evidence that the flyer did, in fact, emanate from [defendant].” Id. at 132. The court vacated the conviction and remanded the case for a new trial, finding the error not to be harmless. Id. at 134. Because the court “express[ed] no view on what kind of evidence would have been sufficient to authenticate” the profile page, it is unclear whether in application the court would require the high bar of the Maryland approach, the lower bar of the Texas approach, or something in between. Id. at 133. The Vayner decision follows a general trend wherein courts have found the testimony of the individual who printed the webpage in question to be insufficient to authenticate social media evidence. See, e.g., Moroccanoil, Inc. v. Marc Anthony Cosmetics, Inc., — F.Supp.3d —-, No. CV 13–2747 DMG (AGRx), 2014 WL 5786253, at *7 n.5 (C.D. Cal. Sept. 16, 2014) (“Defendant’s argument, that [Facebook screenshots] could be ‘authenticated’ by the person who went to the website and printed out the home page, is unavailing. It is now well recognized that ‘Anyone can put anything on the internet.’ [citations omitted] No website is monitored for accuracy.”) Courts continue to hold that “the fact that the information [sought] is in an electronic file as opposed to a file cabinet does not give [the party seeking discovery] the right to rummage through the entire file.”  Del Gallo v. City of New York, 43 Misc.3d 1235(A), at *6 (N.Y. Sup. Ct. 2014) (internal citations and quotations omitted). As with more traditional forms of evidence, the party seeking discovery “must establish a factual predicate for their request by identifying relevant information in [the social media] account — that is, information that contradicts or conflicts with plaintiff’s alleged restrictions, disabilities, and losses, and other claims.” Id. at *3. (internal citations and quotations omitted). Absent such a showing, “granting carte blanche discovery of every litigant’s social media records is tantamount to a costly, time consuming fishing expedition.” Id. at *5. (internal citations and quotations omitted) In DelGallo, defendants argued that because plaintiff claimed to be “totally disabled” as a result of the accident in question, they were entitled to access all of plaintiff’s social media sites to learn about plaintiff’s post-accident condition and her self-assessment of the extent of her injuries. Id. at *7-8. The court ordered plaintiff to produce information from her LinkedIn account related to job offers, inquiries, and searches because such information was relevant to damages, but denied defendant’s request to access any other social media information based on “the mere hope of finding relevant evidence.” Id. Other courts have similarly denied discovery of the entirety of social media accounts because of an insufficient threshold showing of relevancy to the claims at issue. See, e.g., Finkle v. Howard County, Md., 2014 WL 6835628, at *1-2 (D. Md. Dec. 02, 2014) (Gallagher, Mag. J.) (denying as “overly broad” and “not reasonably calculated to lead to the discovery of admissible evidence” plaintiff’s requests for all personal email and social networking account information for nonparty employees involved in alleged discrimination); Doe v. Rutherford County, Tenn., Bd. of Educ., No. 3:13–0328, 2014 WL , at *1-3 (M.D. Tenn. August 18, 2014) (Bryant, Mag. J.) (granting defendant social media discovery from certain plaintiffs whose public social networking profiles included relevant information, but denying social media discovery from other plaintiffs for which there was no predicate showing); Stonebarger v. Union Pac. Corp., No. 13–cv–2137–JAR–TJJ., 2014 WL 2986892, at *2-5 (D. Kan. July 2, 2014) (James, Mag. J.) (denying defendant’s request for blanket access to plaintiff’s social networking profiles, but “allowing defendant to discover information relevant to plaintiff’s emotional state (which plaintiff put at issue),” which protected “plaintiff from a fishing expedition”); Smith v. Hillshire Brands, No. 13–2605–CM, 2014 WL 2804188, at *3-6 (D. Kan. June 20, 2014) (O’Hara, Mag. J.) (“allow[ing] defendant to discover not the contents of plaintiff’s entire social networking activity, but any content that reveals plaintiff’s emotions or mental state, or content that refers to events that could reasonably be expected to produce in plaintiff a significant emotion or mental state”). A continuing theme in 2014 was the extent to which parties have an obligation to preserve social media during litigation, and whether the modification of social media constitutes sanctionable spoliation. Because social media is dynamic, account holders may delete information from their page or cancel their account altogether, without realizing that the information could be relevant to an anticipated or pending matter. In determining whether to award sanctions for spoliation of social media, courts have focused on whether it was reasonably foreseeable that the information would be sought in discovery, and whether the users had a duty to preserve their account at the time the evidence was deleted. In Keller v. Keller, the court found that because its order to preserve all electronically stored information (ESI) did not specifically include social media information, the plaintiff’s changes to her Facebook page were not a willful violation of the order, reasoning, “Although the defendant’s motion included social media specifically, the court’s order did not. It is possible to successfully argue that a social media account such as Facebook is a form of ESI, but it would not rise to the unambiguous level of understanding necessary to make a finding of contempt for a violation of such an order.” No. MMXFA114014330S, 2014 WL 4056926, at *8-9 (Conn. Super. Ct. July 9, 2014). The court found that changes plaintiff made to her Facebook account after the discovery special master entered an order to preserve ESI and specially extended it to include social media sites, however, were “willful contempt of a clear and unambiguous order.” Id. at *8. See also Painter v. Atwood, No. 2:12–CV–1215 JCM (NJK), 2014 WL 3611636, at *2 (D. Nev. July 21, 2014) (upholding magistrate judge’s finding of spoliation sanctions against plaintiff who deleted social media posts and text messages that defendant argued contradicted her sexual harassment claims). Additionally, the ethics committees of various bar organizations have begun to weigh in on the duty of attorneys to advise their clients regarding the preservation of social media. In July, the Philadelphia Bar Association issued an opinion that indicated an attorney may instruct a client to delete damaging information from a social media account, but must also “take appropriate action to preserve the information in the event it should prove to be relevant and discoverable.”  Philadelphia Bar Ass’n Prof’l Guidance Comm., Op. 2014-5 (July 14, 2014). Also in July, the North Carolina State Bar issued Formal Ethics Opinion 5, which found a lawyer “may advise a client to remove information on social media if not spoliation or otherwise illegal.” See North Carolina State Bar 2014 Formal Ethics Op. 5, July 25, 2014. In September, the Pennsylvania Bar Association followed suit, issuing Formal Opinion 2014-13, which allows an attorney to advise a client to take down damaging material from social media, subject to spoliation concerns. Pennsylvania Bar Ass’n Formal Op. 2014-13. See also New York County Lawyers Ass’n Ethics Op. 745 (2013) (“Provided that such removal does not violate the substantive law regarding destruction or spoliation of evidence, there is no ethical bar to ‘taking down’ such material from social media publications, or prohibiting a client’s attorney from advising the client to do so, particularly inasmuch as the substance of the posting is generally preserved in cyberspace or on the user’s computer.”). Back to Top Federal Rule Amendments After a drawn-out process that began in 2010, the proposed e-discovery amendments to the Federal Rules of Civil Procedure took a major step in 2014 towards actual enactment. Following the closure of a several-month public comment period, the Judicial Conference of the United States, the federal judiciary’s policymaking body, approved a final set of proposed rule amendments on September 16, 2014. Nevertheless, we still won’t see any of the proposed rule amendments taking effect until nearly the end of 2015. The United States Supreme Court must approve the proposed amendments and then, barring Congressional intervention, they will take effect on December 1, 2015. The affected rules include Rules 1, 4, 16, 26, 30, 31, 33, 34 and 37(e).  Of particular note, the Judicial Conference in its last iteration of the proposed amendments dropped proposed limits on the number of document requests, interrogatories and requests for admission. It also substantially changed the proposed sanctions rule for failures to preserve relevant information. The following is a summary of the key proposed amendments affecting e-discovery. Back to Top Cooperation (Rule 1) The proposed amendment to Rule 1 was originally crafted to require cooperation among the parties, but that language was dropped relatively early on out of concerns that it would only spawn tangential disputes regarding whether parties were being sufficiently cooperative. In its final proposed form, the language of Rule 1 would be altered to provide that the rules of civil procedure would not only be “construed and administered” (the current language) but also “employed by the court and the parties” to secure the just, speedy, and inexpensive determination of every action and proceeding. The concept of cooperation still made it into the Committee Note that accompanies the proposed amendment, which states that “effective advocacy is consistent with – and indeed depends upon – cooperative and proportional use of procedure.” Back to Top Proportionality and the Scope of Discovery (Rule 26(b)(1)) The proportionality factors currently listed in Rule 26(b)(2)(C)(iii) would be moved, with certain modifications, to the scope of discovery provision of Rule 26(b)(1). As amended, Rule 26(b)(1) would permit a party to obtain discovery regarding any non-privileged matter that is relevant to any party’s claim or defense “and proportional to the needs of the case, considering the importance of the issues at stake in the action, the amount in controversy, the parties’ relative access to relevant information, the parties’ resources, the importance of the discovery in resolving the issues, and whether the burden or expense of the proposed discovery outweighs its likely benefit.” Moving the language from a provision providing a limitation on the scope of discovery to the definition of the scope of discovery itself is viewed as a means of strengthening proportionality in discovery. The amendments also would remove from current Rule 26(b)(1) the language that relevant information need not be admissible at trial if it is reasonably calculated to lead to  the discovery of admissible evidence. According to the Committee Note, that language “has been used by some, incorrectly, to define the scope of discovery.” Back to Top Proposed Limits on Discovery Methods Withdrawn (Rules 30, 31, 33 and 36) Previously proposed presumptive limits on the number of depositions (from the current 10 to 5), interrogatories (from the current 25 to 15), and requests for admission (from no current limit to 25 (except for authentication of documents)) have been withdrawn by the Judicial Conference and are no longer part of the rules amendment package. Back to Top Objections to Document Requests (Rule 34) The proposed amendment to Rule 34 requires that objections to document requests must be “state[d] with specificity” and also requires that the responding party state in its written responses “whether any responsive materials are being withheld on the basis of [an] objection.” According to the Committee Note, this requirement “should end the confusion that frequently arises when a producing party states several objections and still produces information, leaving the requesting party uncertain whether any relevant and responsive information has been withheld on the basis of the objections.” The Committee Note clarifies that the responding party is not required to “provide a detailed description or log of all documents withheld.” Rather, it states that the responding party must “alert other parties to the fact that documents have been withheld and thereby facilitate an informed discussion.” It further provides that an objection “that states the limits that have controlled the search for responsive and relevant materials qualifies as a statement that the materials have been ‘withheld.'” Back to Top Sanctions for Failure to Preserve ESI (Rule 37(e)) The Judicial Conference substantially revised its proposed amendment to Rule 37(e) following widespread criticism of aspects of the prior proposed amendment. The proposed amendment in its latest iteration would replace the current language of Rule 37(e) with a rule would permit a court to impose curative measures or sanctions if ESI that should have been preserved “is lost because a party failed to take reasonable steps to preserve it, and it cannot be restored or replaced through additional discovery[.]” The proposed sanctions rule consists of several important elements:  (1) For curative measures or sanctions to be imposed, a party must have failed to have taken reasonable steps to preserve the lost information. (2) Curative measures or sanctions can only be imposed if the lost information cannot be restored or replaced through additional discovery. (3) A court may order curative measures only “upon finding prejudice to another party from the loss of the information.” (4) The proposed rule contains an explicit proportionality requirement–i.e., the measures ordered must be “no greater than necessary to cure the prejudice.” (5) the most severe sanctions–evidentiary estoppel, an adverse inference instruction, or case terminating sanctions–may be ordered “only upon a finding that the party acted with intent to deprive another party of the information’s use in the litigation.” The Civil Rules Advisory Committee of the Judicial Conference intended the proposed amendment to Rule 37(e) to resolve a circuit split regarding when these most severe of sanctions are appropriate, as it allows imposition of the most severe sanctions only when a party acts intentionally. See Report of the Advisory Committee on Civil Rules, at 50. C.f. Residential Funding Corp. v. DeGeorge Financial Corp., 306 F.3d 99 (2d Cir. 2002) (permitting severe sanctions for negligent conduct in the Second Circuit). The Civil Rules Advisory Committee endorsed the higher standard for sanctions because it believed that the negligence standard often goes beyond restoring the evidentiary balance in a case, it can be too harsh considering the ease with which ESI is lost, and can lead to costly over-preservation. Given the December 1, 2015 effective date for the proposed rule amendments, we likely will not know until at least mid-2016 (or later) whether the amendment to Rule 37(e) appears to be fulfilling these goals in practice and can bring more fairness to the e-discovery sanctions area. In other words, don’t expect amended Rule 37(e) to have a significant impact any time soon. Back to Top Conclusion The developments discussed above demonstrate, in our view, that 2014 was indeed “the year of technology” in e-discovery. While new technologies help create solutions to long-standing challenges, they also create new complexities–such as the proliferation of data sources, the ubiquitous use of mobile devices and applications that run on them (in particular, text messaging), and determining what technologies to use and how to use them in search and review. Obtaining advice from counsel and technical personnel who are well versed in e-discovery technologies and the legal and practical issues associated with them is more important than ever. Gibson Dunn will continue to track the latest developments and trends. Please look for our updates and our attorneys’ articles, and for our 2015 Mid-Year E-Discovery Update, which will be published early in the third quarter of 2015. Back to Top        Gibson Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. The Electronic Discovery and Information Law Practice Group brings together lawyers with extensive knowledge of electronic discovery and information law. The group is comprised of seasoned litigators with a breadth of experience who have assisted clients in various industries and in jurisdictions around the world. The group’s lawyers work closely with the firm’s technical specialists to provide cutting-edge legal advice and guidance in this complex and evolving area of law. For further information, please contact the Gibson Dunn lawyer with whom you usually work or the following Co-Chairs of the Electronic Discovery and Information Law Practice Group: Gareth T. Evans – Orange County (949-451-4330, gevans@gibsondunn.com) Jennifer H. Rearden – New York (212-351-4057, jrearden@gibsondunn.com)   © 2015 Gibson, Dunn & Crutcher LLP   Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 23, 2015 |
2014 Year-End French Law Update

The Paris office of Gibson Dunn is pleased to provide this legal and regulatory update covering France for the second semester of 2014. In this article, we aim at giving you a brief overview of some major legal changes which occurred in the second part of 2014. Some entail future developments that both French companies and potential investors in France should take into account with respect to their French operations in the coming months. Please note that French legal concepts are translated into English for information only and not as legal advice. The concepts expressed in English may not exactly reflect or correspond to similar concepts existing under the laws of the jurisdictions of the readers. _______________________ Table of Contents 1….. Corporate, M&A, Private Equity 2….. Capital Markets 3….. Tax 4….. Real Estate 5….. Labor and Employment 6….. Consumer Law 7….. Data Protection 8…. Insurance 9….. Public Law 10… Competition Law _______________________ 1.                   Corporate, M&A, Private Equity 1.1                Corporate, M&A, Private Equity — Valuation of Equity Shares by an Expert: Revision of Article 1843-4 of the French Civil Code The French government has been empowered by the law n°2014-1 dated January 2, 2014 to simplify and secure the life of businesses and, notably, to amend, by way of order, the text of Article 1843-4 of the French Civil Code. Pursuant to this Article, in its previous version, in all cases where there is a provision for equity shares to be transferred or purchased by the company, the value of such shares is determined, in case of dispute, by an expert appointed by the parties or, in case of failure by the parties to reach an agreement, by order issued by the president of the tribunal. The purpose of the order n°2014-863 dated July 31, 2014 (the "Order"), by modifying the text of Article 1843-4, was to restore legal certainty which had been shaken by a series of decisions rendered by the French supreme court (Cour de cassation) since December 2007. Indeed, in the name of protecting seller against purchaser, the Cour de cassation had considerably extended the scope of this provision, considering (i) that this article should apply in hypotheses where a price had already been agreed upon between the parties and (ii) that it should also apply in cases where the sale of shares originated in an agreement, i.e., was not provided for by the law or the company’s by-laws (put-option, shareholders’ agreement). The Cour de cassation had also ruled that the expert was not bound, in performing his duties to assess the value of the company, by the directions agreed upon by the parties. A majority of practitioners and scholars had criticized this case law, mainly because of the harm done to legal certainty with respect to sales and purchases of shares, and to contractual freedom. The Cour de cassation seemed to have heard these critics since it had itself operated an overturn of its case law a few months prior to the issuance of the Order, considering that the provisions of Article 1843-4 of the French Civil Code, the purpose of which is to protect sellers’ interests, should not apply to transfers of equity shares resulting from the exercise of a freely-agreed put-option. The Order therefore amended the text of Article 1843-4 as follows: "I. In all cases where the law refers to this article for the determination of the pricing conditions applicable to the sale by a shareholder of equity shares or to the purchase of such shares by the company, the value of these shares is determined, in case of dispute, by an expert appointed by the parties or, in case of failure by the parties to reach an agreement, by order issued by the president of the tribunal […]. The expert is required to apply, whenever they exist, the rules and conditions applicable to the assessment of the value provided for in the by-laws of the company or in any other agreement by which the parties are bound. II. In all cases where the by-laws provide for the sale by a shareholder of equity shares or for the purchase of such shares by the company without their value being determined or determinable, this value is established, in case of dispute, by an expert appointed under the conditions set forth in the first paragraph. The expert is required to apply, whenever they exist, the rules and conditions applicable to the assessment of the value provided for in any agreement by which the parties are bound." The limited scope of the new Article 1843-4 of the French Civil Code The expert evaluation is now mandatory only (i) in all cases where the law refers to Article 1843-4 for the determination of the pricing conditions of a sale by a shareholder of its shares, or of a purchase by the company of such shares (e.g., for simplified joint stock companies — sociétés par actions simplifiées –, in case of purchase by the shareholders or the company of the shares of another shareholder, following a refusal to approve the sale by such shareholder of his shares, when such approval is required, or in case of exclusion of a shareholder pursuant to a provision of the by-laws) or (ii) if the by-laws of the company provide for the sale by a shareholder of its shares or for the purchase by the company of such shares, without their value being determined or determinable. In both cases, the existence of a dispute is a condition for the applicability of Article 1843-4. The new version of this article therefore excludes the automatic recourse to expert valuation with respect to all other hypotheses of sale or purchase of shares, notably those made pursuant to an extra-statutory act, such as a shareholders’ agreement or an infra-statutory act, such as internal rules. An expert with restricted powers The expert is now required to take into account, whenever such provisions exist, the rules and conditions applicable to the determination of the value of the shares provided for (i) in the by-laws of the company or in any other agreement by which the parties are bound for sales and purchases which are required by the law (Article 1843-4 I.) or (ii) in any agreement by which the parties are bound for sales and purchases provided for in the by-laws (Article 1843-4 II.). The expert will only recover his freedom for assessing the value of the shares to be transferred in the absence of a statutory or extra-statutory provision relating to the determination of the price or if such provision is not sufficient to make such determination. A reform welcomed by the business community which however leaves some questions unresolved The new wording of the text, while having the merit of restoring legal certainty and their binding force to shareholders’ agreements, gives rise to academic questions and criticisms have been made by scholars. Notably, some scholars regret that the new version of Article 1843-4 of the French Civil Code may not apply to transfers provided for by an agreement entered into between the parties (other than the by-laws). In this regard, the question as to whether the parties may choose to refer to Article 1843-4 rather than to other provisions of the French Civil Code (Article 1592 of the French Civil Code), in an agreement relating to shares in order to solve any dispute relating to pricing conditions of a transfer, is under debate. However, it is difficult to understand how the new wording of Article 1843-4 would prohibit such option. Finally, the question of the immediate enforceability of the new version of Article 1843-4 of the French Civil Code to by-laws and extra-statutory agreements drafted prior to its coming into force is discussed. Indeed, pursuant to the general rules of contract law, contracts shall be governed by the law which was in force at the time of their conclusion. Even though a majority of commentators consider that this general principle should apply and that the new version of Article 1843-4 of the French Civil Code should only apply to by-laws and shareholders’ agreements entered into after its entry into force, i.e., after August 3, 2014, the question remains open. The text of Article 1843-4, even in its new version, can thus be expected to remain a subject of debate and discussions. Back to Top 1.2               Corporate, M&A, Private Equity — Introduction of a Legal Framework for Crowdfunding The development of crowdfunding during the last decade as a new source of financing for entrepreneurs and start-ups has led to a need for regulation able to protect stakeholders and especially investors. The US acted first and promulgated the Jumpstart Our Business Startups (JOBS) Act of April 5, 2012. In Europe, the UK has a leading position but has not legislated yet. The European Commission has set up several meetings with Member States to prepare the upcoming regulation within the European Union. French regulation on crowdfunding originates from the Statute n°2014-1 of January 2, 2014 capacitating the Government to simplify and secure corporate life. On this basis, the Order n° 2014-559 of May 30, 2014 (the « Order ») amended the French Monetary and Financial Code to create a protective legal framework. The text came into force on October 1, 2014. This new source of financing was widely expected among French authorities and economic actors, at a time when companies, particularly small ones, have difficulty finding funding. In 2013, about 40 French crowdfunding platforms raised approximately EUR 78 million. This amount is still quite low but has tripled compared to 2012. In addition, more than EUR 65 million has already been invested during the first semester of 2014. Most provisions of the Order relate to professionals that organize financing transactions (i.e. the crowdfunding platforms), which are subject to two different regimes depending on the type of financing instruments used. Crowdfunding through securities issues This type of crowdfunding is monitored by the French financial markets authority (Autorité des marchés financiers, hereafter, the "AMF"). It has four main characteristics: The amount of the transaction is subject to an annual limitation of EUR 1 million (which can be reached in one or more issues). Securities issues shall be implemented through an Internet website that meets the requirements defined by the AMF. In particular, access to the offers shall be gradual and reserved to potential investors: prior to making any investment and even getting access to detailed information on proposed investments, the investors shall first acknowledge the high risks involved therein and, then, provide information on their knowledge and experience in the investment field, their financial situation and objectives in order to be subject to a suitability test. In addition, the website is required to offer more than one project. Such securities issues do not constitute securities public offerings under French law, which means that no prospectus is required. However, the issuer shall provide some information, such as a description of its activity and project, its financial statements or its shareholding structure, which shall be published on the Internet website. Securities issues shall be carried out through a regular investment services provider (prestataire de services d’investissement) or a crowdfunding advisor (conseiller en investissement participatif). If the intermediary is an investment services provider, any unlisted securities may be included in the issuance, whereas only ordinary shares and fixed-rate bonds are allowed if it is a crowdfunding advisor. The crowdfunding advisor status was created by the Order. It must be a legal entity that provides investment advice as a nearly exclusive activity. Furthermore, it must be registered with a specific authority called ORIAS and its managers shall meet proficiency and worthiness requirements. This status also generates several obligations in terms of organization, information, reliability and good behavior. If the financing recipient is a société par actions simplifiée (for which securities offerings are very limited), its articles of association shall be modified to comply with the rules applicable to a société anonyme related to voting rights and shareholders general meetings. It shall also inform the investors on financial rights granted to shareholders and, as the case may be, on any temporary lock-up or exclusion provisions included in the by-laws. Crowdfunding through loans or donations This type of crowdfunding is monitored by the Autorité de contrôle prudentiel et de résolution (ACPR) (the French authority supervising banks and insurance companies). The Order distinguishes between 3 categories of financing recipients: Legal entities: they can benefit from donations, interest-free loans or interest-bearing loans (and irrespective of the quality of the lender). Individuals acting as professionals: they can benefit from donations, interest-free loans or interest-bearing loans, provided that interest-bearing loans can only be granted by non-professional individuals. Non-professional individuals: they can only benefit from donations or interest-free loans provided that interest-free loans can only be granted by non-professional lenders. Donations have no maximum amount and no detailed regulation, whereas loans are subject to several limitations: (i) the maximum amount of loans per project is EUR 1 million; (ii) each lender may lend up to EUR 1,000 per project in the case of an interest-bearing loan and EUR 4,000 per project in the case of an interest-free loan; (iii) the interest rate shall be fixed and cannot exceed the usury rate; and (iv) the loan agreement shall be written and its term cannot exceed 7 years. Transactions shall be completed through crowdfunding intermediaries (intermédiaires en financement participatif)[1]. This new status was also created by the Order. They must be legal entities, whose activity is to put financing recipients in contact with potential donors or lenders through an Internet website. Like crowdfunding advisors, they must be registered with the ORIAS, their managers shall meet proficiency and worthiness requirements and they have obligations in terms of organization, information, reliability and good behavior. Crowdfunding intermediaries are subject to information and warning obligations similar to those applicable to crowdfunding advisors, but do not have to assess the personal situation of clients. This difference can be explained by the fact that the role of crowdfunding intermediaries is different from crowdfunding advisors’ since the former only bring into contact potential investors and project owners whereas the latter make customized recommendations to potential investors. The future will tell us whether this new regulation on crowdfunding provides an adequate framework capable of supporting the growth of a promising sector but also able to secure investors and project owners. Back to Top 1.3               Corporate, M&A, Private Equity —Impacts on M&A Practice of the Law Aimed at Promoting the Social Economy, dated July 31, 2014. The recent law n°2014-586 aimed at promoting the social economy (also known as "Loi Hamon") dated July 31, 2014 (the "Statute") contains a chapter devoted to the information of the employees, which notably impacts the rules governing the confidentiality and the timeline of any M&A transactions in France. These provisions, which were further detailed by a decree n°2014-1254 dated October 28, 2014 (the "Decree"), entered into force on November 1, 2014 and therefore apply to transactions concluded on or after such date. Two information devices aiming at promoting employee buy-out The Statute created two information obligations to be complied with by SMEs (i.e. companies which employ fewer than 250 persons and which have an annual turnover not exceeding EUR 50 million, and/or a balance sheet total not exceeding EUR 43 million). On the one hand, the employer has the obligation to inform its staff every three years about the possibility of employee takeovers. On the other hand, SME employees must be informed in case of (i) sale of the business or (ii) sale of more than 50% of the shares of a limited liability company (SARL) or transfer of shares or securities giving access to more than 50% of the equity interests in a stock company (société par actions) (all together, a "Sale"). The first obligation of information (vocational training relating to employee buy-out) is common to all SMEs and the Decree details the content of this obligation (information shall address notably the legal conditions of employee buy-outs, the benefits and challenges thereof and an overview of help features available to employees). The second mechanism (information obligation prior to Sales) is subject to different procedures, notably as to timing, depending on whether the company has a works council (comité d’entreprise) or not (i.e., mainly, whether it employs more than 49 employees or less than 50). Uncertainties surrounding the scope of the obligation The Statute clearly excludes certain transactions from the scope of the new information obligation: family transmissions and companies going through insolvency proceedings. On the other hand, a number of criticisms have been made by the business and legal community right after the publication of the Statute because of the generality of its terms and the lack of clarity resulting therefrom. Some uncertainties were clarified by the Decree and the practical guide issued by the Ministry of Economy in October 2014 (the "Practical Guide"), but some questions still remain outstanding. In addition, certain clarifications provided for in the Practical Guide have since been contested by the French legal community. As an example, while the Statute refers to "sales" of a business or of equity interests representing or giving access to more than 50% of the share capital of a company, the Practical Guide indicates that the information obligation would also apply to donations or share contributions (with the sole exception of any transaction resulting in a universal transfer of assets to another entity, such as mergers, spin-offs, or partial transfers of assets under the legal regime of spin-offs). On the other hand, no exception is provided for in respect of private reorganizations completed within a group. Therefore, if an intra-group reorganization takes the form of a sale or of a contribution in kind of more than 50% of the equity interests of a given company qualifying as an SME, the new information obligation would apply, even though the proposed transaction would not modify the ultimate control of such company and therefore has no chance to result in an employee buy-out. The practical solution that could be used by companies to avoid implementing this information obligation in the context of intra-group transactions could be to organize their reorganizations in several stages. In fact, the Practical Guide states that the progressive sale of minority stakes would not fall within the scope of the Statute. Another uncertainty of the Statute is whether the new information obligation would apply to holding companies that do not have any employee. The first interpretation, in line with the very text of the Statute, would be that the employer would thus be relieved from its information obligation. According to another interpretation, taking also into account the spirit of this new device, such holding companies should be treated as transparent for the purpose of implementing this information obligation and the employer should thus inform employees of its subsidiaries in order to comply with the Statute. The severe legal consequences of a breach of this information obligation will probably lead companies to choose the second — more conservative — interpretation. Content of the information to be delivered to employees The Statute is silent on this question. Likely having in mind the confidentiality issues that would have been raised by the communication of business information (such as financial and strategic information, information on outstanding litigations, etc.) to all of the employees, the Practical Guide limits the scope of the information to be provided to two elements: (1) the circumstance that a Sale is contemplated and (2) the fact that the employees may, at their option, make a purchase offer. Given that employees are only bound by a duty of discretion that would not be sufficient to protect any sensitive information that would be communicated by the employer (notably due to the difficulty in proving a breach of their discretion obligation by the employees), it was probably wise to limit the scope of the information to be delivered to employees. However, this will necessarily have a serious impact on the efficiency of the new device. Indeed, how can one imagine that employees will study the possibility to take over their company without any information on its assets, liabilities, its financial situation and its perspectives? Timing and procedures for informing the employees In companies where a works council (comité d’entreprise) has not been established, the information must be given to each and every employee no later than two months before the Sale, which is defined as the date of the transfer of ownership. In SMEs which employ more than 49 persons, no specific delay is provided for, because the procedure relies on the existing obligations under French labor law, to inform and consult the works council (comité d’entreprise) prior to entering into corporate transactions. All employees shall be informed, at the latest, when the matter is put to the works council (comité d’entreprise) for its opinion in accordance with French labor law.  The Decree details the various forms that the information obligation may take: (i) information meeting with a signed presence sheet, (ii) information displayed on a board with a signed list, (iii) registered letter with acknowledgment of receipt or (iv) e-mail with acknowledgment of receipt, (v) letter handed directly with mandatory signature, (vi) extrajudicial document (writ served by a court bailiff or process-server) or (vii) any other means certifying the date of receipt. The Practical Guide specifies that in case of reluctance of employees (e.g. refusal to acknowledge receipt of registered letters or of letters handed over), the employer will have to use alternative means of delivery with unquestionable date of receipt. This means that the employer will have to use writs served by bailiff, which can be complex and very costly in case of collective opposition or dispute. A harsh penalty heavily criticized Failure to comply with these obligations may lead for the Sale to be considered as null and void. Hopefully, this sanction is facultative and it will be up to the judge to decide whether the nullity of the Sale would be an adequate penalty. However, the obligation of information and its sanction are still strongly criticized by SMEs’ owners and M&A practitioners who are fiercely lobbying in order to get them repealed. In this regard, several Parliament members tabled such an amendment in front of the Senate but it was rejected after failing to get the Government’s support. A parliamentary commission has since been created in order to clarify some parts of the Statute and eventually discuss this controversial sanction in the course of 2015. To conclude, French legislation already provides that in companies that have a works council (comité d’entreprise) (i.e. employees which employ 50 employees or more), the latter must be informed and consulted on transactions prior to their conclusion. For these companies, the new device created by the Loi Hamon, even though its purpose is different, appears redundant and excessively burdensome. More importantly, the new information obligation will probably be ineffective in light of the specific skills and the experience necessary to manage a company employing 50 to 250 persons. Therefore, the main innovation of the Statute is probably to create a similar obligation in small enterprises comprising less than 50 employees. Because the likelihood of an employee buy-out is certainly higher in such small companies than in bigger ones counting up to 250 employees, a possible path to reduce the pressure on this new device coming from the business community but to maintain it may be to limit its scope to companies which employ less than 50 employees. Only time will tell whether the French Government will maintain its position or not. Back to Top 1.4               Corporate, M&A, Private Equity — The French Law Proposal on the Protection of Trade Secrecy and its Potential Impact on the Enforceability of the French Blocking Statute The development of companies nationally and abroad increases the need to protect confidential information and promote an economically efficient competition. In this context, the French government recently showed its determination to improve the protection granted by French law to business secrecy in France and abroad. Following an initial bill introduced in November 2011 and abandoned in 2012 (probably due to the timetable for the latest French presidential elections) and ahead of the European Commission[2], a new law proposal to protect confidential business information and deal with infringements of trade secrets was introduced by the French Assemblée Nationale on July 16, 2014 (the "Proposal"). The French legislator intends to create a legal framework to prevent, deter and punish the unfair use of trade information that could affect French competition and innovation. The main innovations of the Proposal are to provide for a uniform definition of trade secrecy and a wide range of civil measures aiming at enabling the judge to guarantee the protection of trade secrecy. More conventionally, the Proposal still contains criminal penalties sanctioning the unlawful use of trade secrecy. Proposed definition of trade secrets According to the Proposal, a trade secret is information that: does not have a public character, in the sense that it is not, as a body or in the assembly of its components, generally known among or readily accessible to a person acting in a circle or field of activity that normally deals with the kind of information in question, is an integral part of the scientific and technical potential, strategic positions, commercial and financial interests or competitive ability of its holder and therefore has an economic value, and has been subject to reasonable steps, under the circumstances and given its economic value, to keep it secret. These three cumulative criteria are patterned on those set forth for the protection of undisclosed information in the TRIPS Agreement annexed to the Marrakesh Agreement Establishing the World Trade Organization dated April 15, 1994. The protection afforded by the Proposal would not be absolute: the secret would be protected provided that it has an economic value. In other words, the secret must procure a competitive advantage to its holder. However, without any formal delimitation of the protected information, enterprises will be free to define the scope of the protection, which may lead to difficulties of implementation. A coherent corpus of civil-law and criminal-law measures of protection of trade secrets Proposal’s second major novelty is to adopt a civil approach and not only a criminal one, by introducing a principle of civil liability (referring to common French civil liability law) of anyone who would not only misappropriate trade secret information but also use or communicate to third parties any trade secret information (even if legally obtained). Using this same line, the Proposal grants considerable powers to the judge. It intends to establish civil seizure orders or enforcement measures that may be ordered by the judge to immediately prevent and repress the unlawful use of trade secrets. The Proposal also focuses on the victim and provides for the allowance of damages in order not only to compensate the negative effects of the violation but also to prevent unjust enrichment. It is also worth noting that protection of trade secrets would be available in respect of any violation of trade secrets occurring in France, whatever the law applicable to the contractual relationships of the parties involved. Finally, violation or attempted violation of trade secrets would be punished by three years imprisonment and by a fine of EUR 375,000. In order to better counter the industrial and economic espionage, these penalties would be increased where the violation harms the sovereignty, the security, or the essential economic interests of France. An attempt to strengthen the enforceability of the French Blocking Statute? First, Article 1 of the Proposal provides that criminal penalties are not applicable to competent judicial or administrative authorities while carrying out their mission of control, monitoring or sanction, but reserves the application of the law n°68-678 of July 26, 1968 (as amended by the law n°80-358 of July 17, 1980) known as the French "Blocking Statute", which, in essence, provides the following: "Subject to international treaties or agreements and applicable laws and regulations, any individual is prohibited from requesting, seeking or disclosing, in writing, orally or in any other form, documents or information of an economic, commercial, industrial, financial or technical nature, with a view to establishing evidence in foreign judicial or administrative proceedings or in relation thereto." Also, whereas the initial draft law on the protection of business secrets introduced in November 2011 and adopted on its first reading by the French Assemblée Nationale on January 23, 2012 intended to limit the scope of the French Blocking Statute to cover only defined information[3], the Proposal does not pursue this option and, on the contrary, intends to increase sentences applicable to infringements of the French Blocking Statute up to the same penalties as those created for violations of trade secrets. Therefore, the question is whether these proposed changes will allow French litigants to efficiently challenge their obligation to comply with discovery processes in common law claims. In practice, over the past few years, the French Blocking Statute defense was often rejected by foreign authorities in particular when it was raised in front of United States courts[4] but also, more recently, before UK courts[5]. To come to these solutions, courts generally apply a balance-of-interests test (defined, in the U.S., in the Aerospatiale case), and which includes notably the following factors: the importance of the documents or information requested to the litigation, the degree of specificity of the request, the availability of alternative means of securing the information. As a result, French litigants face a difficult dilemma, to either comply with the Blocking Statute and face the consequences in the foreign proceedings or violate the Blocking Statute and face consequences in France. However, the balance-of-interests test also takes into account the nature and likelihood of the hardship faced by the person infringing the Blocking Statute[6]. As the French Blocking Statute is little-enforced in France ([7]), such defense usually fails before U.S. courts. By expressly referring to the French Blocking Statute in the exceptions to criminal measures of protection of trade secrets and increasing the sentences of its infringements, the Proposal on protection of trade secrets might support French litigants to oppose the communication of information constituting protected trade secrets to foreign authorities. However, it remains unclear whether such improvement of the enforceability of the French Blocking Statute in France would lead to a greater efficiency of the Blocking Statute defense before foreign jurisdictions. Notably, the fact that the definition of the information protected by the French Blocking Statute still remains very wide (e.g. any document or information of an economic, commercial, industrial, financial or technical nature) may probably work against such a move. Back to Top 2.                  Capital Markets 2.1               Capital Markets — Double Jeopardy Rule Applied to Administrative and Criminal Violations Involving Identical Facts Through a recent decision (Grande Stevens & Others v. Italy dated March 4, 2014), the European Court of Human Rights (the "ECHR"), has taken a stand on the possibility of imposing double sanctions for the offence of market manipulation (subject to both criminal and administrative sanctions). The impact of this decision on French law could possibly be significant. Recent position of the European Court of Human Rights on the applicability of the ne bis in idem principle to administrative and criminal violations involving identical facts Article 4 of Protocol n°7 of the European Convention of Human Rights lays down the ne bis in idem principle, also known as the double jeopardy rule, which has the purpose of preventing a person from being tried or punished twice in criminal matters (as defined in the convention) for the same offence, as follows: "No one shall be liable to be tried or punished again in criminal proceedings under the jurisdiction of the same State for an offence for which he has already been finally acquitted or convicted in accordance with the law and penal procedure of that State". Its scope being limited to trials and convictions arising from criminal proceedings, it does not preclude a person from being subject, for the same act, to an action of a different character/nature (e.g. civil proceedings or disciplinary action in the case of an official). The Italian government has made a reservation (very similar to the reservation made by France) with regards to this provision limiting its application to sanctions, proceedings and decisions regarded as "criminal" by Italian law as opposed to European law. In the Grande Stevens case, because Italian law does not consider Company and Stock Exchange Commission (the "CONSOB") inflicted penalties to be of a criminal nature, criminal proceedings were brought against the protagonists even though they had already been subject to a CONSOB market abuse penalty decision. Italy was condemned in light of its market abuse legislation by the ECHR for having inflicted two sanctions against the same investor – the first by the CONSOB, and the second by a criminal court. The court invalidated the aforementioned Italian reservation on the grounds of its general nature leading to the circumvention of the double jeopardy rule. A Protocol violation was identified since, despite the official administrative nature of the first sanction under Italian law, both sanctions were in fact criminal in nature and based on the same acts. Pursuant to this decision, any time an administrative penalty is of criminal nature (as defined by European law), any subsequent criminal prosecution could constitute a violation of the ne bis in idem principle. The ECHR’s interpretation of the ne bis in idem principle clearly condemns all European countries, including France, which have allowed successive administrative and criminal proceedings to be brought for stock market offences. French ramifications In this regard, French procedure is very similar to that of Italy, which was questioned eight months ago by the ECHR. Just like Italy, the French government has made a reservation stating that "only those offences which under French law fall within the jurisdiction of the French criminal courts may be regarded as offences within the meaning of Articles 2 to 4 of [Protocol n° 7]" Decision by the Cour de cassation (French Supreme Court). – In a case relating to market manipulation, the Cour de cassation held that article 50 of the Charter of Fundamental Rights of the European Union (i.e. the ne bis in idem principle entitled "Right not to be tried or punished twice in criminal proceedings for the same criminal offence") does not preclude an individual sanctioned for a breach falling within the Autorité des marchés financiers‘ ("AMF") jurisdiction from being also prosecuted and sentenced through criminal proceedings relating to the conduct. This is subject to the global cumulative amount for potential fines not exceeding the highest incurred penalty under either regime (Cass. crim., January 22, 2014, n° 12-83.579). This ruling seems in accordance with recent case-law of the European Court of Justice (the "ECJ") in the Aklagaren v Hans Akerberg Fransson case (ECJ, February 26, 2013, C-617/10) where the ECJ stated that the ne bis idem principle does not prohibit a Member State from imposing successively, for the same acts, a tax penalty and a criminal penalty "in so far as the first penalty is not criminal in nature, a matter which is for the national court to determine". However, it should be noted that the ECJ stressed that the two sanctions should not be criminal, a requirement that was not clearly repeated by the Cour de cassation. As a consequence, it remains uncertain whether these two decisions are in line with each other. In any case, although an AMF sanction is considered to be administrative under French law, its repressive and preventative nature and the degree of severity are clearly oriented in favor of a criminal categorization. In view of this recent Cour de Cassation decision, there is a real risk that the ECHR will view the French jurisprudence to be at odds with the European Convention on Human Rights. Decision by the Conseil Constitutionnel (French Constitutional Court). – In the aftermath of the Grande Stevens case, members of the French legal community are currently trying to have the Conseil constitutionnel change its position and acknowledge that the accumulation of administrative and criminal sanctions regarding the same offence is a violation of the ne bis in idem principle. Through a priority preliminary ruling on constitutionality dated October 24, 2014 (decision n° 2014-423), the Conseil constitutionnel has however confirmed its traditional jurisprudence concerning the double jeopardy rule: cumulating sanctions is consistent with the French Constitution provided that the total penalties do not exceed the maximum incurred amount. What’s to come in France? – Recently (in October), a trial involving allegations of insider trading was adjourned by the Tribunal correctionnel of Paris (Criminal Court) pending the Cour de cassation’s decision to defer to the Conseil constitutionnel the constitutionality assessment of the possibility to criminally prosecute acts having already been subject to a final ruling by the AMF’s Commission des sanctions (Enforcement Committee). The AMF has recently addressed this issue. In fact, under French law and due to the influence of European legislation, the most serious market violations are also criminal offences — the most familiar ones being market manipulation, dissemination of false information and use of inside information. According to the regulator, these criminal and administrative means to sanction are easily articulated and the number of cases where two decisions ruled on identical facts is significantly low. Nevertheless, the few occurring cases where a double jeopardy violation can be raised are generally emblematic due to its severity and extensive media coverage. While it recognizes that a better coordination between criminal and administrative procedures revolving around the same reprehensible behavior should be sought, it is likely that the AMF will attempt to keep a lead role in fighting financial crime. The coming months will be crucial in distinguishing a trend illustrating the French response to these latest developments. In any case, the final outcome remains unclear. Back to Top 2.2              Capital Markets – A New Contemplated Framework for French IPOs Following the public consultation on a proposed new framework for initial public offerings (thereafter "IPO"), the French financial regulator, the Autorité des marchés financiers (hereafter "AMF"), has published on December 1, 2014 the final set of measures approved by its Board. The entirety of the initial proposals put forward by the AMF working group dedicated to initial public offerings (thereafter "WG") and published on September 25, 2014, have been accepted. The proposed AMF General Regulation modifications have now been submitted to the French Minister of finance for ratification. The planned modifications can be summarized as follows: The mandatory requirements to systematically set aside an IPO tranche for retail investors although many countries (particularly in Europe) do not have comparable rules — shall be maintained. The best-efforts obligation concerning the retail tranche, subject to greater flexibility of implementation, will be preserved as well. Flexibility shall be increased when setting the indicative price range, particularly since the sole requirement under European law is to disclose either a maximum price or the price-setting criteria. The following arrangements were deemed appropriate because they allow flexibility for issuers while ensuring efficiency for investors: when the IPO is launched, the minimum information given in the approved prospectus should include a maximum price; no later than 3 trading days before the offer closes, information should be given about a maximum range of 15% either side of a central price. The French practice of outlining price assessment criteria in the prospectus is no longer consistent with European procedures. Therefore, the AMF will cease to require this information to be disclosed in the prospectus. The fact that orders placed for the open-price offer cannot be cancelled is not due to AMF regulations but to operational constraints of a legal and technical nature affecting the transmission of those orders (i.e. manual versus online reception). The WG has observed that between two-thirds and 90% of retail orders are currently placed online. Accordingly, retail banks are asked to examine the possibility of allowing individual investors to cancel their orders at any time until the offer closes. Once this examination has been carried out, the possibility to cancel retail orders could be adopted along with the rest of the contemplated measures. Analysts from the underwriting syndicate will be allowed to access information before AMF-approved documentation is published. This will help reduce the IPO execution schedule by 2 to 3 weeks and align French and other European countries’ practices. To enable analysts outside the syndicate to carry on an in-depth dialogue with senior managers, the consultation participants have agreed on the principle that companies applying for a listing should invite analysts to discuss with them once the base document has been published, through a face-to-face meeting or a conference call. The use of a language other than French that is customary in the sphere of finance will be permitted provided the summary is translated into French. This should apply equally to both French and foreign issuers. The AMF foresees that this new IPO framework, aiming at increasing flexibility and French competitiveness, should be implemented by (no later than) the end of the first quarter of 2015. Back to Top 3.                  Tax 3.1               Tax — Recent tax changes (2014 and 2015 Financial Laws) Some of the main 2014 and 2015 tax changes resulting from the Financial Laws passed in December 2015 by the French Parliament are the following: For financial years closed as of December 31, 2014, a French tax unity can be set-up between French sister companies which are 95% owned by an EU holding company ; hence, it is no longer required that the French tax unity is headed by a French tax holding entity ; The use of French trust (Fiducie) is facilitated from a French tax point of view. In particular, shares held through a French trust will now remain eligible to the parent/subsidiary regime and to the French tax unity regime. As of January 1, 2015, gains realized by shareholders upon the buy-back of shares will be subject to the capital gains tax regime. For shareholders subject to corporate income tax, there is no right anymore to be exempt on such gains under the parent/subsidiary regime and the long-term participation exemption does not apply to shares held in real estate property companies. Annual tax on offices due by landlords is no longer tax deductible. As a result, the refund of such tax received by the landlord from the tenant will generate a taxable income at the landlord level. As of January 1, 2015, the 5% registration tax due on the sale of real estate property company shares is only assessed on the purchase price paid for such shares (as opposed to being assessed on the fair market value of the real estates and other assets minus the acquisition debt of the real estates). The designation of a tax representative in case of sale of French real estate assets or real estate company shares is no longer required for EU and EEE residents. Clients having paid fees to a tax representative in the past should consider filing a claim against the French State in order to obtain a refund of such fees. Back to Top 3.2              Tax – Renegotiation of the France and Luxembourg Tax Treaty; Taxation of Real Estate Capital Gains Expanded by Way of a September 5, 2014 Amendment to the Treaty A fourth amendment to the tax treaty between France and Luxembourg has been signed on September 5, 2014. It gives the State where real estate assets are located the right to tax capital gains on the sale of shares in companies owning such real estate assets. This amendment will enter into force at the beginning of the calendar year following its ratification by both States (in the case of income taxes levied by deduction at source) or to financial years opened after the calendar year following the ratification (in the case of income taxes not collected by deduction at source). In practice, the amendment should enter into force on January 1, 2016 for most investments. The amendment may prompt a growing use by investors of tax-favored real estate vehicles such as OPCI (organisme de placement collectif en immobilier), which are not taxed on real estate income so long as they comply with certain profit distribution requirements and which should remain eligible to the benefit of reduced withholding tax rate on dividends paid to Luxembourg shareholders in accordance with the provisions of the France Luxembourg tax treaty. For further details on this new Decree, please see the Gibson Dunn Client Alert of September 5, 2014: http://www.gibsondunn.com/publications/pages/Renegotiation-of-France-and-Luxembourg-Tax-Treaty–Taxation-of-Real-Estate-Capital-Gains-Expanded–Sept-5-2014-Amendment.aspx. Back to Top 3.3              Tax — Foreign Account Tax Compliance Act Will Increase Compliance Costs for Clients The Foreign Account Tax Compliance Act (FATCA) was enacted in 2010 to strengthen the legislative framework against tax evasion by U.S. taxpayers with foreign bank accounts. On November 14, 2013, France and the U.S. signed a bilateral agreement whereby France committed to drafting locally applicable laws and regulations with scope covering all financial institutions resident in France. Participating Foreign Financial Institutions, that is, those institutions that have entered into an agreement with U.S. tax authorities (such as the IRS), are engaged in identifying and documenting all potential accounts that may be eligible for U.S. contribution and inform the French authority who will then transmit the information to the IRS. If Foreign Financial Institutions do not enter into such an agreement, a 30% withholding tax will be levied on all related U.S. sourced payments. Examples of these payments may include dividends by U.S. corporations or sale proceeds from the sale of U.S. property. The new reporting requirements will also have an impact on some entities outside of the traditional financial services sector. The first reporting requirements will enter into force in France on September 30, 2015 relating to information collected from July 1, 2014. Discussions have been engaged within the European Union as well as the OECD in order to further strengthen the international cooperation regarding tax data following the FATCA model. Back to Top 4.                  Real Estate — New Regime Applicable to Commercial Leases in France: Some Service Charges May No Longer Be Passed on to the Lessee As of November 5, 2014, the new regime applicable to commercial leases prohibits that a series of charges be imposed by lessors to lessees. The so-called "Pinel Law"[8] makes it mandatory to include a specific inventory[9] regarding the nature of taxes, fees, royalties and charges, as well as their allocation between the lessor and the lessee, thus putting an end to the contractual freedom of former commercial leases[10]. The Decree confirms the abolition of the widespread practice of "triple net" leases in France for offices or commercial shops. Indeed, from now on[11], the following charges can no longer be imposed on lessees: Expenses regarding major repairs according to Article 606 of the Civil Code (so-called "grosses reparations", which include thick walls, vaults, restoration of beams and roofing) as well as the fees related to the execution of the major repairs; Expenses incurred to avoid obsolescence of the premises or the building in accordance with the regulations, when these works fall into the category of major repairs of Article 606; Taxes (including business tax[12]) for which the legal debtor is the lessor; however, by way of exception, real estate tax (taxe foncière) as well as garbage tax and taxes linked to the use of the building by the Lessee or to a service benefiting to the lessee, directly or indirectly (such as, in our view, the annual tax on offices, VAT) can be charged to the lessee; The lessor’s fees related to the management of the rents of the leased building; and  In a property complex, expenses, taxes as well as the cost of works for vacant premises or due by other lessees. This limitation on the ability to pass service charges on to the lessee is just one of the main changes introduced by the "Pinel Law" that may be of interest to investors. One of the concerns elicited by such change is that it may result, in the medium term, in an increase in rents to compensate for the fact that some of the running costs that were previously passed on to the lessee will now be borne by the lessor. Back to Top 5.                  Labor and Employment 5.1               Labor and Employment — Conflicts of Law in Cross-Border Acquisitions by a U.S.-Listed Company: Duty to Inform the French Works Council vs. Risks of Insider Trading in the United States. In a cross-border acquisition involving a French subsidiary by a listed U.S. company, the U.S. and French legal systems often conflict, notably in terms of labor law requirements. Indeed, it is often the case that the contemplated acquisition would require consulting the works council (comité d’entreprise) of the French entity.[13] And yet, providing sensitive, material, non-public information to employee representatives in France could also potentially violate U.S. law requirements not to disclose any confidential information before the deal is completed. However, it is difficult to do without a consultation of the works council, since failure to do so could result in having French courts postpone the acquisition process until a proper consultation is undertaken.[14] Furthermore, failure to consult the works council in due time could be qualified as obstruction (délit d’entrave), which is sanctioned under French criminal law. The works council must be provided with precise written information made available by the employer, as well as an argued answer from the employer to its questions. A practical solution is therefore to perform such consultation by relying on the confidentiality duty imposed on the members of the works council, the breach of which is sanctioned by disciplinary measures. However, such confidentiality duty only applies to information that is expressly presented by the employer as being confidential prior to being disclosed to the works council, provided that such confidentiality is justified by the legitimate interest of the company. In other words, this means that not every kind of information can be presented as confidential by the employer and consequently, that the confidentiality duty provided for by French labor law is not intended to apply to any kind of information.[15] This is notably justified by the fact that such confidentiality duty infringes employee representatives’ freedom of expression, and should thus be constrained in proportion to the legitimate interest of the company. It is thus highly recommended to carefully prepare the consultation of the works council to determine which information is confidential and which is not. Also, the information presented by the employer as confidential will not be mentioned in the minutes of the works council to be displayed in the premises of the company. Back to Top 5.2              Labor and Employment — On the Difficulties to Implement a Whistleblowing Hotline in France… Though the implementation of whistleblowing hotlines is required for U.S. companies under the Sarbanes-Oxley Act of 2002, the reception in France of such procedures still triggers significant validity issues. While U.S.-style whistleblowing hotlines are notably characterized by their wide scope, French so-called alertes professionnelles are strictly limited to the five following areas[16]: financial, accounting, banking and fight against corruption; anti-trust practices; fight against discrimination and harassment in the workplace; health, hygiene and safety of employees; and environmental protection. Furthermore, the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés – the "CNIL") requires that companies that implement a whistleblowing hotline clearly inform their employees that such procedure is restricted to the aforementioned areas and can only be used to collect objective data in relation thereto. Anonymous alerts are banned, save under very specific circumstances, as the CNIL requires that the procedure ensures the confidentiality of the alert while asking for the whistleblower to state his/her identity, position and contact information. A recent decision[17] of the High Court of Caen (Tribunal de Grande Instance) confirms that a whistleblowing procedure implemented in a French subsidiary of a U.S.-listed company that does not strictly comply with such requirements is illegal. In the case at hand, the French court sanctioned the company for having implemented a whistleblowing hotline (handled by a third-party provider) which allowed "reporting anonymously any suspected misconduct or other problems to the company". De facto, the complaints could target any French employee regarding facts that did not necessarily fall within the scope of the limited pre-identified areas. The High Court of Caen considered the whistleblowing procedure to be unlawful, for the reporting system available to employees did not clearly set the type of information that could be submitted. According to the Court, the risk attached to this reporting device was a potential escalation into an organized system of denunciation and false accusation based on facts relating to privacy. This decision illustrates the fact that, in order to be valid, a French whistleblowing procedure must, among other applicable French legal requirements, clearly limit the information that may be reported by employees to the areas previously identified. Moreover, this restriction must be ensured by both the company itself and a third-party service provider used by the company, if any. If the whistleblowing hotline is intended to report potential violations in domains that fall out of the aforementioned limited scope, it is then subject to a prior authorization issued by the CNIL. Such extension of scope could potentially be authorized taking into consideration the specific characteristics of the company’s business activity. However, such extension of scope is rarely approved by the CNIL, which is reluctant to consider it as being justified by the legitimate interest of the company. Back to Top 6.                  Consumer Law — Enhanced Protection of French Consumers: The Impact on E-Commerce Enacted on March 17, 2014, the Statute n°2014-344 relating to consumers (the "Statute") (the so-called "Hamon Statute"[18]) focuses on improving the protection of consumers in a variety of domains, from the introduction of class actions into French law, to the enhancement of pre-contractual information of consumers, through the modification of obligations applicable to e-commerce. The Statute notably introduces a new preliminary article to the French Consumer Code which defines the notion of consumer[19], as required by the European directive on consumers[20]. It also reinforces the protection of consumers by enhancing requirements in terms of pre-contractual information, which shall be provided "in a legible and understandable" manner. Pre-contractual information covers: essential characteristics of the service or good, price, or the method applied to determine the price if it cannot be set in advance, specific terms and conditions of the sale or performance of service, delivery date or timeframe during which the professional undertakes to deliver the good or perform the service, information on the professional (identity, postal and electronic addresses, description of its activity, information on legal warranties, etc.), with regard to the sale of goods, information on the timeframe during which spare parts are available on the market (being specified that such information must be confirmed in writing once the sale has been made). These provisions are mandatory and cannot be skirted by professionals, notably through contractual clauses or agreements. All agreements entered into after June 13, 2014 are subject to these mandatory obligations in terms of pre-contractual information[21]. The Statute strengthens the "double-click" process prior to moving forward with an online acquisition by requiring that a new statement reading "order with purchase obligation" be added. It also puts an end to the widespread practice of pre-selected boxes on e-commerce websites, which are now forbidden. The Statute indeed intends to fight against consent by default (notably via pre-selected boxes) and allows for the consumers to obtain full reimbursement if they have involuntarily purchased a good or service they had not initially selected (via the system of pre-selected boxes). Furthermore, professionals must indicate the date or timeframe within which the contract is to be executed; if not, the tacit timeframe for the execution of the contract is of 30 days, as opposed to the immediate execution of the contract required by the former applicable regime. In addition, in case the professional fails to deliver the product within the indicated (or tacit) timeframe, then consumers shall first and foremost send a formal order requesting its execution prior to terminating the agreement, unless the timeframe of delivery was an essential condition of the contract. If terminated, consumers shall be reimbursed within 14 days at the latest following termination. Failure to do so results in penalties which increase as time goes by. The Statute also increases the withdrawal period, during which consumers can annul the contract, from 7 to 14 days[22] starting on the date on which the consumer receives the product (or the date on which the service contract is entered into). In case of contracts involving sequential performance, the withdrawal period starts running upon delivery or execution of the last item. As under the former regime, this withdrawal period can be exercised without any justification. The professional is required to fully reimburse the consumer, including the costs incurred to send the product back. In case of late reimbursement, the abovementioned penalties apply. Furthermore, the Statute now strictly limits the circumstances where this right of withdrawal can be excluded to thirteen different situations. Finally, the Statute strengthens product conformity warranties, notably by raising from 6 months to two years the presumption of default in conformity. Consequently, any default in conformity which occurs within the two years of the delivery of the product shall be deemed to have existed originally on the delivery date, thus easing the implementation of the guarantee process. This new provision will only enter into force on March 17, 2016. In order to ensure enforceability of these new provisions, the Statute also improves the prerogatives of the National Agency in charge of Competition Policy, Consumer Affairs and Fraud Control[23]. Sanctions incurred, whether administrative or criminal, have also been enhanced by the new law. The Statute covers a great range of additional subjects relating to consumer protection, and significantly modifies the applicable law in terms of loans and insurance, geographic indications, deceptive marketing practices, over-indebtedness of individuals, etc. The Statute also impacts French lawyers, who are now authorized to advertise their practice and canvass new clients, in line with the European directive on services in the internal market of 2006. Back to Top 7.                   Data Protection 7.1                Data Protection — CNIL Enforcement Actions In 2014, the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés — CNIL) has pursued a number of enforcement actions, with several resulting in sanctions of up to €150,000, the maximum amount that may be imposed. In particular, the CNIL fined a search engine €150,000 for failure to comply with the requirements of the Data Protection Act[24]. Following the investigations performed by EU data protection authorities, the Article 29 Data Protection Working Party adopted a compliance package of dedicated measures, aimed at offering specific and practical measures that could be implemented quickly by any search engine to meet the requirements of the European data protection framework. In addition, France (alongside Germany) urges upon the largest search engines to put an end to their anticompetitive practices and to foster transparency for the ranking of websites. The two countries seek to have the European Commission issue a more stringent regulatory framework designed to take a tougher line on those companies and other internet giants. A draft motion is now calling for the European Commission to consider the "unbundling" of search engines from other commercial services. Back to Top 7.2               Data Protection — Social networking services’ unfair contract terms On November 7, 2014, the French Commission on unfair terms (Commission des clauses abusives) issued a recommendation[25] advocating for the removal of several unfair terms generally included in contracts of so-called "social networking services", notably in connection with data protection. For instance, it recommends removing clauses according to which the user implicitly agrees to the processing of his/her personal data by the professional, or which organize the transfer of personal data to undesignated third parties, with no need for any formal consent from the user, or which provide for longer retention period than what is provided for by the CNIL, etc. Back to Top 8.                  Insurance — Law on Inactive Bank Accounts and Unclaimed Life Insurance Contracts The statute n°2014-617 dated June 13, 2014 (the "Statute") has increased banks and insurers’ obligations in connection with inactive bank accounts and unclaimed life-insurance policies. The general purpose of the Statute is to (i) increase the protection of property rights of account holders and beneficiaries of life-insurance contracts and (ii) facilitate the transfer of unclaimed amounts, after the legal statute of limitations has expired, to the State. A new set of obligations for banks in connection with inactive bank accounts In this regard, a definition of "inactive bank accounts" (comptes bancaires inactifs) has been introduced in the French Monetary and Financial Code (Code monétaire et financier), which designates all bank accounts for which either (i) a 12-month period has elapsed without any operation on the account and without any contact from the account holder or (ii), if the account holder is deceased, a 12-month period has elapsed without any contact from his/her right holders. In connection with inactive bank accounts, banks now shall: identify deceased account holders by an annual consultation of the national natural persons register (Registre national d’identification des personnes physiques –"RNIPP") in order to proactively "inform by any available means" the account holder, his/her representatives or his/her right holders known by the bank, of the existence of the account; disclose on a yearly basis the total number of inactive accounts recorded in their books and the aggregate amount of all assets and deposits registered therein and preserve all related information; and transfer unclaimed amounts to the public entity named Caisse des dépots et consignations ("CDC"): (i) 3 years after the death of the account holder or (ii) 10 years after the date of the last operation on the account (or the last contact from the account holder); provided that the bank shall (a) inform "by any available means" the account holder, his/her representative or his/her right holders known by the bank, of the upcoming transfer 6 months in advance and (b) disclose on a yearly basis the total number of inactive accounts and the aggregate amount of unclaimed assets and deposits which have thus been transferred to the CDC. These amounts shall be held by the CDC on behalf of the right holders and are then transferred to the State upon the expiry of a 30-year period after the death of the account holder or the last operation or contact, as the case may be. An existing set of rules binding upon insurers in relation to unclaimed life-insurance contracts clarified and reinforced The Statute has also completed, specified or strengthened the obligations already borne by insurers in connection with unclaimed life-insurance contracts, which were introduced by several statutes enacted since 2005. More specifically, insurers are now required to: consult on a yearly basis the RNIPP to check for death of life-insured parties or holders of capital bonds (authorization to consult the RNIPP has been granted to insurers by a statute dated December 17, 2007; the Statute turns this consultation right into an obligation to consult on a yearly basis and also extends its scope to include capital bonds (contrats et bons de capitalisation); disclose, along with their annual statements, the number of unclaimed life-insurance contracts or capital bonds (contrats et bons de capitalization) recorded in their books, together with the outstanding amounts registered therein, as well as the research measures implemented; the insurers shall also communicate an annual report on this issue to the French bank and insurance authority (Autorité de contrôle prudentiel et de résolution — "ACPR") and to the Ministry of Economy; and transfer unclaimed amounts to the CDC 10 years after (i) the term of the contract (for fixed-term life-insurance policies) or (ii) the date on which the insurer has knowledge of the death of the insured party; the CDC shall hold these amounts on behalf of the beneficiaries for 20 years before transferring them to the State. Such transfer to the CDC relieves the insurer from any obligation in connection with such insurance contracts, except for the preservation of all related information and documents; the insurer shall inform the insured party or beneficiary of this upcoming transfer 6 months in advance. Since 2007, insurers are also required to proactively identify and look for the beneficiaries of unclaimed life-insurance policies in order to inform them of their rights. The Statute expressly prevents insurers from deducting from the insurance benefits due under any life-insurance policy the information and research costs incurred in relation thereto. Yet some of the hardships faced by insurers in their research have been lifted by the Statute since public notaries and the tax administration now have to disclose to insurers the identity of the insured party’s heirs or right holders or the contact details of the beneficiary of a life-insurance policy. As a counterpart, public notaries and right holders are now allowed to obtain information relating to unclaimed bank accounts from the tax administration and the CDC and to consult a public record (FICOVIE) registering all unclaimed life-insurance policies, in order to verify whether or not a particular person may be the beneficiary of a life-insurance policy. The provisions of this Statute will enter into force on January 1, 2016, except for those requiring the public notaries and the tax administration to assist insurers in their research and those relating to public notaries and right holders’ new information right which entered into force on January 1, 2015. Back to Top 9.                  Public Law 9.1               Public Law — The application of the principle "the silence of the administration is deemed to equal acceptance" and its exceptions Since November 12, 2014 the principle that the silence of the public administration regarding a citizens’ demand for more than two months is deemed to equal acceptance, came into force. This key measure of the simplification process, provided by the law authorizing the government to simplify the relations between government and citizens (art. 1, II., 2 of Law No. 2013- 1005 of November 12, 2013, modifying the Law 2000-321 of April 12, 2000), replaces the old principle which provides that silence equals refusal, devoted in French law in 1864. Through this legal change, the government aims to facilitate administrative procedures and hopes that individuals and companies will no longer see their rights "limited by administrative inertia". No less than 1,200 procedures, ranging from changing the civil status to registration at the university, are concerned. They will be listed, ultimately, on a website. Nevertheless, the revolutionary character of this new principle should be weighted since it suffers from a significant number of exceptions detailed in no less than 42 decrees published in the Official Journal on November 1, 2014. These exceptions fall into three perspectives: First, on the basis of Article 21-II of the Law of April 12, 2000 modified, there are cases in which the urgency and complexity of the procedure justify extending the period of two months of implicit acceptances’ birth. Then, on the basis of Article 21-I-4 of the Law of April 12, 2000 modified, there are cases in which the principle can be set aside for reasons related to compliance with international and European commitments of France, the protection of national security, the protection of freedoms and of the principles of constitutional value and the protection of public order. Finally, on the basis of Article 21-II of the Law of April 12, 2000 modified, there are procedures in which the principle does not apply for reasons related to the subject of the decision in question or to the principle of sound administration and due process. From November 12, 2015, local authorities, their public institutions, social security agencies and other bodies responsible for the management of a public administrative service will be also concerned by this new principle. Back to Top 9.2              Public Law — Validation by Law of the structured loan agreements signed by public local authorities. Law No. 2014-844 of July 29, 2014, concerning the security of structured loan agreements entered into by a credit institution and legal persons governed by public law valid the loan agreements’ provisions setting out interests, considering that the validity of these provisions cannot be challenged by the plea or lack of mention of the annual percentage rate of charge (Taux Effectif Global / TEG), the rate period or period of time, or the erroneous entry of a TEG, a period of rates or a period of time. The adoption of the Law was motivated by several decisions of the High Court of Nanterre (Tribunal de Grande Instance), which (i) estimated that the faxes which had preceded the signing of the loan agreements so-called "structured" could be qualified as "loan agreements" and (ii) decided to apply the official interest rate (taux légal) instead of the contractual rate in case of formal lack of mention in the fax of the TEG or intermediary data with which to calculate the TEG. In order to comply with the case law of the European Court of Human rights, the legislator has strictly limited the scope of the validation to the "structured" loan agreements entered into by legal persons governed by public law. Moreover, it relates to the sanction of an irregularity affecting the borrower on the overall cost of credit, but doesn’t affect the general economy of the signed loan agreements. Last but not least, the infringement of the rights of the legal persons governed by public law can only be justified by an overriding reason of general interest. In its decision 2014-695 DC of July 24, 2014, the French Constitutional Council confirmed the conformity of the law with the French Constitutional rules. He has notably pointed out that the legislator, by adopting these provisions, intended to prevent the direct or indirect financial consequences, exceeding ten billion euros, resulting for credit institutions that have granted "structured" loans to communities territorial, their public bodies or local public institutions. It shall be underlined that in order to find a permanent and comprehensive solution for the most sensitive loans, the French Government has created a multi-year support fund endowed with significant resources enabling local governments to finance the unwinding of structured loans. It is endowed with EUR 1.5 billion (60% coming from the banks) and has a life span of 15 years maximum (EUR 100 million per year). Any entity benefiting from the fund shall withdraw from current litigation or renounce to future litigation on the loans benefiting from the fund. Back to Top 9.3              Public Law — In a decision "Département du Tarn et Garonne" of April 4, 2014, the French Administrative Supreme Court (Conseil d’Etat), open a new way for the third parties to contest the validity of a public contract before French administrative courts. If traditionally, only parties to a contract were able to contest the validity of a public contract, this construction was made more flexible in 2007, with the opportunity for the unsuccessful candidates to the contract award to contest the validity of a public contract. With the decision "Département du Tarn et Garonne", third parties, who have an interest that could be prejudiced by a public contract, may contest its validity before French administrative courts. This new way to contest the validity of a public contract is however strictly circumscribed: (i) the prejudice to the interest of the third parties must be direct and certain; (ii) the third parties can only raise defects that are directly bound to the prejudiced interest. The judge will appreciate the importance of the defect. He can decide the further execution of the contract, or invite the parties to regularize matters. If there is an irregularity such as the continuation of the contract is impossible, then the judge can terminate it totally or partially. In certain cases, the judge can sentence the parties to pay compensation to the injured party, who brought the case. It shall be underlined that the Conseil d’Etat judged that a similar action can be brought by the Prefect (local State representative) and members of local authorities’ council concerned. At the difference of the private third parties, they can invoke all defects affecting the contract in order to contest the validity of the contract. Back to Top 10.               Competition Law The French Competition Authority (Autorité de la concurrence, hereafter, the "FCA") remained very active in the second half of 2014 and imposed significant fines. The French Supreme Court also ruled several important decisions, in particular regarding the determination of the financial penalty. 10.1            Competition Law — The FCA has fined 5.7 million euros to Cegedim for having abusively refused to sell its medical information database to certain pharmaceutical laboratories (Decision 14-D-06 of July 8, 2014) Cegedim is leader in the medical database information market, and enjoys a dominant position. It offers both databases and management software to laboratories, whereas its competitor Euris only produces customer management software. Euris accused Cegedim of abusing its dominant position by refusing to sell its database to laboratories using or intending to use it with Euris management software. In fact, Cegedim refused to sell its OneKey database — the benchmark for the sector — to laboratories that were using software marketed by Euris, although it had agreed to sell it to laboratories that were using other competing software. Cegedim justified its refusal since it claimed to be suing Euris for counterfeiting. This abusively discriminatory treatment — the existence of a lawsuit for counterfeiting not constituting justification for the implementation of anti-competitive practices – caused Euris to lose any possibility of expansion in the management software market. The laboratories that used its software or that were interested in its software solution could not access the leading database in the market and consequently were deterred from working with Euris. This practice, which was instituted in October 2007 despite the fact that Cegedim was fully aware of the illegal nature thereof, had a seriously harmful effect on Euris which lost 70% of its customers between 2008 and 2012, and restricted the laboratories in their choice of customer management software. Consequently, the FCA has fined Cegedim 5.7 million euros, in view of the length of time the breach lasted, namely from April 2007 to April 2013, the gravity of the practice and the damage caused to the economy. It also enjoined Cegedim to cease to discriminate between its customers according to the software they are using. This Decision was appealed before the Paris Court of Appeal (pending case). Back to Top 10.2           Competition Law — The impact of group membership on the determination of the financial penalty imposed to a cartel: the French Civil Supreme Court requests justification on how belonging to a group may be considered an aggravating factor in setting antitrust fines (French civil Supreme Court, Entreprise Pradeau et Morin e.a., Cases No. 12-27643, 12-27697, 12-27698, 12-2700, 12-28026, February 18, 2014, and Allez / Spie, Cases No. 13-16602, 13-16696, and 13-16905, October 21, 2014) According to Article L. 464-2 of the French Commercial Code, the financial penalties are determined individually and justifiably for each company or organization sanctioned. In these decisions, the French Supreme Court strictly applied this principle of individualization of penalties by considering that the mere fact to belong to a group is not sufficient to justify an increase in the amount of the fine or to reject elements of proof related to the financial capacity of the subsidiary to contribute. Thus, in its decisions dated February 18, 2014, the French Supreme Court held that an appellate court which, after noting that a company had acted independently, considers that its membership in a group with significant annual turnover constitute an individual circumstance leading to increase the amount of the penalty in order to ensure its character both deterrent and proportionate, disregarding whether this belonging to the group played a major role in the implementation of anti-competitive practices or was likely to affect the assessment of the gravity of these practices, deprives its decision of a legal basis. The French Supreme Court clearly confirmed its position in its decisions dated October 21, 2014, requesting justification on how belonging to a group may be considered an aggravating factor in setting antitrust fines. In those cases, the FCA had found ten undertakings guilty of submitting cover bids in several tender offers (decision No. 11-D-13 of October 5, 2011). The fact that some of those undertakings were subsidiaries of larger groups was taken into account in the setting of 10 million euros total fines for violation of Article L. 420-1 of the French Commercial Code. This was made possible because, in its guidelines on the method relating to the setting of financial penalties, dated May 16, 2011, the FCA states that a fine can be aggravated in consideration of the fact that ”the group to which the undertaking belongs itself has a size, an economic power or overall resources that is or are important, this factor being taken into consideration, in particular, where the undertaking that controls the undertaking at stake within the group is also liable for the infringement”. The French Civil Supreme Court, on the basis of Article L. 464-2 of the French Commercial Code pursuant to which fines are set individually for each undertaking and must be justified, stated that where an undertaking implemented anticompetitive practices, autonomously, it would be unlawful to aggravate its fine automatically without providing explanation, if the group had not taken part in the infringement. Back to Top 10.3           Competition Law — On December 15, 2014[26], within the scope of a procedure by the French main hotel unions, the FCA indicated that Booking.com has proposed to remove the so-called "pricing parity clause" obliging hotels to grant it pricing conditions that are at least as favorable as those granted to the other online platforms. The commitments taken, that Booking.com proposes to extend to all EEA countries[27], should enable the hotels referenced on booking.com to be free to propose rooms at different prices according to the platform used. They may be able to vary the prices depending on the conditions applied to them. The proposed commitments are submitted to market test with stakeholders in the sector to check if the proposed commitments are adequate to address the competition concerns identified. Once the market test has been completed, the FCA’s college will hear the parties and examine the observations formulated by third parties. Where applicable, the FCA may require such commitments to be amended or supplemented then, once the commitments have been made compulsory, the proceedings will be closed. Should the FCA find that the commitments, even where amended, remain unsatisfactory, it will resume the standard litigation procedure. Back to Top 10.4           Competition Law — The FCA fines concerted practices between manufacturers a total of 345.2 million euros and 605.9 million euros on each market concerned (Decision 14-D-19; December 18, 2014 relating to home and personal care products sold in supermarkets) The FCA issued a decision whereby it fines home care products and personal care products manufacturers for having implemented concerted practices. The FCA was informed of the existence of these concerted practices by three players which successively applied to benefit from the leniency procedure[28]. Thanks to information disclosed by the leniency applicants, raids were carried out in France. The very first raid even occurred during a lunch organized in a Parisian restaurant called "le Royal Villiers". Some of the players were caught in act. Between 2003 and 2006, on both markets, major companies coordinated their commercial policy towards supermarkets, and in particular their price increases. These two fines rank among the most significant fines pronounced by the FCA, until now. The supermarket suppliers for home and personal care products coordinated their commercial policy towards their distributors, to avoid any increase of competition between them. The concerted practices were particularly sophisticated. To discuss about each sector, they met regularly and secretly to coordinate their commercial policies and discuss their pricing policies. The collusive practices were intended to bring together the positions held by suppliers during the commercial negotiations with distributors. The concerted practices distorted negotiations with distributors to the benefit of suppliers. They allowed maintaining artificially high selling prices to retailers, which were then passed on prices paid by end consumers. The concerted practices aimed at distorting the main components of commercial negotiations, especially price evolutions. The FCA also pointed out that these infringements harmed the economy and also had an important impact on consumers. It shall be underlined that two companies have received full immunity under the terms of the leniency program, others having been partially exempted. Some companies, which have not challenged the facts and have proposed compliance commitments for the future, benefited from a reduction of their fines. Back to Top [1] It should be noted that intermediaries that only offer financing through donations may choose this legal status but are not necessarily subject to it. [2] On November 28, 2013, the European Commission submitted a proposal for a directive regarding the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure. On May 26, 2014, the European Council agreed on a general approach for establishing a new legal framework for the protection of trade secrets in European Member States and abroad. Discussions in plenary sitting at the European Parliament may start in late April 2015. [3] The initial draft law adopted by the French Assemblée Nationale intended to limit the scope of protection of the French Blocking Statute to information (i) the communication of which would harm the sovereignty, the security, or the essential economic interests of France or (ii) constituting trade secrets as per the definition created by the bill. [4] Société Nationale Industrielle Aérospatiale v. U.S. Dist. Ct. for the S. Dist. of Iowa, 482 U.S. 522 (1987). [5] Secretary of State for Health v. Servier Laboratories Ltd; National Grid Electricity Transmission plc v ABB Ltd and others [2013] EWCA Civ 1234. [6] United States v. First National City Bank, 379 U.S. 378 (1965). [7] Only one criminal case of a prosecution known under the French Blocking Statute in the last 40 years (Cass. Crim., Christopher X / MAAF, Dec. 12, 2007, n°07-83.228) [8] Law No. 2014-626 of Jun. 18, 2014 [9] Such a list is set by Decree n°2014-1317 of Nov. 3, 2014 [10] New Article L. 145-40-2 of the French commercial Code [11] The new article applies to leases entered into or renewed on or after November 5, 2014 [12] So-called contribution économique territoriale [13] Article L. 2323-19 of the French Labor Code requires consulting the works council in case of modification impacting the economic organization or legal structure of the company. [14] Cass. soc., Nov. 28, 2000, n°98-19.594 [15] Cass. soc., Nov. 5, 2014, n°13-17.270 [16]    If not, the whistleblowing will be subject to a special authorization from the CNIL [17] Tribunal de Grande Instance de Caen (High Court of Caen), second chamber, Sept. 15, 2014, No. 10/00290, Benoist Gérard. [18] From the name of the former minister in charge of the social and solidarity economy, Mr. Benoit Hamon. [19] Preliminary article of the French Consumer Code: "any individual whose action is not driven by his/her commercial, industrial, craft or liberal activity is considered a consumer under this code" [20] EU Directive n°2011/83/UE of Oct. 25, 2011 relating to consumers’ rights. [21] Article 34 of Statute n°2014-344 [22] The withdrawal period can even be extended to 12 months if all mandatory information is not provided (Art. L. 121-21-1 of the French Consumer Code). [23] Autorité administrative chargée de la concurrence, de la consommation et de la répression des fraudes — Art. L. 141-1 et seq. of the French Consumer Code [24] In France, the protection of personal data is governed by the Loi Informatique et Libertés of January 6, 1978 (hereafter the "Data Protection Act"), which is implemented by the CNIL. [25] Recommendation n°2014-02 of November 7, 2014. [26] Press Release available at http://www.autoritedelaconcurrence.fr/user/standard.php?id_rub=591 [27] The FCA indicated that seven competition authorities in Europe (in France, Germany, Sweden, UK, Italy, Austria, Ireland) have opened cases concerning online booking platforms. Under the aegis of the European Commission, national authorities have set up closed cooperation in order to harmonize the handling of these issues. France, Sweden and Italy have led the way in this cooperation. [28] The leniency procedure allows a company which informs the FCA de la concurrence of anticompetitive practices in which it takes or took part, to benefit from a full or partial immunity from fines, under certain conditions in particular on the basis of the rank of arrival of its leniency application, the ‘added value’ of the information given as well as its full cooperation with the FCA to establish the existence of the infringement.       Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update.  The Paris office of Gibson Dunn brings together lawyers with extensive knowledge of corporate, insolvency, tax and real estate, antitrust, labor and employment law as well as regulatory and public law.  The Paris office is comprised of a dynamic team of lawyers who are either dual or triple-qualified, having trained in both France and abroad.  Our French lawyers work closely with the firm’s practice groups in other jurisdictions to provide cutting-edge legal advice and guidance in the most complex transactions and legal matters.  For further information, please contact the Gibson Dunn lawyer with whom you usually work or any of the following members of the Paris office by phone (+33 1 56 43 13 00) or by email (see below): Corporate/M&A/Private EquityBernard Grinspan (bgrinspan@gibsondunn.com)Benoît Fleury (bfleury@gibsondunn.com)  Ariel Harroch (aharroch@gibsondunn.com)Jean-Philippe Robé (jrobe@gibsondunn.com)Patrick Ledoux (pledoux@gibsondunn.com)Judith Raoul-Bardy (jraoulbardy@gibsondunn.com)Audrey Obadia-Zerbib (aobadia-zerbib@gibsondunn.com) Restructuring/Insolvency Jean-Philippe Robé (jrobe@gibsondunn.com)Benoît Fleury (bfleury@gibsondunn.com)   Public Law/Regulatory/Competition LawNicolas Baverez (nbaverez@gibsondunn.com)Nicolas Autet (nautet@gibsondunn.com)Maïwenn Beas (mbeas@gibsondunn.com) TaxJérôme Delaurière (jdelauriere@gibsondunn.com)Ariel Harroch (aharroch@gibsondunn.com) LitigationJean-Philippe Robé (jrobe@gibsondunn.com)Benoît Fleury (bfleury@gibsondunn.com)Patrick Ledoux (pledoux@gibsondunn.com)Nicolas Autet (nautet@gibsondunn.com) Real EstateJean-Philippe Robé (jrobe@gibsondunn.com)Benoît Fleury (bfleury@gibsondunn.com)Jérôme Delaurière (jdelauriere@gibsondunn.com) Labor and EmploymentBernard Grinspan (bgrinspan@gibsondunn.com)Jean-Philippe Robé (jrobe@gibsondunn.com) Intellectual Property/Data ProtectionBernard Grinspan (bgrinspan@gibsondunn.com)Audrey Obadia-Zerbib (aobadia-zerbib@gibsondunn.com) © 2015 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice. 

January 9, 2015 |
2014 Year-End German Law Update

The past year marked the 25th anniversary of the fall of the Berlin Wall and probably the end of a European dream to continue to entertain smooth and peaceful cooperation with Russia. On the background of rising political uncertainties, the German economy lost considerable momentum in the second and third quarters of the year. The German Central Bank (Bundesbank) halved its original 2015 growth forecast to a meager one percent. Additional concerns like the tepid implementation of the Energiewende and more red-tape and regulation introduced by the grand-coalition government did not help to inspire confidence. Nonetheless, on the back of the booming economy of the last years, the 2015 federal budget for the first time in 45 years expects to be balanced, with no new debt, and with a budget surplus.Based upon preliminary information, the German domestic M&A market appears to remain on par with last year. Notably, German companies embarked on their biggest-ever acquisition spree in the U.S., as demonstrated by land-mark transactions like Siemens’s acquisition of Dresser-Rand, ZF Friedrichshafen’s acquisition of TRW, Bayer’s acquisition of Merck & Co.’s consumer care business and Merck’s acquisition of Sigma-Aldrich, just to name a few. This trend was fueled by reshaped strategies to benefit from the recovery of the U.S. market and reduced forecasts from ailing markets in Russia, Europe and elsewhere. In the regulatory arena, Germany has finally entered the club of countries favoring minimum wages. While many would agree that the concept of a minimum wage can be a sound mechanism to stimulate domestic demand and growth, the amount of € 8.50 per hour is also perceived as unreasonably high in the specific circumstances. This concern, together with the administrative burden of proving compliance, cause many to fear that the new minimum wage regime will weaken the attractiveness of the German marketplace. Data privacy concerns continued to capture the news headlines in the aftermath of the Snowden affair and have led to increased scrutiny by German regulators of telecommunication and online services providers. As expected by many, the EU has not agreed to modernize and realign the European approach to data privacy issues and has not passed a data privacy regulation to revamp its outdated 1995 Data Protection Directive. The European Court of Justice, however, issued a landmark ruling on the "right to be forgotten" in relation to online search engines, which clarified jurisdictional issues, the applicability of EU data protection rules to search engines and the scope of  a person’s right to data protection where the information produced by a search engine is inaccurate, inadequate, irrelevant or excessive (ECJ Ruling C-131/12). Expect more to come from this side of the regulatory spectrum. Finally, in the regulatory enforcement arena, consistent with the trend line over the past years, fines continue to increase: Whether it is the US$ 100 million settlement in the Ecclestone matter for alleged bribery in an individual prosecution or the € 1 billion plus fines called by the Federal Cartel Office (FCO – Bundeskartellamt), German enforcement agencies and courts have continued to embrace the concept of big-ticket fines to promote what they perceive as an effective deterrent to corporate and individual wrong-doing.  This Year-End German Law Update aims to update you on the major legal developments of the past year, but also to provide you with information on some future developments that German companies and investors are likely to face over the next months.  Table of Contents   1.   Corporate, M&A   2.   Tax   3.   Regulatory   4.   Insolvency and Restructuring   5.   Labor and Employment   6.   Real Estate   7.   Intellectual Property   8.   Data Privacy   9.   Compliance 10.  Antitrust & Merger Control   1.    Corporate, M&A 1.1.    Corporate, M&A — Shareholders’ Meeting of a Stock Corporation Must Provide Consent Before the Company Can Assume a Fine Imposed upon a Member of Its Executive Board On July 8, 2014, the German Federal Supreme Court (Bundesgerichtshof – BGH) held that the shareholders’ meeting of a stock corporation must grant its consent if the company, represented by its supervisory board, wants to assume a fine or monetary sanction imposed upon a member of its executive board when the fine or sanction is based on criminal or administrative charges and when the conduct resulting in those charges constitutes a breach of the executive’s duties toward the company. Any assumption of such payment obligation by the supervisory board on behalf of the company without the consent of the shareholders’ meeting is void. The court argued that if the company in such a case reimburses the executive for a criminal sanction, the company will cause or intensify the damages that the executive would actually have to compensate. The harm done to the company by assuming the payment obligation goes beyond merely refraining from pursuing damage claims against an executive, which the supervisory board may only in exceptional cases be entitled to do, e.g. when trying to keep a wrongdoing confidential and avoid greater reputational damage to the company. Similar to granting a waiver, however, the assumption of a fine or monetary sanction is not just a failure to act, but constitutes an act that results in a permanent loss to the company. While the company’s assets need to be protected, it is the shareholders who are the ultimate beneficial owners of the company’s assets, not the supervisory board. Thus, before the supervisory board can validly assume a payment obligation imposed on a member of the executive board, it will have to clarify whether the executive’s conduct constitutes a breach of his or her duties toward the company. If it does, prior consent by the shareholders’ meeting will be required; if it does not, the supervisory board will be free to assume the fine on behalf of the company.  This BGH decision will have significant practical consequences and alter the way German stock corporations handle these matters. It has been common practice for German supervisory boards to help settle criminal proceedings against a company’s executive quickly and quietly by assuming the fine or monetary sanction imposed on such executive in order to avoid any negative publicity and to limit the damage to a company’s reputation. The supervisory board usually weighed the pros and cons of such a decision without involving the shareholders’ meeting. Now, the supervisory board can no longer take those decisions without first having answered the question whether the executive’s conduct constitutes a breach of his or her duties to the company. Otherwise, supervisory board members will themselves be exposed to personal liability. In circumstances where it is not clear if the executive’s conduct constitutes a breach of his or her duties toward the company, supervisory board members will be well advised to consider one of the following three options: (a) Not assume the fine at all, (b) assume the fine only subject to the consent of the shareholders’ meeting, or (c) provide the funds necessary to pay the fines to the executive only on a preliminary basis, e.g. based on a loan to the executive that becomes repayable in case (i) the issue cannot be finally resolved despite applying reasonable means or (ii) it turns out that the executive’s conduct actually constitutes a breach of his or her duties to the company, provided, however, that the repayment of the funds is adequately safeguarded. Back to Top 1.2.    Corporate, M&A — German Federal Supreme Court Clarifies Rules on Minimum Compensation in Public Takeovers in Postbank Case On July 29, 2014, the German Federal Supreme Court (Bundesgerichtshof – BGH) decided on the public takeover of Postbank by Deutsche Bank and clarified the rules governing the rights of minority shareholders to claim the so-called minimum compensation in cases where the offer is preceded by stock purchase / option agreements. When a takeover offer is published in Germany, minority shareholders have the right to obtain the "minimum compensation" which equals at least the higher of (i) the average stock price in the last three months before the offer is published and (ii) the compensation paid to, or agreed with, a selling shareholder in the six months before (previous purchases), during (parallel purchases) or in the twelve months after (subsequent purchases) the takeover offer occurs. The facts of the case were as follows: In 2008, Deutsche Bank had entered into an agreement with Postbank‘s majority shareholder regarding (i) the future sale of 29.75% of the Postbank shares and (ii) put- and call options for 18.00% to 20.25% of additional shares. In early 2009 and before closing, this agreement was amended so that Deutsche Bank would only directly purchase 22.9%, and another 12.1% were subject to put-/call-options. In addition, a bond (mandatorily) exchangeable into 27.4% of new Postbank shares was issued to Deutsche Bank. Deutsche Bank then acquired the 22.9% and the bond exchangeable into 27.4%, but waited until late 2010 (i.e. for more than six months) when it launched a takeover offer at a much lower price (because the Postbank stock price had fallen). Minority shareholders then sued Deutsche Bank for the price difference. The BGH held that minority shareholders were eligible to bring a direct claim against the bidder for additional compensation, but only if the compensation offered was indeed too low. In the Postbank case, the preliminary agreements had not been signed within six months before the offer and hence there was no "previous purchase" and Deutsche Bank was not held liable. The Postbank decision provides important guidance on the minimum price rules as well as the rights of minority shareholders. It defines a safe haven for parties who intend to enter into share purchase or option agreements before a takeover offer is launched. However, the last word has not been spoken in this landmark case, as the BGH referred the matter back to the lower court as some important evidence had not been taken into account by the trial judges. Back to Top 1.3.    Corporate, M&A — How to Get Rid of an Unpopular Shareholder Under German corporate law, it is heavily disputed how and under which circumstances a shareholder can be excluded from a company without his or her consent. German courts have recently issued two decisions in that context, one of such decisions dealing with the question whether – in case shares are redeemed – compensation payments may be excluded or reduced due to a gross breach of duty by the relevant shareholder, and the other decision dealing with the question whether so-called Russian roulette or shoot-out clauses are generally void. In its decision dated April 29, 2014, the German Federal Supreme Court (Bundesgerichtshof – BGH) had to decide whether the articles of association of a German private limited liability company (GmbH) may provide for an exclusion or reduction of compensation payments in case the shares are redeemed due to a gross breach of duty by the relevant shareholder. Under German statutory corporate law, a valid redemption of shares generally requires appropriate compensation payments. It has, however, been debated among German legal scholars whether an exclusion or reduction of the compensation payment in case of a gross breach of duty can be considered as an admissible contractual penalty in the form of a forfeiture clause. The BGH has now rejected such notion, stating that (i) a compensation payment is an essential right of each shareholder and may only be excluded in very limited cases where such exclusion is objectively justified (e.g. because the shareholder did not invest any capital or the company is only pursuing non-profit goals) and (ii) a potential exclusion of compensation payments shall, as a general rule, preserve the status quo of the company and not punish the shareholder. Contractual penalties on the other hand shall cause the contractual partner to properly fulfill its contractual obligations or serve as a lump sum compensation. In the court’s view, a total exclusion of the compensation payment is neither an appropriate lump sum compensation, because a gross breach of a shareholder’s duties does not necessarily result in any damage to the company, nor an adequate means to put pressure on the shareholders to properly fulfill their contractual obligations. Given this BGH decision, arrangements excluding or reducing compensation payments in case shares are redeemed due to a gross breach of duty should be avoided in practice, and existing articles of association should be amended accordingly. In another important decision of December 20, 2013, the Higher Regional Court of Nuremberg (Oberlandesgericht Nürnberg – OLG Nürnberg) ruled that so-called "Russian roulette clauses" are not generally considered to be invalid. "Russian roulette clauses" are a way to resolve deadlock situations in companies with two shareholders, each of whom holds 50% of the shares. According to such a clause, each shareholder is entitled to offer its equity interest in the company to the other shareholder at a certain price. The other shareholder then either has the right to accept that offer and acquire the equity interest or is obliged to sell and transfer its equity interest to the offering shareholder at the set price. Even though the prevailing view among German legal scholars is that such clauses are admissible, concerns remained whether a court would hold such clauses to be contra bonos mores and thus invalid. The OLG Nürnberg emphasizes in its decision that such a clause may under specific circumstances be contra bonos mores but that merely the potential risk of abuse (e.g. because one shareholder is financially more powerful than the other and/or knows that a sale of shares is absolutely inconvenient for the other shareholder) does not justify rendering Russian roulette clauses invalid as such. The ruling also applies to similar clauses used to resolve deadlock situations, such as "shoot-out clauses" (where the shareholder that desires to refuse an offer is only allowed to do so by making a higher counter offer to the other shareholder), or clauses by which each of the two shareholders makes a concealed, simultaneous offer, and the shareholder making the higher offer acquires the shares of the other shareholder. Back to Top  1.4.    Corporate, M&A — Gender Quota: All’s Well That Ends Well? On December 11, 2014, the German government coalition agreed on a draft statute on gender quota. The draft legislation aims at gradually increasing the number of females in the governing bodies of large German corporations and will have an impact on the selection of candidates. The draft statute has essentially three components: First, publicly listed corporations that directly or through controlled subsidiaries have 2,000 employees or more, and are thus subject to the Co-Determination Act (Mitbestimmungsgesetz – MitbestG), have to observe a 30% quota of the underrepresented sex (typically females) on their (non-executive) supervisory boards. The quota will apply if – as of January 2016 – a seat on the supervisory board becomes vacant. The board seat will remain vacant in case the quota is not achieved. Currently, 108 corporations are affected by this requirement of the draft legislation. Second, the draft statute introduces a so-called mandatory flexi-quota for corporations that are either publicly listed or subject to the Co-Determination Act. Already from 2015 onwards, these companies must set their own targets and timeline for appropriate gender representation not only in (non-executive) supervisory boards but also in (executive) management boards, and on the top management level(s) below board level. To the extent the underrepresented sex has not yet achieved a quota of 30%, the target may not fall short of the actual status. These requirements apply to approximately 3,500 companies. Third, the draft affects corporations in which a governmental authority holds a stake. To the extent three or more seats in supervisory functions are reserved for government, a gender quota of 30% applies as of 2016. The quota is increased to 50% as of 2018.  The draft statute still needs to be approved by parliament. Considering that the governing parties hold a comfortable majority in parliament, it is expected that the statute will be formally enacted in early 2015. After several years of highly controversial debate, the future gender quota law has the potential for real impact: First of all, it also applies to entities in the legal form of a Société Européenne (Societas Europaea – SE) into which a number of large German corporations converted. And second, the remedy of a vacant seat in case of non-compliance with the quota is a sharp sword as shareholder representatives will risk losing control in supervisory boards if a seat of the shareholder representatives remains empty and the chairman may therefore — in the absence of a tie — no longer have a casting vote. Back to Top 2.    Tax 2.1.    Tax — Cooperation and Automatic Information Exchange Cooperation and automatic information exchange between tax administrations are essential in the fight against tax evasion. An important milestone for the automatic exchange of information is the Foreign Account Tax Compliance Act (FATCA) Agreement entered into between Germany and the United States of America on May 31, 2013. The FATCA Agreement provides, among other things, for the automatic exchange of information between Germany and the United States of America on U.S. account holders who have existing, or open new, accounts with German financial institutions. On July 29, 2014, Germany has finally implemented FATCA into German law. The FATCA Implementation Ordinance stipulates, among other things, the registration requirements for German financial institutions, the identification and due diligence obligations, the collection and transmission of data, and rules on fines if institutions do not comply with the due diligence requirements. A further administrative guideline on the implementation of FATCA and the automatic information exchange is expected to be published at the beginning of 2015. Germany is also an "early adopter" of the Common Reporting and Due Diligence Standard (CRS) that seeks to establish a worldwide, automatic exchange of financial account information between participating jurisdictions. The CRS has been developed by the OECD, working with G20 countries and in close co-operation with the EU. While the CRS draws extensively on the intergovernmental approach to implementing FATCA, the main differences between CRS and FATCA are driven by the multilateral nature of the CRS system and other U.S. specific aspects, in particular the concept of taxation on the basis of citizenship and the presence of a significant and comprehensive FATCA withholding tax. As with FATCA, the comprehensive reporting regime covers not only banks but also other financial institutions such as brokers, certain collective investment vehicles and certain insurance companies. Germany envisages a first reporting of relevant financial account information under CRS for September 2017. Back to Top  2.2.    Tax — Adoption of Final Regulations on the Attribution of Profits to Permanent Establishments On October 10, 2014, the German parliament adopted final regulations on the cross-border profit attribution of permanent establishments, i.e., the profit allocation between a German enterprise and its foreign permanent establishment or a German permanent establishment of a foreign enterprise. The final regulations apply for fiscal years beginning after December 31, 2014 and provide detailed guidance on the application of the Authorized OECD Approach (AOA), which was implemented into German tax law on June 26, 2013. Under the AOA, permanent establishments are treated as independent and separate legal entities with the consequence that the arm’s length principle applies to assumed contractual relationships (internal dealings) between the permanent establishment and other members of the same group. The final regulations now determine in more detail, among other things, the calculation of the income of the permanent establishment and documentation requirements, the allocation of assets, opportunities, risks and capital to permanent establishments, the method by which internal dealings are recognized and further specifications for banks and insurance, construction and exploration companies. Foreign taxpayers with a German permanent establishment should carefully review the German permanent establishment´s tax status and analyze whether the asset and capital allocation as well as the assumed contractual relationship with the German permanent establishment corresponds with the final provisions of the AOA. Back to Top  2.3.    Tax — Decree on Tax Loss Limitation Rules In April 2014, the German tax authorities issued a draft decree on the corporate tax loss limitation rules. The final decree is expected to be issued in early 2015. The new decree will replace the existing decree of July 2008. The draft decree provides, among other things, important guidance on the exemption rules for intragroup restructuring and built-in gains and deals with the mid-year change in ownership. Under the current tax loss limitation rules, tax loss carry forwards of a corporation will be forfeited on a pro rata basis if within a period of five years, more than 25%, but not more than 50%, of the shares in the loss making entity are transferred to the acquirer. If more than 50% are transferred, the loss carry forwards will be forfeited in total. According to the new draft decree, the exemption from the tax loss limitation rules for intragroup restructurings will only apply if the "same person" directly or indirectly owns 100% of the transferring and the acquiring entity of the shares in the loss making company. The exemption will not apply if the ultimate owner of the entities consists of several shareholders, for example in publicly traded companies or in partnership structures. Losses will not be forfeited, either, to the extent these losses do not exceed built-in gains of domestic assets of the loss making entity. However, according to the draft decree, built-in gains of a controlled company in a consolidated group will not prevent the losses from being forfeited if the shares of the ultimate owner of the consolidated group are sold. If the change in ownership occurs during a fiscal year, profits generated until the change in ownership may be offset against losses not yet used, provided the overall result of the fiscal year in which the change in ownership occurs is positive. The profits are allocated by way of an interim financial statement or, if no statement is prepared, the allocation of profits will be estimated. Due to the unusual long period between the issuance of the draft decree and its finalization in early 2015, further amendments on the tax loss carry forward provisions are expected in the final decree. Back to Top 3.    Regulatory 3.1.    Regulatory — Alternative Investment Funds a.    German Investment Act Brought in Line with EU Regulation Even though the German Investment Act (Kapitalanlagegesetzbuch – KAGB) implementing the European Union Directive 2011/61/EU on Alternative Investment Fund Managers (AIFMD) was only adopted in July 2013, it has already undergone a number of amendments. Most notably, the Law on the Adaption of Financial Market Laws (Gesetz zur Anpassung von Gesetzen auf dem Gebiet des Finanzmarktes) which was adopted in July 2014, among other things, amended the distinctive criteria for the classification as an open-ended fund. While the KAGB in its initial version defined open-ended funds as all funds where the investors or shareholders have the right to return their interests or shares at least "once per year", the definition of open-ended funds in the amended version of the KAGB now refers to the Delegated Regulation of the European Commission 694/2014 supplementing AIFMD dated December 17, 2013 (Delegated Regulation AIFMD). As the AIFMD itself did not expressly define open-ended funds, the Delegated Regulation AIFMD bridges this gap and provides for a uniform definition at EU level. The Delegated Regulation AIFMD defines open-ended funds as all funds where the shareholders or unitholders have the right to return their shares or units at least "prior to the commencement of its liquidation phase or wind-down". This change in definition has significantly increased the number of open-ended funds. Managers of alternative investment funds are well advised to take this new understanding of open-ended funds into account when structuring funds in Germany. For further details on the KAGB, please see the 2013 Gibson Dunn Year-End German Law Update, and our publication Germany Adopts Capital Investment Act (KAGB) to Implement the European AIFM Directive. b.    Modified Investment Criteria for German Insurances on the Horizon? The German Investment Ordinance (Anlageverordnung – AnlV) which, among other things, contains investment guidelines and eligible asset class quotas for German insurance companies, stands to be amended in 2015 to re-align the German Investment Ordinance with recent changes of the regulatory framework of German investment law (including the KAGB). The legislative process for these amendments is still in its infancy but experts expect the amended text to come into effect in the course of 2015. Managers of investment funds aiming to market their investment products to German insurance companies are therefore well-advised to monitor closely how the legislative procedure unfolds because the German Investment Ordinance directly limits the extent to which German insurance companies may, for instance, invest in alternative investments or other asset classes. Back to Top 3.2.    Regulatory — Banking: European Central Bank Assumes Role as Watchdog in Eurozone As a reaction to the Eurozone crisis and with a view to establishing a consistent framework for the Eurozone’s financial markets, on November 4, 2014, the European Central Bank (ECB) assumed the supervisory responsibility for significant financial institutions (as defined below) in the Eurozone. According to figures released by the ECB, the bank currently supervises approximately 120 significant financial institutions that account for 82% of the total banking assets in the Eurozone. In this function, the ECB is the leading institution within the so-called Single Supervisory Mechanism (SSM) that was established by two EU regulations adopted in the fall of 2013. Along with the ECB, the SSM also consists of the national supervisory authorities which are supporting the ECB as part of joint supervisory teams set up for each bank. Outside of the framework of the SSM, the national authorities (e.g. Germany’s Federal Financial Supervisory Authority (BaFin)) continue to supervise those smaller domestic banks that are not supervised by the ECB, as these banks do not meet the criteria needed to qualify as "significant financial institutions". A bank will be considered a "significant" financial institution that falls under ECB’s supervision if it meets one of the following five criteria: (i) its asset value exceeds € 30 billion, (ii) its asset value exceeds both € 5 billion and 20% of the respective member state’s GDP, (iii) the bank is among the three most significant banks of the country in which it is located, (iv) the bank has large cross-border activities, or (v) the bank receives, or has applied for, assistance from the Eurozone bailout fund ESM (European Stability Mechanism). In its new role within the SSM, the ECB has far-reaching supervisory and investigative powers. Among other things, it has exclusive responsibility for granting or withdrawing authorizations of any credit institution under EU law. It monitors capital and liquidity requirements, or may even impose stricter capital requirements. Finally, it can levy fines or intervene, if credit institutions are not compliant with regulatory requirements. Back to Top  4.    Insolvency and Restructuring 4.1.    Insolvency and Restructuring – Liability of the Shareholder in Case of Repayment of Revolving Credit Facilities by Group Companies In the context of group financings, typically the question of how to deal with shareholder loans and collateral arises. German law stipulates a tripartite approach in case a borrowing group company becomes distressed: First, shareholder loans are subordinated in case of an insolvency of the borrower, and the shareholder is liable towards an insolvency administrator for shareholder loan repayments made within one year prior to the filing for insolvency. Second, any collateral furnished by a borrower for the benefit of the shareholder in order to secure a shareholder loan within ten years prior to the filing may be challenged and avoided by an insolvency administrator. Third, a shareholder will be liable to the insolvent estate for loan repayments made by the borrowing company to a lender (including an unrelated third party lender) within one year prior to insolvency of the borrowing company, if the shareholder had furnished collateral for such debt for the benefit of the lender. On February 20, 2014, the German Federal Supreme Court (Bundesgerichtshof – BGH) issued an important ruling with respect to revolving credit facilities of group companies secured by shareholder collateral: The court held that in case of a revolving credit line, a (securing) shareholder is liable for the repayment of an amount equal to the difference between the highest utilization amount of the revolving credit line within one year prior to the filing for insolvency and the relevant amount at the point in time when insolvency proceedings are finally opened. According to the BGH, this shall apply even in cases where the revolving credit line was not repaid by the borrower (i.e. the group company) itself, but by a preliminary insolvency administrator appointed at the time of the group company’s filing for insolvency unless the insolvency court issued an order on the prohibition of dispositions by the insolvent debtor. In addition, the BGH stated that prior to insolvency, the shareholder was required to indemnify the group company against repayment claims of the bank, due to the collateral furnished by the shareholder for the benefit of the lender. This ruling is in line with the BGH’s growing tendency in recent years to prohibit evasions of the statutory subordination applicable to shareholder loans. Against this background, any shareholder should continuously assess the relevant insolvency risk of its group companies, being aware of the strict consequences under German insolvency law. Back to Top  4.2.    Insolvency and Restructuring — Bankruptcy of Licensor An analysis of recent developments regarding the insolvency administrator’s right to terminate licenses can be found in Section 7.1 of this 2014 Year End Update. Back to Top  5.    Labor and Employment 5.1.    Labor and Employment –Minimum Wage of € 8.50 per Hour For the first time in history, Germany will have a general minimum wage. Starting from January 2015, every employer will have to pay a minimum wage of € 8.50 per hour (gross). The law is supposed to address a growing number of very low-wage workers (e.g. food delivery personnel working for less than € 2.00 per hour). The government’s goal is to enable all employees to provide for themselves and make sufficient pension contributions. There are several exceptions to the minimum wage: Employees below 18 years of age will not be able to claim the minimum wage if they do not complete a certified occupational training. Also, employees who have been out of a job for more than one year can be paid less than the minimum wage for up to six months. Further, newspaper delivery services will only gradually step up to € 8.50 per hour over a period of two years. Finally, certain industries can keep their (presently lower) wages due to collective bargaining agreements for a period of two years; this particularly applies to the meat processing industry and personnel leasing (temporary employee staffing agencies). There are drastic sanctions that the government can use to enforce the law. Paying below minimum wage is an administrative offense subject to a fine of up to € 500,000. Even though many companies will not be directly affected by the minimum wage as employers, they may still be subject to vicarious liability. A general contractor who uses other companies as subcontractors is liable for the failure to pay minimum wage by such subcontractors and their subcontractors as well as any temp agency serving each of the above. Therefore, it is extremely important for a company to not only review the payroll of its own employees, but also to confirm that its contractors, subcontractors and personnel leasing agencies are paying the statutory minimum wage. To this end, it might become necessary to (i) carefully review the contractor’s offer, to confirm that a minimum wage will be paid; (ii) have contractors, subcontractors and temp agencies guarantee that they pay minimum wage; (iii) request indemnification in case a minimum wage is not paid; and/or (iv) claim security for such indemnification. Back to Top 5.2.    Labor and Employment — Plan to Oust Small Unions The German government wants to limit the number of unions that may bargain on behalf of the employees of one company. Due to a Federal Labor Court decision of four years ago, it is currently possible for any union that has a bargaining agreement ("tariff") with an employer to demand negotiations with the employer on behalf of any of its employees (and support them by strikes), even if there are several unions for one company with conflicting bargaining agreements in place. This situation may not only result in a tremendous administrative burden for the employers but may also lead to a compensation hodgepodge within the company. Furthermore, it can give small groups of skilled professionals like doctors, pilots or train conductors tremendous leverage when pursuing their group interests and claims that could have an effect on the remaining workforce as well. To avoid an abuse of such leverage, the lawmaker plans to codify a "One Plant–One Tariff" rule. A first draft has been issued in October 2014. It calls for an escalating process: First, any union can pursue its interests as it pleases. However, if a conflict with other unions arises in a particular company, this conflict will have to be solved by a poll among the company’s employees. Back to Top  5.3.    Labor and Employment — In-house Lawyers Lose Right to Join Lawyers’ Pension Scheme In a controversial judgment of April 3, 2014, the Federal Social Court (Bundessozialgericht – BSG) has deprived in-house counsel of the right to join the lawyers’ pension scheme (Versorgungswerk). This decision comes as a blow to German in-house lawyers who cherish the Versorgungswerk as a pension scheme that is much more reliable and beneficial than the obligatory statutory pension fund Deutsche Rentenversicherung (DRV). In its judgment, the court goes as far as to state that in-house lawyers are not "attorneys" (a prerequisite to be exempt from the DRV) because they allegedly do not render legal advice as independently as external counsel. The court nonetheless provides a grandfather rule for in-house lawyers who have already been exempt from the DRV, but only to a limited extent. Unfortunately, the exact scope of this grandfather rule is not sufficiently laid out. In any case, lawyers starting with (or switching to) an employer that is not a law firm after April 3, 2014, cannot expect to be exempt from the DRV. In an attempt to remedy this unfortunate situation, in which in-house lawyers are subject to the hodgepodge of two different statutory retirement schemes, lobby organizations have called upon the lawmakers for a solution. Presently, neither the government nor any noteworthy parliamentary group has proposed a solution yet. Back to Top  6.    Real Estate 6.1.    Real Estate — Limitation of Purchaser’s Statutory Rights in Case of Defects Under German statutory law, the seller of a defective object of purchase is entitled to refuse to deliver a supplementary performance (i.e. to remediate the defects or deliver a replacement) if such performance entails disproportionate costs. Since the reform of the German law of obligations in 2002, there has been a dispute as to the conditions under which supplementary performance costs in German real estate transactions are considered disproportionate. On April 4, 2014, the German Federal Supreme Court (Bundesgerichtshof – BGH) ruled that the circumstances of each individual case will determine whether supplementary performance costs are considered disproportionate. According to the BGH, there is, however, an indication for the disproportionate nature of such costs, if the supplementary performance costs exceed either (i) the fair market value of the real property without defects or (ii) 200% of the amount by which the value of the real property is reduced due to the defects. The BGH further held that if the supplementary performance costs are determined to be disproportionate, the purchaser’s claim for damages against the seller concerning the defective object of purchase would be limited to the amount by which the value of the real property was reduced due to the defects. In order to avoid the above described statutory law restrictions, it is advisable to waive such statutory provisions in a real estate purchase agreement and to replace the statutory provisions by a defects remediation scheme, specifically stipulating the rights and obligations of the seller and the purchaser. Back to Top  6.2.    Real Estate — Validity of Written Form Remediation Clauses for Long-Term Lease Agreements In its decisions of January 22, 2014 and April 30, 2014, respectively, the German Federal Supreme Court (Bundesgerichtshof – BGH) held that so-called written form remediation clauses (Schriftformheilungsklauseln) in lease agreements do not bind a real estate purchaser or a beneficiary of a usufruct who assumes the rights and obligations as landlord under a lease agreement.  The written form for lease agreements requires that all material agreements concerning the lease, in particular the lease term, description of the lease premises and the rent amount, must be made in writing. If a lease agreement that is entered into for a period of more than one year does not comply with this written form requirement, mandatory German law allows either lease party to terminate the lease agreement subject to the respective statutory notice period, irrespective of whether or not a fixed lease term was agreed upon. The statutory notice period for commercial lease agreements is six months (less three business days) prior to the end of any calendar quarter. To avoid the risk of termination for non-compliance with the written form requirement, German commercial lease agreements regularly contain a standard written form remediation clause. Pursuant to such clause, the parties of the lease agreement undertake to remediate any defect in the written form upon request of one of the parties. Such standard written form remediation clauses were upheld in several decisions by various Higher Regional Courts (Oberlandesgerichte). While the BGH decisions reject the validity of written form remediation clauses vis-à-vis purchasers or beneficiaries of a usufruct concerning the real property that assume the rights and obligations under a lease agreement as landlord, the BGH did not explicitly comment on the validity of written form remediation clauses in general. This raises the question of whether, and under which conditions, written form remediation clauses are valid in general. In light of such uncertainty, the parties to commercial lease agreements should be obliged to procure that the lease agreements comply with the written form requirement at all time. A thorough review during the due diligence process of German lease agreements with regard to their compliance with the written form requirement will become even more important for transactions involving German real estate. Back to Top  7.    Intellectual Property 7.1.    Insolvency of the Licensor and Non-Exclusive Licenses Following the Higher Regional Court of Munich’s decision of July 2013 in the Qimonda case (for details please refer to the 2013 Year-End German Law Update), a recent decision by the District Court of Munich (Landgericht München) of August 2014 shed additional light on the protection of licensees in the event of an insolvency of the licensor. The District Court of Munich’s decision again involved the question of whether, in a licensor’s bankruptcy, a non-exclusive license can be terminated by the insolvency administrator as a so-called executory contract (i.e. a contract that has not yet been fully performed) pursuant to Section 103 of the German Insolvency Code (Insolvenzordnung – InsO). The Munich court held that — subject to an individual assessment in the particular case — mere freedom to operate-type of licenses (as, for example, part of cross-licensing agreements) with no outstanding obligations (e.g. no ongoing royalty obligations) do not typically qualify as executory contracts and are therefore not subject to a termination right by the insolvency administrator. Although no prevailing case law has yet been created by the German Federal Supreme Court (Bundesgerichtshof – BGH) in this context, this decision provides additional guidance on how to minimize insolvency related pitfalls in license agreements. Back to Top  7.2.    The German Design Act The German Design Act (Gesetz über den rechtlichen Schutz von Design / Designgesetz – DesignG) was renamed and reformed with effect as of January 1, 2014. In line with international practice, one of the most obvious changes is that the outdated term "Geschmacksmuster" (design patent) was replaced by the new term "eingetragenes Design" (registered Design) to adapt to modern and international language habits. Among other changes introduced by the Design Act, the validity of a German design registration can now be challenged before the German Patent and Trade Mark Office (Deutsches Patent- und Markenamt – DPMA). This substitutes the past requirement of filing an expensive and time-consuming action for cancellation before German District Courts. Now, the proprietor of the registered design has to object to the cancellation within one month following the notification by the DPMA to prevent the cancellation without further examination. If the proprietor does object, the design will be examined in depth by experts at a newly formed department at the DPMA who then decide on the possible cancellation. Back to Top  8.    Data Privacy  8.1.    Update Safe Harbor / International Data Transfers The EU–U.S. Safe Harbor Agreement concerning transatlantic data transfers came under increased scrutiny in 2014. The European Parliament urged the EU Commission to suspend the Safe Harbor Agreement, and the European Commission Directorate-General for Justice announced that it would review the Safe Harbor Agreement. The European Court of Justice received a request for a preliminary ruling from the Irish High Court on the compatibility of the Safe Harbor framework with Article 8 of the Charter of Fundamental Rights of the EU. Although the Irish court held that data protection authorities are in principle bound by the Safe Harbor Agreement as long as it is in place, a review of its compatibility with the Charter of Fundamental Rights was considered necessary by the court. Companies should, therefore, not solely rely on Safe Harbor certifications but also initiate additional measures before they transfer data to the U.S.. In this context, German data protection authorities recommend, for instance, that companies (i) check data import policies for potential conflicts with Safe Harbor principles, (ii) verify whether individuals may exercise information rights and (iii) check whether onward transfers to third parties are covered by data transfer agreements or sufficient consent requirements. Back to Top  8.2.    Draft Bill on Standing of Consumer Associations in Data Privacy Proceedings The German legislator intends to strengthen enforcement of data privacy laws by allowing consumer rights associations to bring actions for injunction and demand removal of infringements on behalf of consumers (e.g. the deletion of data which has been collected in breach of data privacy laws). Relevant changes shall be included in the German Act Governing Collective Actions for Injunction (Unterlassungsklagengesetz – UKlaG). The draft has been heavily criticized for creating additional burdens for businesses and the risk of parallel decision-making as well as loss of legal certainty. From a practical perspective, the possibility that consumer associations may demand removal of infringements on behalf consumers may lead to odd results. Online service providers might, for instance, be required to delete relevant user data even though individual users do not oppose to data processing by a particular company. As of today, it remains in doubt whether and in what form the draft law will eventually be enacted and whether collective enforcement will in fact play a significant role in German data privacy law. Back to Top 8.3.    CCTV is Watching You The Higher Administrative Court of Lower-Saxony (Niedersächsisches Oberverwaltungsgericht) delivered an important judgment which clarifies to a great extent the requirements for closed circuit television (CCTV) surveillance. Relevant proceedings were launched after the regional data protection authority ordered the deactivation of CCTV surveillance and deletion of relevant recordings for an office building. The court quashed the order and provided important guidance regarding the implementation of CCTV surveillance in practice. In the case at hand, the cameras would only turn on if they detected movement, were pointed at a fixed observation area, did not have a zoom function, recordings were immediately transferred into a black-box (no monitor observation) which was itself password protected and after ten days, any recordings were deleted automatically. Signs were installed indicating that CCTV was in operation. The court, which defined the term "publicly accessible rooms" broadly as all rooms that are not clearly blocked against public access, held that CCTV measures may be justified when exercising an owner’s right to undisturbed possession of the property and having a legitimate interest of preventing abstract and concrete dangers. Balancing the legitimate privacy interests of the individuals subject to CCTV surveillance, the court above all held that the CCTV in place had not severely intruded into the privacy of individuals because it had not been possible to recognize faces or generate movement profiles. Further, the court held that a storage period of up to 10 working days instead of just three days as typically requested by German data protection authorities would be reasonable in light of the objective to detect crime and given the potential absence of relevant employees due to holidays. Back to Top 8.4.    Facebook Fanpages The Higher Administrative Court of Schleswig-Holstein (Schleswig-Holsteinisches Oberverwaltungsgericht) held that operators of Facebook fanpages are not responsible for user data being further processed by Facebook. The judgment was delivered upon appeal by the regional data protection authority in Schleswig-Holstein which had initially ordered a local chamber of commerce to deactivate its Facebook fanpage. The Higher Administrative Court rejected the notion that the Facebook fanpage operator had data control due to the fact that the fanpage operator had no influence on the technical and legal aspects of the data processing by Facebook itself. Data control may not be derived from the fact that Facebook provides statistical information to operators of fanpages. As a result, the data protection authority did not have the authority to order the fanpage operator to deactivate the fanpage. Back to Top  9.    Compliance 9.1.    Compliance — Increase of Criminal Sanctions for Corruption The German legislator has taken additional steps to tighten its legal framework to fight bribery: Effective September 1, 2014, Germany amended Section 108e of the German Criminal Code (Strafgesetzbuch – StGB) to provide that bribing of members of parliamentary assemblies is punishable by imprisonment of up to five years or monetary fines. Prior to the amendment, bribery of members of legislative bodies (on the domestic federal, state, or municipal level, or the European Parliament) was only punishable when a vote for a ballot or election made in these bodies was bought or sold. The renamed and extensively revised new statutory offense of the "Passive and Active Bribery of Members of Legislative Bodies" extends the scope of the prohibited conduct to immaterial benefits and also covers benefits provided indirectly through a third party. Furthermore, it widens the scope to all members of legislative bodies in Germany on both the federal (Bundestag) and the state level (Landtage), as well as regional authorities (to the extent elected), the European Parliament, legislative assemblies of NGOs, and legislative bodies of foreign states. However, to be qualified as the granting of a benefit and thus as a punishable crime, the intent to achieve a specific action by the representative is required. Accordingly, benefits granted retroactively or in furtherance of the general goodwill are not covered by the punishable conduct. It should be noted, however, that benefits of any kind provided (i) to a foreign (non-German) member of a legislative body, or (ii) to a domestic or foreign government official acting in executive rather than legislative powers are not affected by the amended laws, and remain punishable under the general bribery laws. The amendment enabled Germany to ratify the United Nations Convention against Corruption on November 14, 2014, eleven years after its signing. This brings Germany back in line with the other 140 signatory states that had already ratified the Convention in past years. The amendments call for a review of corporate conduct guidelines and compliance controls to mitigate risks that current practices in lobbying and other political relations in Germany violate the new laws. Back to Top  9.2.     Compliance — Regulatory Action Affecting Corporations and the Healthcare Industry The governing political parties in their Coalition Policy Roadmap (Koalitionsvertrag) have agreed on additional legislation that will impact corporations in general and the healthcare industry in particular. First, the proposed adoption of a Corporate Criminal Code (Verbandsstrafgesetzbuch – VerbStrG) is still on the agenda. While the Coalition Policy Roadmap limited such initiatives to multinational enterprises, the draft bill covers all types of corporations active in Germany, regardless of origin and size. The code for the first time would hold corporations criminally liable for misconduct of their employees, and mandate the authorities to investigate against corporations in case of probable allegations. Sanctions would include monetary fines, warnings, publications of convictions, debarments, and – as a last resort – compulsory liquidation. Fines could be avoided or reduced by implementing adequate compliance procedures, or making voluntary disclosures. While the next formal step in the legislation process was scheduled for the end of 2014, the draft is still under discussion. As yet, it is unclear whether and when the legislative process will move forward. Second, in November 2014, the Bavarian Department of Justice presented a bill to introduce to the conference of state ministers of justice a new criminal offense of "Passive and Active Bribery in the Healthcare Business". The draft proposes the implementation of a new commercial bribery offense. The offense prohibits medical professionals from requesting benefits, and individuals making such benefits to medical professionals, with the intent to achieve a favorable treatment in domestic or foreign competition, or other undue influence on decisions to acquire, prescribe, or release medical products or on the assignment of patients. Contrary to current criminal laws, the new offense will also cover private medical practitioners that are not considered public officials by the courts, even when making decisions on medical treatments paid for by public health insurance. While there is general consensus among political parties on the bill, its enactment is still unclear. The regulatory burden on the healthcare industry active in Germany is further increased by new rules of the (private) German Association for the Self-Monitoring of the Pharmaceutical Industry that came into effect in May 2014 for its members, thereby setting industry standards. These rules include the new Transparency Code, as well as significant amendments to the Cooperation Code with Members of the Healthcare Profession. New provisions include the requirement to publish all benefits of monetary value to members of the healthcare profession. Also, since July 1, 2014, any gifts to such members including those of only nominal value (such as pens or writing pads) are prohibited. Back to Top 9.3.    Compliance — Landmark Enforcements in Corporate Compliance and Corruption Two landmark decisions by the District Court of Munich (Landgericht München I) against individuals opened new chapters in German law enforcement: First, the District Court of Munich handed the former Siemens CFO Heinz-Joachim Neubürger a US$ 20 million judgment for causing civil damages to Siemens by violating his organizational duty as a board member to ensure legal conduct by the company. Notably, the court held, among other things, that: (i) in cases of relevant risk, a board can discharge of its obligation to duly organize the company only by installing an effective compliance system focusing on the prevention of misconduct and risk control, and (ii) all board members are jointly and severally liable for damages resulting from a violation of this obligation. After Mr. Neubürger had launched an appeal against the judgment, Siemens on December 3, 2014, announced that it had reached a final settlement with Mr. Neubürger for an undisclosed settlement amount, thereby abandoning the appeal. Second, on August 5, 2014, a criminal chamber of the District Court of Munich dropped bribery charges against the Formula One (F1) CEO Bernie Ecclestone subject to the payment of a record breaking US$ 100 million in form of a monetary sanction by Ecclestone. Ecclestone had been charged with bribing the former chief risk officer and board member of the state-owned Bavarian State Bank (Bayern LB) Gerhard Gribkowsky in April 2006, by paying US$ 44 million in cash to Gribkowsky to facilitate the sale of the F1 shares held by BayernLB to a purchaser of Ecclestone’s preference. While Gribkowsky in separate proceedings had admitted receipt of the money and was sentenced to eight years imprisonment for passive bribery and tax evasion, Ecclestone denied knowledge about Gribkowsky’s status as a public official, and the prosecution and trial court faced difficulties in demonstrating evidence to the contrary sufficient for Ecclestone’s conviction. For further details on this case, please see the Gibson Dunn Client Alert of August 7, 2014. Both decisions illustrate that the trend over the last several years of aggressive enforcement by authorities and courts against corruption related crimes and the ensuing civil damages continues. This is further demonstrated by the extensive and unprecedented prosecution activities against the former Federal President of Germany, Christian Wulff, for an alleged improper acceptance of hospitality benefits worth less than US$ 1,000 in the year 2012. Wulff was fully acquitted by the Hanover District Court (Landgericht Hannover) on February 27, 2014, and the prosecution office withdrew its initial appeal on June 12, 2014. However, the insistence of the prosecutor’s office to bring the trial to court and the parallel media trial held by the German press forced Wulff to resign as Federal President over the allegations back in 2012. Wulff’s mishandling of the press at the outset of the affair is also a cautionary tale of the importance of communication in addressing crises in the early stages. Back to Top  10.    Antitrust & Merger Control  10.1.    Record Year in Cartel Enforcement Activities The German antitrust watchdog, the Federal Cartel Office (FCO – Bundeskartellamt), had another record year in its antitrust enforcement and fining activities and imposed fines totaling more than € 1 billion in several large cartel investigations. As in the past, the majority of cases came to the FCO’s attention through its leniency program, which – as in much of the world – has become the FCO’s major tool for uncovering secret cartel activity. In January and April 2014, the FCO fined eleven companies, an industry association and 14 individuals at a total of € 338 million for fixing the prices of beer. In February 2014, the FCO imposed fines totaling € 280 million on three major German sugar manufacturers. In July 2014, the FCO fined 21 sausage manufacturers as well as 33 individuals a total amount of approximately € 338 million for concluding illegal price-fixing agreements. In a number of smaller proceedings, the FCO imposed fines against (i) an alleged cartel of wallpaper manufacturers, (ii) a number of service providers for heat exchangers used in power plants for alleged customer allocation, (iii) an alleged price-fixing and bid-rigging cartel of providers of specialist underground mining services, and (iv) the members of an alleged price-fixing agreement for concrete paving stones. Back to Top  10.2.    Extradition of Foreign Nationals to the U.S. for Cartel Participation 2014 presented also a milestone in Germany’s cooperation with U.S. antitrust enforcement agencies. In April 2014, an Italian citizen became the first foreign national to be extradited to the U.S. solely based on an antitrust violation, namely the alleged participation in the marine hose price-fixing cartel. According to the German Act on International Cooperation in Criminal Matters (Gesetz über die Internationale Rechtshilfe in Strafsachen – IRG), the principle of mutual criminal liability applies. As a result, Germany may extradite an individual only if the relevant conduct also constitutes a criminal offense in Germany. This usually applies to breaches of antitrust laws only as far as fraud or bid rigging is concerned, which was found to be the case here. It should be noted, however, that the German Constitution (Grundgesetz – GG) prevents the extradition of German citizens to non-EU countries. Back to Top 10.3.    Guidance on Foreign-to-Foreign Mergers With respect to merger control in international M&A transactions, the Federal Cartel Office (FCO – Bundeskartellamt) published a revised guidance document on "Domestic Effects in Merger Control". The guidance covers so-called foreign-to-foreign mergers, i.e. concentrations between companies which are headquartered outside of Germany, with the aim to reduce the administrative burden for M&A activities that do not meaningfully affect Germany. Mergers without sufficient domestic effects as described in these guidelines do not have to be notified to, nor reviewed by, the FCO. For further details on the FCO’s guidance to foreign-to-foreign mergers, please see the Gibson Dunn Client Alert of October 9, 2014.  Back to Top 10.4.    Revised Block Exemption Regulation for Technology Licensing Effective May 1, 2014, the European Commission enacted a revised block exemption regulation, governing technology transfer and licensing agreements, that is directly applicable in Germany. Simultaneously, the European Commission issued supplementary guidelines concerning the application of the regulation. The revised regulation and guidelines include a number of substantive changes that affect many aspects of the current "safe harbor" regime applicable to technology transfer agreements under the block exemption route, including revisions to the catalogue of "hard-core" (i.e., virtually "per se" rules) and excluded restrictions, more extensive guidance regarding the compatibility of technology pools with EU antitrust rules and guidance on settlement agreements in IP disputes. The 2014 block exemption regulation provides for a rather short, one-year transition period, i.e. until April 30, 2015, for existing technology transfer / technology licensing agreements exempted under the prior regime from 2004, for alignment with the changes introduced by the new regime. The 2014 block exemption regulation and its accompanying guidelines can be found at the European Commission’s website. For further details please see the Gibson Dunn Client Alert of April 30, 2014. Back to Top    Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. The Munich office of Gibson Dunn brings together lawyers with extensive knowledge of corporate, M&A, tax, labor, real estate, antitrust, intellectual property law and extensive compliance / white collar crime experience. The Munich office is comprised of seasoned lawyers with a breadth of experience who have assisted clients in various industries and in jurisdictions around the world. Our German lawyers work closely with the firm’s practice groups in other jurisdictions to provide cutting-edge legal advice and guidance in the most complex transactions and legal matters. For further information, please contact the Gibson Dunn lawyer with whom you usually work or any of the following members of the Munich office: General Corporate, Corporate Transactions and Capital MarketsLutz Englisch (+49 89 189 33 150), lenglisch@gibsondunn.com)Philip Martinius (+49 89 189 33 121, pmartinius@gibsondunn.com)Markus Nauheim (+49 89 189 33 122, mnauheim@gibsondunn.com)Birgit Friedl (+49 89 189 33 110, bfriedl@gibsondunn.com) Finance, Restructuring and InsolvencyBirgit Friedl (+49 89 189 33 110, bfriedl@gibsondunn.com)Marcus Geiss (+49 89 189 33 122, mgeiss@gibsondunn.com)Hubertus Schröder (+49 89 189 33 150, hschroeder@gibsondunn.com) TaxHans Martin Schmid (+49 89 189 33 110, mschmid@gibsondunn.com) Labor LawMark Zimmer (+49 89 189 33 130, mzimmer@gibsondunn.com) Real EstatePeter Decker (+49 89 189 33 115, pdecker@gibsondunn.com)Daniel Gebauer (+ 49 89 189 33 115, dgebauer@gibsondunn.com) Antitrust and Intellectual Property Michael Walther (+49 89 189 33 180, mwalther@gibsondunn.com)Kai Gesing (+49 89 189 33 180, kgesing@gibsondunn.com) Corporate Compliance / White Collar MattersBenno Schwarz (+49 89 189 33 110, bschwarz@gibsondunn.com)Michael Walther (+49 89 189 33 180, mwalther@gibsondunn.com)Mark Zimmer (+49 89 189 33 130, mzimmer@gibsondunn.com)Eike Grunert (+49 89 189 33 121, egrunert@gibsondunn.com)  © 2015 Gibson, Dunn & Crutcher LLP Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

February 16, 2015 |
2014 Year-End Update on Corporate Non-Prosecution Agreements and Deferred Prosecution Agreements (Bloomberg BNA’s Securities Regulation & Law Report)

Washington, D.C. partners F. Joseph Warin, Michael Diamant and associate Melissa Farrar are authors of "2014 Year-End Update on Corporate Non-Prosecution Agreements and Deferred Prosecution Agreements" [PDF] which was published February 16, 2015 in Bloomberg BNA’s Securities Regulation & Law Report.   The article focuses on two developments in the NPA and DPA arena in 2014: 1) DOJ took the rare step of extending three NPA and DPA agreements that were set to expire for terms of up to three years to support on-going investigations; and 2) many in the judiciary have taken note of DPAs in recent years and—in part because of their finality in lieu of trial—begun subjecting DPA terms to substantially increased scrutiny.

January 16, 2015 |
2014: The Year of the ‘Mega Breach’

Los Angeles of counsel Eric D. Vandevelde is the author of "2014: the year of the ‘mega breach’" [PDF] published in the January 16, 2014 issue of the Los Angeles Daily Journal.

July 15, 2015 |
2015 Mid-Year E-Discovery Update

Progress on Some Fronts, But Significant Dangers Remain, and New Dangers Emerge E-discovery remains an incredibly rich and rapidly developing field, as the many developments on which we report from just the first half of 2015 attest. We are seeing progress in some areas (e.g., predictive coding, cost recovery, and rule amendments), remaining dangers in others (e.g., sanctions, preservation, and cross-border discovery), and new dangers emerging (e.g., text messaging, mobile devices, and e-discovery vendor selection). We encourage you to read all the content below, but we recognize there is a lot. So, you may want to approach it one topic at a time. Our 2015 Mid-Year E-Discovery Update covers the following (click on headings to go to full section): Text Messaging and Mobile Devices: Text (aka instant) messaging and mobile devices are shaping up to be the new frontier in e-discovery. Texts and instant messages are increasingly at issue in investigations and litigation. But extracting them from mobile devices can be expensive and time consuming, if possible at all. Consequently, companies should consider implementing appropriate controls over employees’ business-related text and instant messaging, particularly on mobile devices.  Information Governance: Information governance (or "IG") has been the "next big thing" in e-discovery over the past couple of years. Like all "next big things," the early breathless hype about "IG" is beginning to fade. Companies are eschewing grand plans to implement information governance programs on every nook and cranny of their information systems, and are instead focusing on high-yielding, low-hanging fruit such as email and disposing of legacy backups. The Internet of Things: "IoT" is being promoted by some in the e-discovery world as the next, next big thing. To us, it seems to require a rather fertile imagination to identify circumstances where IoT data would be relevant to most business disputes. Nevertheless, companies should consider the legal significance of the IoT data in their possession, custody or control and, if determined to be necessary, have a process in place for preserving and extracting this data, should the need arise. Predictive Coding: Predictive coding continues to be the big underachiever of e-discovery. There may be a number of reasons why it is not being utilized more, despite its potential to significantly reduce the costs and time required for document review. One, for certain, has been the perception that disclosing irrelevant documents and coding decisions from training sets will be required of those who wish to use predictive coding. Magistrate Judge Andrew Peck of the Southern District of New York has sought to dispel that perception in Rio Tinto PLC v. Vale S.A., in which he identifies a number of more palatable alternatives that make such disclosure unnecessary. Sanctions: Sanctions are an ever-present danger in the e-discovery world. Continuing a trend that we have seen in recent years, sanctions were imposed not only for spoliation–i.e., failing to preserve relevant information after a duty to preserve arose–but also for delayed productions of relevant and responsive information. Preservation: Courts issued several interesting decisions in the first half of 2015 regarding (1) the trigger of the duty to preserve, (2) the extent to which the duty reaches data in the possession of non-parties, and (3) the subject matter scope of the duty. E-Discovery Cost Recovery: Prevailing parties increasingly are seeking to recover a portion of their e-discovery costs upon conclusion of their litigation pursuant to 28 U.S.C. § 1920(4), which permits the taxing of "[f]ees for exemplification and the costs of making copies of any materials where the copies are necessarily obtained for use in the case." Courts are increasingly granting recovery of e-discovery costs beyond just those related to the conversion of electronic documents to TIFF format. Discovery of Social Media: Reflecting that the use of social media continues to proliferate in business and social contexts, and that its importance is increasing in litigation, the number of cases focusing on the discovery of social media continued to skyrocket in the first half of 2015. Courts are still struggling to develop rules and protocols applicable to social media evidence, including whether special authentication rules should govern social media evidence, what threshold showing of relevance must be made before discovery should be allowed, when the duty to preserve social media evidence arises, what role privacy rights should play in social media discovery, and who should bear the burden of review. Governmental Investigations: Courts continue to grapple with how to apply e-discovery concepts to governmental investigations. For example, courts have had to balance Fourth Amendment rights with the opportunities for discovery created by the Stored Communications Act (SCA), 18 U.S.C. §§ 2700 et. seq,, which permits access to the files of technological intermediaries, such as Internet service providers and cell phone providers. E-Discovery Vendor Developments: With respect to e-discovery service providers (aka vendors), in some respects it is the best of times and in others it is the worst of times. Much of the market is immature, with a dizzying array of vendors and consumers not well equipped to distinguish among them. Aggressive sales tactics are common, and attempts at consumerizing e-discovery technology and services are a troubling new trend. Federal Rule Amendments: It has taken an interplanetary probe nine and one half years to travel to Pluto, so the five years that the latest e-discovery amendments to the Federal Rules of Civil Procedure have taken to come to fruition seems pretty good in comparison (by cosmic standards, at least). The Supreme Court approved their adoption in April, leaving Congress as the only potential obstacle to their implementation in December (what possibly could go wrong?). The sanctions rule amendment may make a significant difference, so the wait will likely be worth it. International E-Discovery Developments: The cross-border transfer and disclosure of information remains challenge for multinational corporations. The proliferation of data localization laws such as China’s State Secret laws have led companies and their counsel to increasingly process and review documents locally. In Europe, the EU-US Safe Harbor Framework, which allows certified US companies to transfer personal data outside Europe if they meet certain requirements, is being amended with the goal of stricter compliance with EU data privacy provisions. At the same time, the Framework’s adequacy is being challenged before the European Court of Justice. Text Messages and Mobile Devices Text (aka instant) messaging and mobile devices are shaping up to be the new frontier in e-discovery. In 2013, the Pew Research Center reported that 91 percent of American adults owned a mobile phone and 81 percent used their phone to send or receive text or instant messages. See Pew Research Center, Cell Phone Activities 2013 (Sept. 16, 2013). An open question, however, was how often text messaging is used for business-related communications. A RingCentral survey found that 79 percent of respondents used text messaging for business purposes, and 32 percent had closed a business deal by text message. See Gareth Evans and Lauren Eber, Is Instant Messaging The Next Email?, Inside Counsel (Nov. 1, 2013). Since then, text messages have increasingly played a role in high profile controversies. Relevant text messages are now more commonly sought in governmental and other investigations, and are occasionally at issue in civil litigation. Text messages sent and received on mobile device apps may feature an even greater degree of casual banter than emails. Users may engage in such casual communication assuming that their messages are "off the radar" because they are not going through company servers. Text messaging apps often store messages in databases on the mobile device, however, and "deleted" messages may still be extracted, though it can be expensive and difficult to do so (and such deleted messages are generally considered to be inaccessible). See Gareth Evans and Veeral Gosalia, The Coming Storm: Companies Must Be Prepared to Deal With Text Messages on Employee Mobile Devices, 15 Digital Discovery & e-Evidence (Bloomberg BNA, June 25, 2015).  Most often, text messages are not for business purposes and they are not relevant to the issues in litigation and investigations. But, occasionally they are, and as we reported in our 2014 Year-End E-Discovery Update, text messaging and mobile devices have increasingly become the subject of sanctions decisions. An example from the first half of 2015 is Clear-View Technologies, Inc. v. Rasnick, No. 13-cv-02744-BLF, 2015 WL 2251005 (N.D. Cal. May 13, 2015). Although primarily focused on when the duty to preserve was triggered–the court held it was approximately two years before the suit was filed–the case is noteworthy for what the court found should have been preserved. The court sanctioned defendants for, among other things, having deleted relevant text messages and having "lost or thr[own] away" several mobile devices (including iPhones and an iPad) used to access relevant communications and documents. See id. at *5. The case reflects that where unique and relevant electronically stored information is contained in text messages and stored on mobile devices, courts increasingly will hold parties responsible for their preservation. Companies may mitigate the risks associated with discovery of text messaging, including BYOD policies, implementing "sandboxes" (separate spaces for work apps) on employees’ mobile devices, and requiring the use of enterprise texting apps that are journaled or backed up onto company servers. We expect preservation of relevant text messages and other data on mobile devices to be an increasingly common and important issue in the future. See The Coming Storm, supra, 15 Digital Discovery & e-Evidence (June 25, 2015). Back to Top Information Governance Information governance has been the "next big thing" in e-discovery over the past couple of years. Like all "next big things," the early breathless hype about "IG" is beginning to fade as the next "next big thing" comes around the corner with its own trendy acronym ("IoT"–Internet of Things–anyone?). Early visions of grand information governance projects–including automated classification of documents for disposal using predictive coding algorithms–have, for the most part, not yet gained much traction in the business community. IG was earlier conceived as an integrated approach to records management providing an overall framework for managing, organizing, and defensibly deleting data throughout an organization. It is a worthy goal whose time will likely come, eventually. In the meantime, companies are focusing their efforts on low hanging fruit that can provide bountiful harvests. The most prominent of these more attainable projects have consisted of implementing e-mail retention and defensible deletion policies, and defensible disposal of legacy backups.  In addition to retention and disposal programs, there is a growing trend towards adoption of "data minimization" policies, which can have practical benefits in both the legal and business spheres. Data minimization policies encourage employees to reduce the volume of data they generate–focusing on the front-end creation practices rather than the back-end storage and deletion practices. Such programs may not solve all the problems that IG seeks to address, but they may make a difference. An important issue that has not yet received a lot of attention, but for which there is an increasingly pressing need to address, is the need to have enterprise controls–such as journaling and defensible disposal–applied to work-related text messages on mobile devices. Absent some form of information governance applied to employee texting, the risks of exploding litigation costs (extracting data directly from mobile devices is time consuming and expensive, if it works at all) and spoliation sanctions may increase considerably as more employees use texts for business-related messaging. If there is a "next big thing" within information governance, addressing work-related text messaging on mobile devices should be it.  See Gareth Evans and Veeral Gosalia, The Coming Storm: Companies Must Be Prepared to Deal with Text Messages on Employee Mobile Devices, 15 Digital Discovery & e-Evidence (Bloomberg BNA June 25, 2015). Back to Top The "Internet of Things" One of the newest technological advances that could, hypothetically, complicate parties’ preservation and collection obligations is the growing web of interconnected, data-receiving and data generating devices referred to as the Internet of Things (often referred to as the "IoT").  Indeed, in some e-discovery circles, the IoT appears to have become the NBT (that is, the "next big thing"), prominently included at the top of e-discovery discussion agendas, and joining the ranks of past breathlessly hyped topics such as early case assessment ("ECA"), discovery of ESI stored in the cloud, and information governance ("IG"). It is too soon to tell whether IoT will become truly important in significant corporate litigation and investigations, but we expect that it will be the relatively rare exception rather than the rule. IoT has been described as an "ecosystem of interconnected sensory devices performing coordinated, pre-programmed–and often learned–tasks" that differs from the traditional Internet because it operates without the necessity for active human input. See Elizabeth McGinn & Ty Yankov, Trading Beyond Fear: eDiscovery of the Internet of Things, Electronic Commerce & Law Report, 20 ECLR 562, Apr. 15, 2015. Data-collecting sensors that feed into this network may one day become a part of daily life–take, for example, fitness-tracking devices that monitor vital signs, sending a constant stream of data to the cloud for storage and future analysis. Additionally, many household items such as garage door openers, thermostats, alarm systems and appliances are already IoT enabled, with automobiles and medical devices soon to follow. According to a 2013 poll, 96 percent of surveyed senior executives said they expected their businesses to utilize IoT within the next three years. Clint Witchalls, The Internet of Things Business Index: A Quiet Revolution Gathers Pace, The Economist (Oct. 29, 2013). IoT’s implications for data preservation and collection are complicated due to the fact that this data is not "created" by humans, but rather by devices, with the data processed and stored on the cloud. One question courts are likely to have to address is who controls such cloud data for disclosure purposes–potential options are the device manufacturer, the party that monitors an individual’s data, or the individual from whom the data is collected. Although the question of data control can largely be addressed by contracts between parties, there are likely to be at least some contracts that do not cover the issue, and courts will be left to decide based on applicable rules of civil procedure. Applying Federal Rule of Civil Procedure 34(a), which requires litigants to produce ESI that is in their "possession, custody, or control," courts may look to how a party uses the relevant data to determine if that party is "in control" of that data. See Brown v. Tellermate Holdings, Ltd., No. 2:11-cv-112, 2014 WL 2987051 (S.D. Ohio July 1, 2014) (plaintiff controlled cloud-based financial data). However, much remains to be seen in this emerging area. Despite these issues, IoT should not yet strike fear into the hearts of business litigators. To us, it seems to require a rather fertile imagination to identify circumstances where IoT data would be relevant to a business dispute. Nevertheless, companies should consider the legal significance of the IoT data in their possession, custody or control and, if determined to be necessary, have a process in place for preserving and extracting this data, should the need arise. Back to Top Predictive Coding The most important predictive coding case of the first half of 2015–Rio Tinto PLC v. Vale S.A., 306 F.R.D. 125 (S.N.D.Y. 2015)–did not involve an actual dispute: the parties stipulated to a predictive coding protocol, which the court approved. Nevertheless, Magistrate Judge Andrew Peck wrote an opinion that provides significant guidance to litigants regarding the use of predictive coding (commonly referred to as "Technology Assisted Review" or "TAR," a nomenclature with which we are not particularly enamored, as there are various types of technology assisted review in addition to predictive coding). Of particular significance, Judge Peck wrote in Rio Tinto that sharing training sets of documents–including the irrelevant documents in the training set and counsel’s coding decisions on them–is not necessary to ensure that the predictive coding model was trained appropriately. Rather, Judge Peck pointed out that there are alternatives to producing the training documents and coding decisions. See id. at 128-129. To understand the importance of this statement in Rio Tinto, it’s helpful to know some of the backstory. Three years ago, in Da Silva Moore v. Publicis Group, Judge Peck issued the first published decision recognizing predictive coding as an "acceptable way to search for relevant ESI in appropriate cases." Da Silva Moore v. Publicis Group, 287 F.R.D. 182, 183 (S.D.N.Y. 2012). Predictive coding had been available for some time, but it generally wasn’t being used. Judge Peck knew that attorneys who were aware of predictive coding were nevertheless reluctant to use it because no court had approved it. Thus, he wrote in Da Silva Moore that "[c]ounsel no longer have to worry about being the ‘first’ or ‘guinea pig’ for judicial acceptance of [predictive coding]." See id. at 193.  Judge Peck wrote that "[w]hat the Bar should take away from this Opinion is that [predictive coding] is an available tool and should be seriously considered for use in large-data-volume cases where it may save the producing party (or both parties) significant amounts of legal fees in document review." Id. So what’s happened since then? Despite Judge Peck’s endorsement of predictive coding in Da Silva Moore, and the rulings of a significant number of other courts either encouraging or approving the use of predictive coding, it generally has not caught on–certainly not to the extent that many thought it would have after Da Silva Moore. Why? One commentator recently opined that it’s not because of software makers, vendors, judges, governmental investigators or clients, many of whom favor and promote its use, but rather it’s due to litigation counsel "not understanding the value of TAR" in appropriate cases. See Geoffrey A. Vance, Confessions of an E-Discovery Lawyer: We’re Light Years Behind, LegalTech News (June 23, 2015). There may be some truth to this, but we think the story is more complex, as it does not reflect the role of opposing counsel, who have been known to seek to effectively preclude the responding party’s ability to use predictive coding by demanding conditions that the responding party will likely find unacceptable (often referred to as the "TAR tax"). Probably the greatest impediment to the use of predictive coding has been the argument that the party seeking to use it should agree to share its coding decisions on the documents used to train the predictive coding model, including providing to the opposing party the irrelevant documents in the training sets. Indeed, a certain mythology has developed that the "transparency and cooperation" that commentators and courts have encouraged in connection with predictive coding means that a party must provide these irrelevant documents to the other side. See, e.g., our discussion of the Progressive v. Delaney decision in our 2014 Year-End E-Discovery Update. When many lawyers and clients hear that they may need to share documents that are not relevant to the litigation with opposing counsel, they want nothing to do with predictive coding. Many also consider counsel’s coding decisions on the training set to be protected attorney work product. See, e.g., John M. Facciola & Philip J. Favro, Safeguarding the Seed Set: Why Seed Set Documents May Be Entitled To Work Product Protection, 8 Fed. Cts. L.Rev. 1 (2015). In Rio Tinto, Judge Peck has sought to resolve this divisive issue. First, he points out that the courts have developed a significant amount of comfort with predictive coding in the three years since Da Silva Moore. "[T]he case law has developed to the point that it is now black letter law that where the producing party wants to utilize TAR for document review, courts will permit it." Rio Tinto PLC, 306 F.R.D. at 127. Second, he points out that predictive coding also can no longer be considered an "unproven technology." Judge Peck quotes the Dynamo Holdings decision of last year, in which the court stated that "In fact, we understand that the technology industry now considers predictive coding to be widely accepted for limiting e-discovery to relevant documents and effecting discovery of ESI without an undue burden." Id. (quoting Dynamo Holdings Ltd. P’Ship v. Comm’r of Internal Revenue, 143 T.C. 9, 2014 WL 4636526 at *5 (T.C. Sept. 17, 2014). Third, Judge Peck cites studies that the contents of the "seed set" are much less significant with tools using "continuous active learning" in which the model is continually trained as reviewers review all documents identified as potentially relevant. See id., 306 F.R.D. at 127. Fourth, and most significantly, Judge Peck points out that there are alternatives to sharing coding decisions on the training set to insure the defensibility of a predictive coding protocol. "[R]equesting parties can insure that training and review was done appropriately by other means, such as statistical estimation of recall at the conclusion of the review as well as by whether there are gaps in the production, and quality control review of samples from the documents categorized as non-responsive." See id., 306 F.R.D. at 128-29. See also Gareth Evans and David Grant, Metrics that Matter: Van Halen, M&Ms and Metrics in E-Discovery (2015 White Paper). Judge Peck, of course, recognizes that it should be up to the responding party to decide what search and review methodology to use and that, as before, the developments since Da Silva Moore do "not mean [predictive coding] must be used in all cases." See id. at 126 (quoting Da Silva Moore, 287 F.R.D. at 193). Indeed, he points out that "[i]n contrast, where the requesting party has sought to force the producing party to use TAR, the courts have refused." Id., 306 F.R.D. at 127 n.1 (listing cases). There were other decisions involving predictive coding during the first half of 2015.  The District of Connecticut approved an ESI stipulation that explicitly provided that a responding party "need not share the intricacies of [its production] methodology unless and until there is a good faith allegation of a violation of Rule 26."  Thus, if a party opted to use predictive coding it need only "disclose its intent to use that technology and the name of the review tool." Connecticut Gen. Life Ins. Co. v. Health Diagnostic Lab., Inc., No. 3:14-cv-01519, 2015 WL 417120 (D. Conn. Jan. 28, 2015).  The District of Nebraska recognized that "[p]redictive coding is now promoted (and gaining acceptance) as not only a more efficient and cost effective method of ESI review, but a more accurate one." Malone v. Kantner Ingredients, Inc., No. 4:12-cv-3190, 2015 WL 1470334, at *3 n.7 (D. Neb. Mar. 31, 2015). In Chevron Corp. v. Snaider, No. 14-cv-01354-RBJ-KMT, 2015 WL 226110 (D. Col. Jan. 15, 2015), the district court refused to quash a subpoena seeking discovery into an international racketeering scheme, rejecting the resisting party’s undue burden objections in part because "Snaider does not address the likelihood that in a case such as this computer-assisted review would no doubt be invoked, and while that is costly, it is much more efficient than assigning individuals to review a large volume of paperwork."  Id. at *11, n.9. Thus, in the first half of 2015, more courts have referred to predictive coding as a viable option for document search and review, and Judge Andrew Peck in his Rio Tinto decision has helped develop a more well thought-out predictive coding jurisprudence, the need for which we lamented in our 2014 Year-End E-Discovery Update. Back to Top Sanctions Many of the sanctions cases in 2015 have grappled more with the type of conduct that justifies imposition of sanctions, rather than the question of what type of sanctions are appropriate. Continuing a trend that we have seen in recent years, sanctions were imposed not only for spoliation–i.e., failing to preserve relevant information after a duty to preserve arose–but also for delayed production of relevant and responsive information. Failure to Preserve The first half of 2015 has already seen several important sanctions decisions dealing with spoliation. As usual, these decisions echo a persistent theme: the importance of implementing a timely and effective litigation hold. In Clear-View Technologies, 2015 WL 2251005, Magistrate Judge Paul Grewal of the Northern District of California found defendants had an obligation to preserve evidence once the plaintiff’s CEO sent them text messages threatening a lawsuit, which occurred a full two years before the suit was filed. See id. at *7. After receiving these text messages, Defendants intentionally deleted relevant documents, failed to implement a hold or monitoring policy, and ran a "Crap Cleaner" software to wipe files on a laptop while plaintiffs’ motion to compel was pending. See id. at *1, *7. As is often the case in sanctions cases, bad facts invite the court to make an example of defendants, and here the court imposed severe sanctions for spoliation of evidence–a joint monetary sanction of $212,320 against defendants and defense counsel and an adverse jury instruction. See id. at *8 & n. 90. While this case garnered attention for the harshness of the sanctions, its most important takeaway is that courts may find that informal communications, such as text messages, may be sufficient to trigger the duty to preserve evidence. Indeed, the court made clear that, in its view, there was no doubt that defendants were on notice of foreseeable litigation in this case–"[t]his call is not even close." Id. at *7. In Fidelity Nat. Title Ins. Co. v. Captiva Lake Inv., LLC, No. 4:10-CV-1890, 2015 WL 94560 (E.D. Mo. Jan. 7, 2015), the court imposed sanctions on a plaintiff whose failure to institute a litigation hold resulted in the mass deletion of relevant emails. Following a protracted dispute between the parties regarding the adequacy of plaintiff’s production of ESI, the court granted defendant’s request for a specialist to examine plaintiff’s computer systems. The specialist found, among other things, that plaintiff (1) had not instituted a litigation hold, (2) did not conduct a systematic search of its computer systems for discoverable information, (3) and allowed a contractor to delete as many as 13 million emails after the commencement of litigation. See id. at *2. The court found that the email deletions likely caused the loss of discoverable emails and that the defendant was prejudiced by the loss of these emails. See id. at *3. Significantly, the court held that the plaintiff’s "failure to implement a litigation hold . . . establishes the necessary intent to support the imposition of sanctions." Id. Based on these findings, the court issued an adverse inference instruction with respect to the deleted emails and ordered plaintiff to pay fees and expenses related to the delay caused by its "mishandling of discovery." Id. at *7. In a rare appellate decision on spoliation, Blue Sky Travel & Tours, LLC v. Al Tayyar, No. 13-2500, 2015 WL 1451636 (4th Cir. Mar. 31, 2015), the Fourth Circuit vacated sanctions for spoliation imposed by a lower court after finding the lower court applied the incorrect standard when assessing a defendant’s duty to preserve evidence. The Fourth Circuit took the opportunity to clarify both the scope of a litigant’s duty to preserve and the purpose of a litigation hold. In the underlying trial court case, Defendant ATG repeatedly failed to produce copies of certain original invoices that it was ordered to turn over by the magistrate judge. ATG claimed it did not have these invoices because its document retention practice was to discard the original invoices after transcribing the information contained in these invoices into a Microsoft Excel spreadsheet. See id. at *3. The magistrate judge rejected this argument and held that once litigation commenced, ATG had an obligation to discontinue its document retention policies and preserve "all documents." Id. at *8 (emphasis in original). Finding ATG liable for spoliation, the magistrate judge issued an adverse jury instruction, which "effectively relieved [plaintiff] of its burden to prove its damages claim for lost profits." Id. The magistrate judge’s rulings were upheld by the district court. On appeal, however, the Fourth Circuit found that the magistrate judge and district court had applied the incorrect standard to ATG’s duty to preserve evidence, stating "a party is not required to preserve all its documents but rather only documents that the party knew or should have known were, or could be, relevant to the parties’ dispute." Id. at *8 (emphasis added). A final noteworthy recent decision is Malibu Media, LLC v. Tashiro, No. 1:13-CV-00205, 2015 WL 2371597 (S.D. Ind. May 18, 2015), which presents a thorough analysis regarding whether a court may issue a sanction for spoliation of evidence where a party intentionally deletes electronic files that may be subsequently recovered. Plaintiff brought suit against defendants, a married couple, alleging they had used a BitTorrent client to illegally download and distribute plaintiff’s copyrighted works. During discovery, defendants agreed to produce their hard drives for forensic analysis. Plaintiff’s expert determined that a large number of files were permanently deleted from the hard drives the very night before the hard drives were produced. See id. at *1-*2. Defendants’ expert agreed that files were deleted from the hard drives but claimed that he was able to recover all of the deleted files. See id. at *2.  Plaintiff contended defendants had destroyed evidence by deleting the files that would have exposed them to liability. See id. at *17. Defendants countered that no spoliation had occurred because all the deleted files were recoverable and plaintiff was thus not prejudiced by the "deletions." See id. at *18. The magistrate judge sided with plaintiff, finding defendants liable for spoliation because it was "highly likely" that the files were deleted and unrecoverable, id. at *19, and because defendants had deleted these files in bad faith, see id. at*13-*19. Significantly, the magistrate judge went on to explain that even if the deleted files were recoverable, defendants would not have been absolved of liability for spoliation. See id. at *19. As a practical matter, the magistrate judge noted that the "mere deletion of files has evidentiary ramifications" as it can alter the metadata associated with those files. Id. at *21. But more importantly, the magistrate judge rejected defendants’ assertion that a permanent loss of evidence is a prerequisite to a finding of spoliation. See id. at *19. To the contrary, the magistrate judge stated that "the Seventh Circuit has implicitly acknowledged that recovery of deleted or destroyed evidence does not preclude entry of sanctions." Id. at *21 (citing Barnhill v. United States, 11 F.3d 1360, 1367-68 (7th Cir. 1993)). According to the magistrate judge, the recoverability of the files would not change the fact that defendants "attempted to work a fraud on this Court, obstruct Plaintiff’s pursuit of its case, and subvert the judicial process." Id. Accordingly, "even if [defendants’] conduct had not harmed Plaintiff, the Court would not allow [their] attempted fraud to go unpunished." Id. In the end, the magistrate judge imposed the most severe sanction against defendants–an entry of default judgment–because in addition to spoiling evidence, the defendants had committed perjury by making false representations regarding the evidence during their depositions. See id. at *37-*38. Significantly, it appears that this decision may have come out very differently if the pending amendment to Federal Rule of Civil Procedure 37(e) had been in effect, as it forecloses the imposition of sanctions if the deleted information can be recovered or obtained from other sources. Failure to Produce As we have increasingly seen in recent years, courts in the first half of 2015 addressed whether sanctions should be imposed because of delayed productions.  In Oracle Am., Inc. v. Terix Computer Co., Inc., No. 5:13-CV-03385, 2015 WL 2398993 (N.D. Cal. May 19, 2015) (Grewal, Mag.), plaintiffs learned of the existence of a laptop containing relevant information during a deposition of one defendant’s employee at the close of fact discovery. See id. at *2-*3. Although defendants later produced the laptop, plaintiffs moved for sanctions, alleging defendants intentionally withheld the laptop. See id. at *3. The magistrate judge declined to impose sanctions after finding there was insufficient evidence that defendants had acted in bad faith. Id. at *4. Specifically, plaintiffs failed to show that defendants intentionally misrepresented the existence of this laptop. Id. "[W]ithout clear evidence of bad faith," the magistrate judge noted, it would be inappropriate to sanction defendants for their initial failure to produce the laptop. Id.     Likewise, in Logtale, Ltd. v. IKOR, Inc., No. C-11-5452, 2015 WL 581513 (N.D. Cal. Feb. 11, 2015) (Ryu, Mag.), the court considered the appropriate sanctions for defendant’s repeated failures to produce responsive documents in accordance with court-ordered deadlines. See id. at *3. Because plaintiffs failed to offer "any argument or evidence" with respect to defendant’s willfulness, fault, or bad faith, the magistrate judge declined to impose a terminating sanction. See id. at *3-4. However, the magistrate judge ordered defendants to pay for plaintiff’s reasonable expenses caused by their failure to comply with discovery orders. Id. at *4. Finally, in Parsi v. Daioleslam, 778 F.3d 116 (D.C. Cir. 2015), the D.C. Circuit reaffirmed that a district court seeking to impose monetary sanctions under its inherent judicial authority–as opposed to its authority pursuant to Rule 37–must first find by clear and convincing evidence that the party committing the improper conduct acted in bad faith. In the case, plaintiffs repeatedly failed to produce relevant documents, including highly relevant emails between plaintiffs and third parties. Id. at 124. On top of sanctions it imposed for violations of its discovery orders, the court exercised its inherent authority to order plaintiffs to pay attorney’s fees and expenses specifically related to its failure to produce the emails. Id. at 119-120. The D.C. Circuit determined that the imposition of this particular sanction required a finding of bad faith conduct under a clear and convincing standard of proof. It then held that the district court met this obligation, as it had provided ample support on the record for its conclusion that plaintiffs’ failures to produce these emails were "indefensible" and "inexplicable." Id. at 132. If the pending amendment to Federal Rule of Civil Procedure 37(e) becomes effective on December 1, 2015, we will not likely see future sanctions decisions resting on the court’s inherent authority, as the Advisory Committee Note to the amendment declares that the amended rule precludes the issuance of sanctions based on courts’ inherent authority. Finally, one court found during the first half of 2015 that failure to provide documents in an accessible format can be sanctionable. In Boxer F2, L.P. v. Flamingo W., Ltd., No. 14-CV-00317, 2015 WL 2106101 (D. Colo. May 4, 2015) (Watanabe, Mag.), the court granted plaintiff’s renewed request for sanctions for generally obstructive discovery conduct. In an "effort to reduce further gamesmanship over the precise wording or scope of Plaintiff’s discovery requests," the magistrate judge previously ordered defendants to produce complete copies of certain accounting records. Id. at *1. Defendants provided plaintiff with the records via a Dropbox hyperlink, but did not provide plaintiff a functioning username or password until almost a month later. Id. The court found defendants did not give plaintiff "any meaningful access" to the accounting records, id. at *3, and it further found that defendants had modified the records prior to production, see id. Because defendants failed to comply in good faith with discovery orders, the magistrate judge ordered defendants to pay fees and expenses related to plaintiff’s renewed motion for sanctions and entered certain factual allegations in plaintiff’s complaint as findings of fact for the purposes of the litigation. Id. at *4. Back to Top Preservation Courts issued several interesting decisions in the first half of 2015 regarding (1) the trigger of the duty to preserve, (2) the extent to which the duty reaches data in the possession of non-parties, and (3) the subject matter breadth of the duty. Many who are not immersed in e-discovery are surprised to learn that the duty to preserve documents and ESI that are relevant to the litigation can be triggered before suit is filed–in some cases long before. In the Seventh Circuit, the duty to preserve is only triggered when a litigant knew or should have known that litigation was imminent. In all other Circuits, however, courts expect a greater deal of clairvoyance, holding that the duty to preserve begins when litigation is "reasonably foreseeable." In Clear-View Technologies, 2015 WL 2251005, Magistrate Judge Paul Grewal of the Northern District of California ruled that the duty to preserve arose over two years before the plaintiff commenced its lawsuit. The case involved less than model behavior on the part of the defendants–after receiving a legal hold notice from the plaintiff "in anticipation of litigation," they nevertheless failed to take any active steps to preserve data, deleted relevant text messages, and they lost and threw away several iPhones and other devices with unique relevant information. Additionally, after being served with document requests in the litigation, they failed to take reasonable steps to search for responsive documents, and one defendant deployed "Crap Cleaner" and other wiping software to remove data from his laptop computer while a motion to compel was pending. See id. at *1–5. Finding the duty to preserve to have attached upon defendants’ receipt of the legal hold notice would have been less controversial. The court, however, found that it arose approximately six months earlier, when the plaintiff’s CEO sent the defendants angry text messages saying "don’t call my shareholders with your b.s. . . . [K]eep it up and you’ll find [yourself] in court. Call Clyde again and I sue." The next morning, however, he sent apologetic texts, and acknowledged that he had been drinking ("I was very upset last night, plus the booze").  The court nevertheless noted that plaintiff’s CEO did not retract the threat of suit. Id. at *2, *7. Combined with defendants’ discussion among themselves about the potential legal ramifications of their conduct later the same month, the court found that "[t]his call is not even close" under the reasonable foreseeability standard. See id. at *7. The extent to which a duty to preserve extends to documents in the possession of non-parties is usually determined by whether they are deemed to be under the control of a party. Three decisions in the first half of 2015 addressed whether parties had such control. In Wandering Dago Inc. v. N.Y. State Office of Gen. Servs., No. 1:13-CV-1053, 2015 WL 3453321, at *11 (N.D.N.Y. May 29, 2015) (Treece, Mag. J.), the court addressed whether a New York state agency was obligated to preserve emails from a nonparty witness in a separate state agency. Id. at *7. The court found that "state agencies for most purposes are separate and distinct organs and should not be viewed in the aggregate," and that "[c]onsidering that hundreds of lawsuits are filed daily against New York State . . . requiring each agency and thousands of officials to institute a litigation hold every time a party contemplates or even commences litigation against another agency would paralyze the State." Id. at *8. In Superior Performers, Inc. v. Meaike, No. 1:13CV1149, 2015 WL 471429, at *3 (M.D. N.C. Feb. 4, 2015), the court found that the plaintiffs had "control" over voicemail that was not stored on their phones. The court held that "even if a party does not physically control the evidence, the party still has an obligation to give the opposing party notice of access to the evidence or of the possible destruction of the evidence if the party anticipates litigation involving that evidence." Id. (internal quotations omitted). Further considering the limitations of control, the court in Perez v. Metro Dairy Corp., No. 13 CV 2109, 2015 WL 1535296, at *1 (E.D.N.Y. Apr. 6, 2015) (Levy, Mag. J.) addressed whether a party had control over records that had been seized pursuant to an order in another matter and therefore were no longer in its possession. Noting that defendants had stated that the records had been seized within 24 hours of the order with no opportunity to back them up, the court found no obligation to have done so. Id. at *3.   Finally, a Circuit Court confirmed that the scope of the duty to preserve is limited to documents relevant to the dispute, and a party cannot be required to preserve all documents in its possession, custody or control. In Blue Sky Travel & Tours, 2015 WL 1451636, at *8, the Fourth Circuit held that it was an abuse of discretion for the magistrate judge to have concluded that a party "had a duty to stop its document retention policies and to preserve all documents because you don’t know what may or may not be relevant." (emphasis in original) (internal quotation marks omitted). Instead, according to the court, "a party is not required to preserve all its documents but rather only documents that the party knew or should have known were, or could be, relevant to the parties’ dispute." Id. (citations omitted). Back to Top E-Discovery Cost Recovery Parties increasingly are seeking to recover a portion of their e-discovery costs pursuant to 28 U.S.C. § 1920(4), which permits the taxing of "[f]ees for exemplification and the costs of making copies of any materials where the copies are necessarily obtained for use in the case." The first half of 2015 was no exception. Although the reference in 28 U.S.C. § 1920(4) to the recovery of the costs of making "copies" is somewhat anachronistic in the digital age, courts have nonetheless applied § 1920(4) to e-discovery by way of analogy, with the issue often being what qualifies as a "copy." See Fitbug Ltd. v. Fitbit, Inc., No. 13-1418 SC, 2015 WL 2251257, at *3-4 (N.D. Cal. May 13, 2015) (discussing how a vacuum of case law interpreting § 1920(4) required courts to use analogies and that e-discovery costs were necessarily incurred in complying with the parties’ production agreement). In Colosi v. Jones Lang LaSalle Americas, Inc., 781 F.3d 293, 297 (6th Cir. 2015), the Sixth Circuit explained, "[i]maging a hard drive falls squarely within the definition of ‘copy’" and affirmed the judgment of costs in favor of a defendant employer in a wrongful termination suit. The plaintiff–in response to a court order compelling production–delivered her computer to her attorney’s office and demanded that defendant employer send a third-party vendor to image it. See id. at 298. Imaging the computer was the "sole avenue permitting review of [the plaintiff’s] files" and was analogous to the taxable "cost of a party delivering an image file in response to an opponent’s production request." See id. The Colosi court expressly distinguished Race Tires America, Inc. v. Hoosier Racing Tire Corp., 674 F.3d 158, 166-72 (3d Cir. 2012)–upon which the plaintiff relied in opposing the bill of costs–saying Race Tires was "overly restrictive" because it excluded all e-discovery expenses except  those associated with converting responsive documents to an agreed upon format. See Colosi, 781 F.3d at 297. Likewise, in Resnick v. Netflix, Inc. (In re Online DVD-Rental Antitrust Litig.), 779 F.3d 914, 928 (9th Cir. 2015), the Ninth Circuit affirmed the trial court’s award of e-discovery costs, including not only those costs attributable to OCR and converting documents to TIFF (see id. at 932). The court remanded claims for other categories of e-discovery costs because the requesting party’s description of those tasks was not sufficiently detailed. See id. at 930-31. Although Colosi and Resnick signal an increasing openness of the judiciary to taxing e-discovery costs, and Colosi rejected Race Tires as "overly restrictive", several courts nonetheless continue to rely upon Race Tires and follow its narrow interpretation of § 1920(4). See e.g., CSP Techs., Inc. v. Sud-Chemie AG, No. 4:11-cv-00029-RLY-WGH, 2015 WL 2405528, at *3-4 (S.D. Ind. May 20, 2015); Comprehensive Addiction Treatment Ctr., Inc. v. Leslea, No. 11-cv-03417-CMA-MJW, 2015 WL 638198, at *2 (D. Colo. Feb. 13, 2015); see also Bagwe v. Sedgwick Claims Mgmt. Servs., Inc., No. 1:11-cv-02450, 2015 WL 351244, at *5-6 (N.D. Ill. Jan. 27, 2015) (Mag. J. Young Kim). Parties and courts are also taking a more proactive, forward-looking approach to shifting e-discovery costs, raising the issue of who should pay for e-discovery before they even incur the costs. For example, in United States ex rel. Carter v. Bridgepoint Education, Inc., 305 F.R.D. 225, 247 (S.D. Cal. 2015), plaintiffs requested backup tapes that defendants argued were inaccessible because of the burden and cost in producing the tapes. Magistrate Judge William Gallo said that "[t]o obtain this ESI at the other’s expense, the requesting party must demonstrate need and relevance that outweigh the costs and burdens of retrieving and processing this provably inaccessible information." Id. at 239. After determining the backup tapes were minimally relevant and inaccessible–they were inaccessible because of the defendants’ established data retention scheme–he ordered plaintiffs to bear the cost of recovery and search, and defendants to bear the cost of production. See id. at 240-44. As Judge Gallo implicitly recognized, shifting costs before they are even incurred can encourage the parties to be more reasonable about the scope of discovery they seek. Back to Top Discovery of Social Media Reflecting that the use of social media continues to proliferate in business and social contexts, the number of cases focusing on the discovery of social media continued to skyrocket in the first half of 2015. Courts are still struggling to develop rules and protocols applicable to social media evidence, including whether special authentication rules should govern social media evidence, what threshold showing of relevance must be made before discovery of personal social media data should be allowed, when the duty to preserve social media evidence arises, what role privacy rights should play in social media discovery, and who should bear the burden of reviewing social media data. The first half of 2015 included a major shift in the law governing the authentication of social media evidence. The Court of Appeals of Maryland changed course, and "embrace[d]" the Second Circuit’s holding that "in order to authenticate evidence derived from a social networking website, the trial judge must determine that there is proof from which a reasonable juror could find that the evidence is what the proponent claims it to be."  Sublet v. State, 113 A.3d 695, 698, 718, 722 (Md. 2015) (citing U.S. v. Vayner, 769 F.3d 125 (2d Cir. 2014)). Previously in Maryland, social media evidence was admissible only if the judge was "convince[d] . . . that the social media post was not falsified or created by another user."  Griffin v. State, 19 A.3d 415 (Md. 2011). Under Sublet, the preliminary determination of authentication is made by the trial judge and is a "context–specific determination" based on proof that "may be direct or circumstantial." Id. at 715 (citing Vayner). The court noted that "[t]he standard articulated in Vayner … is utilized by other federal and State courts addressing authenticity of social media communications and postings" and "is not particularly high."  Id. at 715, 718 (citations and internal quotations omitted). The court’s decision in Sublet could very well signal the death knell of a trend wherein some courts required "’greater scrutiny’ or particularized methods for the authentication of evidence derived from the Internet due to a ‘heightened possibility for manipulation,’" (Vayner, 769 F.3d at 131 n.5 (citing Griffin)), as Griffin was the most influential of such cases. In addition, in the first half of 2015, courts continued to find that the testimony of the individual who printed a copy of a social media webpage, or prepared a memorandum summarizing information obtained from the social media account, is insufficient to authenticate social media evidence. See, e.g., Linscheid v. Natus Medical Inc., No. 3:12-cv-76-TCB, 2015 WL 1470122, at *5-6 (N.D. Ga. Mar. 30, 2015) (finding Linkedin profile page not authenticated by declaration from individual who printed the page from the Internet); Monet v. Bank of America, N.A., No. H039832, 2015 WL 1775219, at *8 (Cal Ct. App. Apr. 16, 2015) (finding that a "memorandum by an unnamed person about representations others made on Facebook is at least double hearsay" and not authenticated). Courts also continue to hold that "the fact that the information [sought] is in an electronic file as opposed to a file cabinet does not give [the party seeking discovery] the right to rummage through the entire file." Silva v. Dick’s Sporting Goods, Inc., No. 3:14cv580 (WWE)(WIG), 2015 WL 1275840, at *1-2 (D. Conn. Mar. 19, 2015) (Garfinkel, Mag. J.) (refusing defendant’s request for copies of all of plaintiff’s Facebook communications, many of which plaintiff argued were not relevant to the claims and defenses involved in the dispute) (citations and quotations omitted); see also Cummings v. Bost, Inc., No. 2:14–CV–02090, 2015 WL 1470137, at *9 (W.D. Ark. Mar. 31, 2015) (refusing defendant’s request for access to plaintiff’s Facebook account because the request was "rooted in pure speculation"). As with more traditional forms of evidence, the party seeking discovery of social media "must establish a factual predicate for [the] request by identifying relevant information in [the social media] account, such as information that contradicts or conflicts with plaintiff’s alleged [claims]."  Gonzalez v. City of New York, 47 Misc. 3d 1220(A), 2015 WL 2191363, at *1 (N.Y. Sup. May 4, 2015) (citations and quotations omitted). One court took a novel approach to the establishment of a factual predicate, ordering plaintiff to produce a sample of plaintiff’s Facebook activity limited to specific references to plaintiff’s emotional distress claims and any related treatment. Caputi v. Topper Realty Corp., No. 14–cv–2634(JFB)(SIL), 2015 WL 893663, at *8 (E.D.N.Y. Feb. 25, 2015). The court held that the defendants could review this sample and use it to put forth a factual predicate to obtain additional discovery from plaintiff’s Facebook account information. Id. Once a factual predicate has been established, as with other forms of evidence, most courts only grant discovery of social media evidence that is relevant to the issues involved in the case. In Gonzalez, defendant demonstrated that photographs and comments posted by plaintiff regarding his injuries and the accident in question established that "discovery of plaintiff’s social media account will lead, or may reasonably be calculated to lead, to relevant evidence bearing on plaintiff’s claims."  2015 WL 2191363 at *2. Accordingly, the court ordered discovery of materials on plaintiff’s social media accounts relevant to plaintiff’s claims and injuries, but denied defendant’s request to access any other social media information. Id. See also In re Milo’s Kitchen Dog Treats Consol. Cases, No. 12–1011, 2015 WL 1650963, at *1-5 (W.D. Pa. Apr. 14, 2015) (refusing defendant’s request for "unfettered access to [p]laintiff’s Facebook data" where plaintiff had already provided relevant information from Facebook account); Spearin v. Linmar, L.P., 2015 WL 3678163 at *1 (N.Y. App. Div. June 16, 2015) (granting discovery of social media evidence relevant to alleged injuries only). Another continuing theme in the first half of 2015 was the extent to which parties have an obligation to preserve social media during litigation, and whether the modification of social media constitutes sanctionable spoliation. Because social media is dynamic, account holders may delete information from their page or cancel their account altogether, without realizing that the information could be relevant to an anticipated or pending matter. In addition, information can be deleted from a post by other users who do not have a duty to preserve evidence. In determining whether to award sanctions for spoliation of social media, courts have focused on a variety of factors, including whether the users had a duty to preserve their account at the time the evidence was deleted, and whether the users deleted the social media data to hide adverse evidence. In D.O.H. v. Lake Central School Corp., plaintiff admitted to deleting some relevant information from his Facebook account prior to the court order requiring preservation of evidence, and admitted that he may also have deleted some posts after the order was issued. No. 2:11–cv–430, 2015 WL 736419, at *8-10 (N.D. Ind. Feb. 20, 2015) (Rodovich, Mag. J.) (considering spoliation sanctions for deletion of posts and comments from Facebook). The court found that plaintiff had a duty to preserve evidence starting when he knew litigation was imminent, and thus the evidence was spoliated. Id. at *10. The court held, however, that an adverse inference sanction was not warranted, as plaintiff did not delete the information in bad faith to hide adverse evidence. Id. The court noted that it was likely plaintiff deleted some "vulgar comments to avoid embarrassment or further harassment," and that it was possible third party users, not plaintiff, had deleted their own comments on plaintiff’s Facebook page. Id. A frequently litigated issue regarding the discovery of social media is the role of traditional privacy rights in protecting those new methods of personal expression. In the first half of 2015, most courts continued to find that individuals generally do not have a reasonable expectation of privacy, regardless of activated privacy settings, in the information they submit to social networking sites. See Nucci v. Target Corp., 162 So.3d 146, 153-55 (Fla. Dist. Ct. App. Jan. 7, 2015) (finding no reasonable expectation of privacy in social media accounts because "[b]y creating a Facebook account, a user acknowledges that her personal information would be shared with others. Indeed, that is the very nature and purpose of these social networking sites else they would cease to exist.") (internal citations and quotations omitted); In re Milo’s Kitchen, 2015 WL 1650963, at *3 (holding "there is no reasonable expectation of privacy in information posted on Facebook and … making a Facebook page ‘private’ does not shield it from discovery if the information sought is relevant"). At least one court found, however, that there is "a reasonable expectation of privacy attached to the one-on-one messaging option that is available through Facebook accounts" and thus granted discovery of plaintiff’s Facebook postings, comments, videos, and photographs, but not private messages sent or received by plaintiff. Melissa G v. North Babylon Union Free School Dist., 6 N.Y.S.3d 445, 449 (N.Y. Sup. Ct. 2015); see also Cummings, 2015 WL 1470137, at *9 (refusing defendant’s request for access to plaintiff’s Facebook account in part because it "would allow a substantial intrusion into [plaintiff’s] privacy for which [defendant] has failed to provide a sufficient justification"). The question of who should bear the burden of review has become more important as the volume and costs of electronic discovery increase. In the first half of 2015, most courts continued to require the account holder to gather and review data from social networking accounts, and provide it directly to the defendant, as typically "counsel for the producing party is the judge of relevance in the first instance" for discovery matters. Melissa G, 6 N.Y.S.3d at 447-49 (ordering plaintiff’s counsel to review plaintiff’s Facebook postings and produce those relevant to plaintiff’s damages claim, as "there [was] no basis to believe that plaintiff’s counsel [could not] honestly and accurately perform the review function") (internal citations omitted). A small minority of courts, however, conduct an in camera review of the social media content being sought. Some courts have chosen this method of review to resolve disputes regarding whether certain communications on social media accounts are privileged. See, e.g., In re Milo’s Kitchen, 2015 WL 1650963, at *1-5 (ordering plaintiff to produce social media evidence for in camera inspection so the court could review for privilege). Other courts have chosen in camera review for social media data because social media accounts "may contain material of a private nature that is not relevant." Gonzalez, 2015 WL 2191363, at *1-2 (holding that "the Supreme Court should conduct an in camera inspection of all status reports, e-mails, photographs, and videos posted on the plaintiff’s social media accounts since the date of the accident to determine which of those materials, if any, are relevant to the alleged claim and injuries"); see also Spearin, 2015 WL 3678163 at *1 (overturning lower court’s order requiring plaintiff to provide defendant access to his entire Facebook account, and remanding for an in camera review of plaintiff’s Facebook account instead). By contrast, other courts have acknowledged that social media accounts could contain "embarrassing" content, but have allowed its discovery and refused to preclude it from evidence, reserving the discretion to later exclude the evidence at trial pursuant to Federal Rule of Evidence 611, which allows a court to control the examination of witnesses and presentation of evidence to protect witnesses from harassment and undue embarrassment. See Newill v. Campbell Transp. Co., Inc., 2015 WL 267879, *1-2 (W.D. Pa. Jan. 14, 2015) (refusing to preclude the defendant from introducing several of the plaintiff’s Facebook postings into evidence because they were embarrassing to plaintiff). Back to Top Government Investigations Courts continue to grapple with how to apply e-discovery concepts to governmental investigations. In a number of decisions during the first half of 2015, courts have sought to balance Fourth Amendment rights with the opportunities for discovery created by the Stored Communications Act (SCA), 18 U.S.C. §§ 2700 et. seq,, which permits access to the files of technological intermediaries, such as Internet service providers and cell phone providers.  Notably, in the first half of 2015, the Eleventh Circuit joined several other courts in holding that the Government’s receipt of a robbery suspect’s historical cell tower records pursuant to the SCA does not violate a defendant’s Fourth Amendment rights, even if the information is obtained without a search warrant and its requisite showing of probable cause, as long as the Government complies with the SCA. United States v. Davis, 785 F.3d 498 (11th Cir. 2015).  See also, e.g., In re Application of the United States for Historical Cell Site Data, 724 F.3d 600 (5th Cir. 2013) (holding in a 2-1 opinion that historical cell site records under the SCA did not "categorically" violate the Fourth Amendment); In re United States For An Order Directing Provider Of Electronic Communication Service To Disclose Records, 620 F.3d 304 (3d Cir. 2010) (approving constitutionality of § 2703(d)); United States v. Epstein, CR No. 14-287 (FLW), 2015 WL 1646838 (D.N.J. Apr. 14, 2015); United States v. Dorsey, No. CR 14-328-CAS, 2015 WL 847395, at *6-8 (C.D. Cal. Feb. 23, 2015); United States v. Lang, No. 14 CR 390, 2015 WL 327338, at *3-4 (N.D. Ill. Jan. 23, 2015) (collecting cases); United States v. Shah, No. 5:13-cr-328-FL, 2015 WL 72118 (E.D. N.Ca. Jan. 6, 2015) (holding that there is no Fourth Amendment right to protection against government’s access of cell phone location data from cell company or of user’s IP addresses used to access Facebook); but see United States v. Cooper, No. 13-cr-00693, 2015 WL 881578 (N.D. Cal. Mar. 2, 2015) (coming to the opposite conclusion with respect to historical cell tower record information). Considering the Supreme Court’s decisions in United States v. Miller, 425 U.S. 435, 437-38 (1976), where the Court held that the defendant had no Fourth Amendment interest in his bank account records because they were also the bank’s business records, the Eleventh Circuit reasoned in Davis that the defendant did not own or possess the mobile phone company’s business records. Davis, 785 F.3d at 511. "Instead those cell tower records were created by Metro PCS, stored on its own premises, and subject to its control. Cell tower locations do not contain private communications of the subscriber. This type of non-content evidence, lawfully created by a third-party telephone company for legitimate business purposes, does not belong to [the defendant], even if it concerns him." Id. In addition, the Eleventh Circuit considered the Supreme Court’s decision in Smith v. Maryland, 442 U.S. 735, 742-46 (1979), where the Court held that telephone users have no reasonable expectations of privacy in dialed telephone numbers recorded through pen registers and contained in the third-party telephone company’s records. Similar to Smith, the Eleventh Circuit concluded the defendant had no "subjective or objective reasonable expectation of privacy in MetroPCS’s business records showing the cell tower locations that wirelessly connected his calls at or near the time of the … robberies." Id. At least some courts have taken the same approach to governmental tracking and monitoring of an individual’s cell phone data.  The Northern District of Mississippi held that there is no reasonable expectation of privacy in prospective cell phone tower data (i.e., where permission to collect the data is sought prospectively, rather than after the fact), and the court held that the government could actively track and monitor cell phone data. In re the Application of the U.S. for an Order for Authorization to Obtain Location Data Concerning an AT&T Cellular Telephone, — F. Supp. 3d —-, No. 3:15MC3, 2015 WL 184276, at *5-6 (N.D. Miss. Mar. 30, 2015) (reviewing cases and holding that in light of the "clearly binding Fifth Circuit precedent" that "there is no reasonable expectation of privacy in historical cell phone data," there is similarly no reasonable expectation of privacy in prospective cell phone data as the court "doubt[ed] that prospective cell phone data [was] sufficiently different from historical cell phone data to warrant a different result"). But this decision appears to be at odds with a number of other courts, which have required the government to show probable cause to track and monitor cell phone usage of a suspect. See, e.g., United States v. Cooper, No. 13-cr-00693-SI-1, 2015 WL 881578, at *4-5 (N.D. Cal. Mar. 2, 2015) (collecting cases); Dorsey, 2015 WL 847395, at *9 (citing United States v. Espudo, 954 F. 3d 1029, 1035 (S.D. Cal. 2013) (collecting cases)) (finding that "a majority of courts have taken the position that the government must make a showing of probable cause to acquire ‘real-time’ or ‘prospective’ cell site location data").. Courts have also permitted the government to expansively use the SCA to apprehend suspects, rather than simply to gather evidence.  For example , in In the Matter of Application for Cell Tower Records under 18 U.S.C. § 2703(D), — F. Supp. 3d —-, No. H-15-136M, 2015 WL 1022018 (S.D. Tex. Mar. 9, 2015), the Southern District of Texas issued an order under the SCA for a literal "dump" of cell phone record information from seven different cell phone service providers, which the government had requested in order to "identify the particular device used by the suspect and any confederates, and ultimately to enable their capture and arrest." The Government filed an application under § 2703(d) of the SCA for "an order compelling seven different cell phone service providers to release historical cell tower data for specific towers providing service to a crime scene within Houston city limits at the hour of the crime." Id. at *1. As the Court put it, the request was "unusual" because unlike most account record requests under the SCA, the "targeted account [was] not specified." Id. Keeping with this expansive approach in the context of governmental investigations, a court in the Eastern District of New York concurred with the holdings of other courts in other districts that, pursuant to the SCA, a judge may issue a warrant for the production of email evidence stored in a district other than the one in which he or she sits. United States v. Scully, No. 14-CR-208(ADS), — F.3d —- (E.D.N.Y. June 8, 2015); see also, e.g., United States v. Berkos, 543 F. 3d 392 (7th Cir. 2008) (holding that § 2703(a) permits the issuance of warrants for electronic evidence stored outside of the issuing district); United States v. Kernell, No. 3:08-CR-142 (CCS), 2010 WL 1408437 (E.D. Tenn. Apr. 2, 2010), report and recommendation adopted, No. 3:08-CR-142 (TWP), 2010 WL 1491831 (E.D. Tenn. Apr. 13, 2010) (same); United States v. Noyes, No. 1:08-CR-55 (SJC), 2010 WL 5139859, at *9 n.8 (W.D. Pa. Dec. 8, 2010) (same). In Scully, the defendant filed a motion to suppress email evidence produced by Yahoo pursuant to a search warrant issued by Judge Wall in the Eastern District of New York, arguing that the search warrant violated Federal Rule of Criminal Procedure 41 and § 2703 of the SCA because the emails were stored in California and "a judge in one district cannot issue a search warrant for property located in another district." Id. at *11. After an extensive examination of the relevant rules, statutes, legislative history, and precedent, the Court in Scully held that the search warrants did not violate the Rule 41 or the SCA, and that a court in one district may issue a search warrant for electronically stored information stored in another district. Id. at *20. One limitation that courts seem to put on government investigations into files maintained by ISPs and other similar intermediaries is that courts are reluctant to burden the intermediaries with the obligation to sift through voluminous information and identify the responsive/relevant data.  In one example, the District of Alaska determined that requiring an ISP to perform a review of email evidence for relevance is unduly burdensome. In re the Matter of the Search of Google Email Accounts, No. 14-mj-00352, — F. Supp. 3d —-, 2015 WL 1650879 (D. Alaska Apr. 13, 2015). The Court issued a search warrant that "directed Google to provide the government with email correspondence from six Gmail accounts that were exchanged during brief periods of time these accounts were used to respond to Craigslist advertisements posted by [Redacted poster] @yahoo.com that solicited sexual encounters with minors." Id. at *1. Google resisted the warrant because it "required Google to inspect email content for relevancy and evidentiary value," that is, emails relating to the solicitation of sex with minors, and Google contended "that it is not competent to perform such an analysis, and requiring it to do so is unfair and unduly burdensome." Id. at *2. The Court "readily" agreed, and "absolve[d] Google from any responsibility to review email content when responding to the warrant," and specifically for "relevance and for evidentiary value."  Id. at *2-5.. Back to Top Vendor Developments We are seeing some very positive–and also some rather negative–developments in the e-discovery services (aka vendor) market. The best vendors are providing an array of powerful technologies–such as predictive coding, visual analytics and machine translation–along with consistently high-quality professional services to ensure that these tools are used effectively and defensibly. Some vendors are also beginning to provide more straightforward and simplified pricing, in lieu of the complex à la carte pricing of the past. Until recently, vendors typically charged separately for the use of technologies such as predictive coding, analytics and even e-mail threading–often at expensive rates–making use of these technologies impractical. We are now seeing some vendors, particularly those that have developed their own applications and therefore do not have to pass on licensing fees from separate software vendors (allowing them pricing flexibility), more frequently bundling these technologies in a single technology fee. When this bundling is priced reasonably, which we are also seeing, the use of predictive coding, analytics and other technologies that make search and review more efficient can more often be a viable option than in the past. Some vendors are investing considerable resources to educate their existing and potential clients about the e-discovery process through white papers, webinars, seminars and blogs. Of course, some materials and programs are more sales pitch than real education. But the better materials can add significant value. On the negative side, the market for e-discovery services remains immature. We continue to see a dizzying array of e-discovery service providers vying for market share, with ever lower barriers to entry, and a market that often appears ill-equipped either to distinguish among them or to evaluate the quality of their services, technology or pricing. Vendors that provide both cutting-edge technology and outstanding professional services appear to be a relatively rare find, as those that excel in one area too often fall short in the other. Consistency also remains an issue. Finding a vendor that consistently provides excellent service across matters and over time can seem like prospecting for gold: a lot of work and often disappointing results. In the fog of this environment, some vendors with inferior technology and limited professional services are nevertheless able to demand premium pricing. Sales tactics have grown increasingly aggressive, with direct sales calls to individual (often inexperienced) lawyers at firms and companies, and enticements being offered in exchange for attending demos. One of the more troubling new developments has been some vendors’ attempts to, in effect, "consumerize" e-discovery–i.e., to sell e-discovery software as a service (SaaS) directly to end users (e.g., individual lawyers) much like an app, with little or no professional services component involved. The origins of this consumerization movement may be traceable to some major vendors’ cloud-based e-discovery offerings. Vendors offering these cloud-based e-solutions typically target law firms and companies with professional litigation support staff with the skills to manage complex projects and execute difficult tasks. The consumerization approach, by contrast, directly targets individual lawyers and rests on a sales pitch that implies e-discovery is easy. The problem is that all too often, even with the best technology, it isn’t, and the risks and consequences of failure, as always, remain great (see our sanctions discussion above). Back to Top Federal Rule Amendments For those old enough to remember, there’s a scene in the film Monty Python and the Holy Grail in which Sir Lancelot is seen charging across a field to attack a castle. The camera pans back and forth between two guards posted at the front of the castle and Lancelot, who each time is still where he started, endlessly charging forward but getting nowhere. The drawn-out process to implement a second round of e-discovery related amendments to the Federal Rules of Civil Procedure (the first round was in 2006) has, at times, felt a lot like that scene. It started with the Civil Rules Advisory Committee’s Duke Litigation Review Conference in 2010, followed by a series of public meetings and a "Mini-Conference" in 2011, after which the Committee in August 2013 released a set of proposed rule amendments for public comment. After the public comment period, which included 120 testifying witnesses and over 2,300 written comments, the Discovery Subcommittee of the Civil Rules Advisory Committee submitted a revised proposal, which the Civil Rules Advisory Committee adopted in April 2014. The Judicial Conference approved the proposed amendments on September 16, 2014, and forwarded them to the Supreme Court, which adopted them on April 29, 2015, and sent them to Congress. Absent Congressional action, the proposed amendments will become effective on December 1, 2015. The proposed amendments affect Federal Rules of Civil Procedure 1, 4, 16, 26, 30, 31, 33, 34, 37, 55 and 84. The most significant for e-discovery purposes are the proposed amendments to Rules 37(e) (sanctions), 1 (cooperation) and 26(b)(1) (proportionality and scope of discovery). Sanctions for Failure to Preserve ESI (Rule 37(e)) The most anticipated of the proposed amendments is that to Rule 37(e), which will govern the imposition of sanctions for failures to preserve electronically stored information that a party had a duty to preserve. The amendment is primarily intended to address inconsistencies in the level of culpability courts have applied in imposing the most serious sanctions, such as case termination or an adverse inference instruction, and the perceived unfairness of sanctioning a party that has acted reasonably yet some ESI has nevertheless been lost. It also seeks to address the problem of over-preservation–i.e., parties preserving too much information because of fears of harsh or case-terminating sanctions. The proposed amendment provides: "If electronically stored information that should have been preserved in the anticipation or conduct of litigation is lost because a party failed to take reasonable steps to preserve it, and it cannot be restored or replaced through additional discovery, the court: (1) upon finding prejudice to another party from loss of the information, may order measures no greater than necessary to cure the prejudice; or (2) only upon finding that the party acted with the intent to deprive another party of the information’s use in the litigation may: (A) presume that the lost information was unfavorable to the party; (B) instruct the jury that it may or must presume the information was unfavorable to the party; or (C) dismiss the action or enter a default judgment." The Advisory Committee Note states that by specifying the measures that a court may employ if ESI is lost and the findings it must make, the proposed amendment to Rule 37(e) "forecloses reliance on inherent authority or state law to determine when certain measures should be used." See Advisory Committee Note at 38. The proposed amendment creates a safe harbor if a party acted reasonably to preserve ESI. See Thomas Y. Allman, Thoughts on the 2015 Amendments to Federal Rule of Civil Procedure 37(e), 15 Digital Discovery & e-Evidence 245 (June 11, 2015). If a party demonstrates that it took "reasonable steps" to preserve, no sanctions or other remedies are available under the proposed rule, even if ESI was lost. The Committee Note expressly states that "[b]ecause the rule calls only for reasonable steps to preserve, it is inapplicable when the loss of information occurs despite the party’s reasonable steps to preserve." See Advisory Committee Note at 41. Significantly, the Committee Note also expressly encourages to courts to consider proportionality in determining whether a party’s preservation efforts were reasonable. Recognizing that "aggressive preservation efforts can be extremely costly," the Note states that "[a] party may act reasonably by choosing a less costly form of information preservation, if it is substantially as effective as more costly forms."  Id. at 42. Only if a party has failed to take reasonable steps to preserve ESI that should have been preserved, and the information is lost as a result, then the proposed amendment provides that the focus should be on whether the lost information can be restored or replaced through additional discovery. If the information is restored or replaced, no further measures should be taken. The Committee Note states that "[a]t the same time, it is important to emphasize that efforts to restore or replace lost information through discovery should be proportional to the apparent importance of the lost information to claims or defenses in the litigation. For example, substantial measures should not be employed to restore or replace information that is marginally relevant or duplicative." See id.  If the lost ESI cannot be restored or replaced through additional discovery, the court must find that the other party has been prejudiced before imposing any curative measures or sanctions. According to the Committee Note, "[a]n evaluation of prejudice from the loss of information necessarily includes an evaluation of the information’s importance in the litigation." Id. at 43. Once a finding of prejudice is made, only then is the court authorized to employ measures "no greater than necessary to cure the prejudice." Id. The court may impose specified very severe measures–i.e., an adverse inference or a case terminating sanction–only if the court finds that the party acted with the intent to deprive the other party of the information’s use in the litigation. Given the December 1, 2015 effective date for the proposed rule amendments, we likely will not know until at least mid-2016 (or later) whether the amendment to Rule 37(e) appears to be fulfilling its goals in practice and can bring more fairness to the e-discovery sanctions area. One important area that it does not address is the trigger for the duty to preserve, for which there is a split in the courts. In the Seventh Circuit, such a duty is triggered only when litigation is "imminent." Everywhere else, it is triggered where courts find that litigation was "reasonably foreseeable." Cooperation (Rule 1) The proposed amendment to Rule 1 was originally crafted to require cooperation among the parties, but that language was dropped relatively early on out of concerns that it would only spawn tangential disputes regarding whether parties were being sufficiently cooperative. In its final proposed form, amended Rule 1 provides that the rules of civil procedure would not only be "construed and administered" (the current language) but also "employed by the court and the parties" to secure the just, speedy, and inexpensive determination of every action and proceeding. The concept of cooperation still made it into the Committee Note that accompanies the proposed amendment, which states that "effective advocacy is consistent with – and indeed depends upon – cooperative and proportional use of procedure." See Committee Note at 1-2. Proportionality and the Scope of Discovery (Rule 26(b)(1)) The amendment to Rule 26(b)(2)(C)(iii) moves the proportionality factors from Rule 26(b)(2)(C)(iii) to Rule 26(b)(1). As amended, Rule 26(b)(1) would permit a party to obtain discovery regarding any non-privileged matter that is relevant to any party’s claim or defense "and proportional to the needs of the case, considering the importance of the issues at stake in the action, the amount in controversy, the parties’ relative access to relevant information, the parties’ resources, the importance of the discovery in resolving the issues, and whether the burden or expense of the proposed discovery outweighs its likely benefit." The intended effect of this reorganization is to strengthen the concept of proportionality in courts’ consideration of the permissible scope of discovery. The Committee Note states that the movement of the proportionality factors from Rule 26(b)(2)(C)(iii) to Rule 26(b)(1) "restores" them "to their original place in defining the scope of discovery" and "reinforces" the "obligation of the parties to consider" them "in making discovery requests, responses or objections." See Committee Note at 19. Back to Top International E-Discovery Developments The cross-border transfer and disclosure of information remains a hot topic in e-discovery in Europe and the Asia Pacific region. Adequacy of US-EU Safe Harbor Program Challenged On March 24, the European Court of Justice (ECJ) heard arguments in a case challenging the US-EU Safe Harbor Framework, which allows certified US companies to send personal data outside Europe if they meet certain European Union requirements. In Maximillian Schrems v. Data Prot. Comm’r, activist Max Schrems argued that the Irish Data Protection Agency (DPA) did not properly investigate his claims that Facebook violated European data privacy rules by transferring European users’ data to US-based servers, making the data accessible to the National Security Agency for its PRISM program. The Irish DPA rejected Schrems’ claim without further investigation because of Facebook’s Safe Harbor certification. Schrems sued the DPA in the Irish High Court, which referred his case to the ECJ. The ECJ must decide whether the Irish DPA was correct in relying on Facebook’s Safe Harbor status, or whether the Safe Harbor Framework does not at present ensure adequate data privacy protection for European citizens’ data. At the March argument, the European Commission defended the Framework. The Commission conceded that at present there is no guarantee that EU citizens’ data will be adequately protected, but emphasized that the Safe Harbor Framework is important for maintaining political and economic ties to the United States and US-based companies. In the meantime, the Safe Harbor Framework is in the process of being amended to increase transparency and more actively enforce compliance, though the US and EU negotiators have yet to reach an agreement on the terms of the amendments. Cross-Border Transfer and Disclosure of Information Remains a Hot Topic in the Asia Pacific Region Cross-border transfer and disclosure of information remains a hot topic in the Asia-Pacific region. "Data localization laws"–laws mandating that certain industries store data within a country’s borders–such as China’s State Secret laws are of particular concern to companies.  In the case of China, the law prohibits the export of electronic data concerning "state secrets," a term that is defined broadly by statute and by Chinese enforcement authorities implementing the laws. Notably, a 2014 Hong Kong decision interpreting the law ruled that it does not amount to a blanket prohibition against cross-border data transfers. Despite this, the broad scope of the law and harsh penalties levied for violations have increasingly led companies to keep their data in China, and to rely on mainland Chinese law firms to assist with handling of data and document review. Back to Top Conclusion We’re off to a fast start in e-discovery this year. Look out for our articles, client alerts and our year-end update in January 2016.       Gibson Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. The Electronic Discovery and Information Law Practice Group brings together lawyers with extensive knowledge of electronic discovery and information law.  The group is comprised of seasoned litigators with a breadth of experience who have assisted clients in various industries and in jurisdictions around the world.  The group’s lawyers work closely with the firm’s technical specialists to provide cutting-edge legal advice and guidance in this complex and evolving area of law.  For further information, please contact the Gibson Dunn lawyer with whom you usually work or the following leaders of the Electronic Discovery and Information Law Practice Group: Gareth T. Evans – Orange County (949-451-4330, gevans@gibsondunn.com)Jennifer H. Rearden – New York (212-351-4057, jrearden@gibsondunn.com) G. Charles ("Chip") Nierlich – San Francisco (415-393-8239, gnierlich@gibsondunn.com) © 2015 Gibson, Dunn & Crutcher LLP Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 8, 2016 |
2015 Year-End German Law Update

By the end of 2015, Germany has provided shelter to more than one million refugees that entered the country in the past twelve months, many without any documents of identification or even totally unregistered in some cases. The formidable challenges and changes that a society faces when national and even European borders, at least for a crucial period of time, appear to become meaningless make the legal changes described in this Year-End Update look pale by comparison. Over the last twelve months, the struggle to find a roof and provide for the basic needs of thousands of new asylum seekers became part of the daily routine in many German cities. Starting with the German Chancellor, Angela Merkel, political pragmatism combined with a "we can do" attitude took precedence over the rule of law and due process in many German minds. However, first clouds appeared on the blue sky when the true numbers and costs of this venture became clearer towards the end of the year. Germany enters a new era of uncertainty from a position of strength: The German economy is booming, unemployment has never been so low and, thanks to Mr. Draghi’s policy of flooding Europe with cash, there is currently no cost for the German Government to refinance its debt. Taking an optimistic view, with many new immigrants, most of them young and eager to work and build career paths for themselves and their families, Germany is now also close to solving its demographic issues and is laying solid foundations for future growth and prosperity as a diverse and open-minded society. Taking the pessimistic view, you could look ahead at several years of struggle to integrate millions (there is no indication that the inflow will slow down in the next 2 or 3 years) with a patchy educational background, who face significant linguistic and cultural challenges in their new home and may threaten to become long-term dependents on the generous German social security system. Will European integration help or harm? The European track record of success in getting its act together has not been strengthened by the last-minute bail-out of Greece that dominated the news in the first half of the year. National secession movements and protectionist politics appear to be gaining traction in light of the refugee crisis at the expense of a sense of mutual cooperation and burden-sharing. With the threat of a British exit pending, at the beginning of 2016, the EU looks like a major construction site rather than a fully functioning European home. If we were to choose one of the changes described hereunder that is likely to affect the business with Germany and Europe the most, last year’s "winner" would be the European Court of Justice’s decision to invalidate the EU-U.S. Safe Harbor framework coupled with the new compromise wording of the EU Data Protection Regulation which is now expected to be adopted shortly by the European Council and the European Parliament. Europe is determined to establish a stricter regime relating to data privacy than the U.S., including a "right to be forgotten", right to data portability and notification obligations in case of data breaches, coupled with fines of up to 4% of a company’s annual revenue. Whether this European initiative will gain many plaudits or will only widen the digital and economical gap between the U.S. and Europe remains to be seen. With these more philosophic thoughts in the back of our mind, we want to update our clients and friends with our customary annual alert for Germany on the specific legal developments that will likely affect corporate and finance transactions and regulatory proceedings in the years to come. Wishing that your business will prosper from the opportunities created rather than suffer from the costs, we hope you enjoy reading this update. Table of Contents         1.  Corporate, M&A 2.  Tax 3.  Finance, Insolvency and Restructuring 4.  Labor and Employment 5.  Real Estate 6.  Data Protection 7.  Compliance 8.  Antitrust and Merger Control 1.      Corporate, M&A 1.1       Corporate, M&A – Delisting 4.0 – Delisting Only Against Cash Compensation November 26, 2015 marks another milestone in the toing and froing of delisting rules in Germany. On that day, an amendment to the German Stock Exchange Act (Börsengesetz) came into force that provides for changes in the requirements under which the public listing of an issuer’s securities on the regulated market in Germany can be revoked upon the issuer’s request. Under the new rules, a delisting generally requires the publication of an offer document and the payment of cash compensation. The new rules are the result of a highly controversial debate that has been going on for more than ten years and that was fueled by various landmark decisions by the German Federal Supreme Court (Bundesgerichtshof – BGH) in 2002 (Macrotron) and 2013 (Frosta – see "Delisting Reloaded – German Supreme Court Abandons Cumbersome Restrictions") as well as the German Federal Constitutional Court (Bundesverfassungsgericht) in 2012 (see "Back to Square One? German Constitutional Court Rewrites Delisting Rules"). The latest BGH decision which ruled that a delisting neither requires a resolution by the general shareholders’ meeting nor a compensation that would be challengeable in a special court proceeding (Spruchverfahren) resulted in a large number of delistings over the past two years and just as much criticism. As a consequence, the legislature felt a need to change the law in an attempt to provide further protection to shareholders. Under the new statutory rules, the application by an issuer to have the public listing of its securities revoked may only be approved if at the time of the application an offer to acquire all affected securities in accordance with the provisions of the German Securities Purchase and Takeover Act (Wertpapiererwerbs- und Übernahmegesetz – WpÜG) was published. Such offer will not be required if the securities continue to be listed on another domestic stock exchange for trade in the regulated market or in another Member State of the European Union or another contract state of the European Economic Area for trade on an organized market where equivalent delisting rules apply. The offer, which cannot be conditional, must provide for cash compensation denominated in Euro and be accompanied by a financing commitment. In principle, the compensation must be at least equal to the weighted average domestic stock price of the securities over the past six months preceding the publication of the offer document. If, however, an issuer violated the applicable ad hoc disclosure requirements or the rules on market manipulation over the relevant six-month period and the calculated average stock price was affected thereby more than negligibly, this valuation method would not apply. In such a case, the compensation must be determined by evaluating the issuer. This would also apply if the stock price was established on fewer than one third of the trading days during the relevant six-month period and several stock prices successively established deviate from each other by more than five percentage points. It is difficult to comprehend why a continuous second listing at another well-established market outside the EU and EEA, such as on the NYSE or Nasdaq, is not deemed equivalent and does not enable the issuer to delist in Germany without having to publish an offer document and pay a compensation. Given the increased costs and complexities caused by the new statutory rules, issuers will only consider and go through with a delisting if they expect significant economic and commercial advantages from such measure in the medium to long run. Back to Top 1.2       Corporate, M&A – Amendment to the Stock Corporation Law – Aktienrechtsnovelle 2016 On 12 November 2015, after five years of discussion, the German Parliament resolved on various amendments to the German Stock Corporation Act (Aktiengesetz – AktG) known as "Aktienrechtsnovelle 2016". The new provisions will not contain an actual reform but only amend specific aspects of the German Stock Corporation Act, in particular to allow companies more flexibility and to enhance their financial resilience. Additionally the amendments aim to improve the transparency regarding the ownership structure of non-listed companies. The first significant amendment relates to the supervisory boards of German stock corporations. The number of the members of supervisory boards will no longer have to be generally divisible by three, but only if this is necessary for reasons of employee co-determination under the German One-Third Employee Co-Determination Act, i.e. for public and private limited companies with more than 500 but no more than 2,000 employees. The minimum number of supervisory board members will remain three. The Aktienrechtsnovelle 2016 also affects the capital and share structure of German stock corporations: Non-listed stock corporations may in future only issue bearer shares if the shareholders are not entitled to individual share certificates and a global share certificate is deposited with a depository bank. Otherwise, non-listed companies may only issue registered shares. Those amendments intend to ensure the transparency of the ownership structure also of non-listed companies (corporate law notification obligations regarding non-listed companies only apply to stakes in excess of 25%). To increase the flexibility of the equity structure of stock corporations the companies may now further stipulate in their articles of association that the right to subsequent payment for preference shares is excluded and that holders of preference shares receive higher than ordinary dividends instead of prioritized payments. Currently an exclusion of voting rights basically requires that the shareholder is entitled to receive the preferred dividend in the following year. The new provisions further provide for a due date for the payment of dividends. Unless a later due date is determined in the articles of association or by resolution of the general assembly, dividends will be payable on the third business day after the date of the general shareholders’ meeting resolving on the dividend. This part of the reform will only become effective on 1 January 2017. German stock corporations may now also issue convertible bonds with a conversion right for the issuer instead of bondholders only and to create conditional capital for this purpose. The rationale for these amendments is, inter alia, to simplify the restructuring of financially distressed companies by way of debt-to-equity swaps. Simplifying restructuring measures is also the reason for stipulating an exemption from the general rule that the nominal value of conditional capital may not exceed 50% of the share capital: If the conditional capital is created for the sole purpose of enabling the company to exercise a conversion right to avoid insolvency it may exceed 50% of the share capital. Further proposals contained in the governmental draft were not implemented in the adopted law. The Aktienrechtsnovelle 2016 does neither provide for a uniform record date for bearer and registered shares nor for a "relative time limitation for follow-up actions of nullity", pursuant to which a shareholder may only initiate a follow-up action of nullity of a resolution taken by the general shareholders’ meeting within one month from the publication of the initiation of an action for annulment. Back to Top 1.3       Corporate, M&A – New Reporting Requirements and other Amendments to the German Securities Trading Act Five years after its initial adoption, the Transparency Directive (2004/109/EG) was reviewed by the European Commission. This review resulted in the Amendment Directive to the Transparency Directive (2013/50/EU, the "Amendment Directive") which was implemented into German law as of November 26, 2015. The implementation of the Amendment Directive particularly affects the rules under the German Securities Trading Act (Wertpapierhandelsgesetz, WpHG), namely (i) the system and substance of the reporting requirements and (ii) the scope of the sanctions for a breach of the reporting requirements. The changes amend Secs. 21 and 22 WpHG that provide for the reporting of voting rights from shares held by or attributed to a certain person (including rights held by parties acting in concert with such person), Sec. 25 WpHG that provides for the reporting of the holding of financial instruments and Sec. 25a WpHG that now provides for a separate additional reporting of the aggregated holding and attribution of shares and holding of financial instruments. Under the new Sec. 25a WpHG, the reporting requirement is now triggered when the sum of the voting rights from the shares held and/or attributed and the financial instruments held reaches, exceeds or falls below any of the relevant thresholds under Sec 21 WpHG even if none of the reporting requirements pursuant Secs. 21, 22 and/or 25 WpHG are triggered individually. The rules on the attribution of voting rights have been expanded so as to also include (i) voting rights agreements pursuant to which the voting rights (without the underlying shares) are transferred temporarily for consideration and (ii) voting rights from shares that are held as collateral, provided that the holder of the collateral holds the voting rights and expresses the intention to exercise such voting rights. In addition to the above, the revised WpHG further introduces a mandatory uniform reporting form that must be used for all shares and instruments alike and for each notification. A shareholder has to disclose all of his holdings in all reportable financial instruments in every notification that he makes – regardless of the type of transaction by which the notification obligation is triggered. Under the new rules, a parent company may file a single notification for its entire group instead of each company of the group having to file separate notifications, even if the parent company is not involved in the transaction that triggers the reporting obligation and does not hold any of the relevant financial instruments itself. The triggering event for the reporting of voting rights from shares held by or attributed to a certain person has been accelerated in that the actual transfer of the legal ownership of the shares (i.e. the settlement date which is usually T+2 for stock exchange trading) is no longer the relevant event, but rather the existence of a claim or obligation to have the shares transferred unconditionally and without any delay, i.e. on the trade date (T). Accordingly, the time within which reportings have to be made has also been changed. While both the issuer and the Federal Financial Supervisory Authority (BaFin) still have to be notified without undue delay, but in any case within four trading days after the shareholder knew, or under the circumstances could have known, that his voting rights reached, exceeded or fell below the relevant thresholds, it is now irrefutably assumed that the shareholder has such knowledge at the latest two trading days after the voting rights reach, exceed or fall below the relevant thresholds. Back to Top 1.4       Corporate, M&A – The Pitfalls of Failing to Meet the Purchaser’s Duty of Care in an M&A Transaction On March 13, 2015, the District Court of Hamburg (Landgericht Hamburg) decided on the duty of care incumbent on the purchaser under a share purchase agreement ("SPA") in one of the very rare court decisions on M&A transactions. Following a brief due diligence phase, the plaintiff (as purchaser) and the defendant (as seller) entered into a SPA regarding the shares in a German limited liability company which was active in the field of digital satellite and TV supplies. After closing, the purchaser detected that the production and sale of the target’s main products violated third party-IP rights and claimed damages in the amount of EUR 25 million, which corresponded to the settlement amount the plaintiff had agreed upon with the actual owners of the relevant IP rights. The District Court held that the defendant neither violated the contractual provisions under the SPA nor statutory law. In the view of the court, the seller did not breach its representations under the SPA due to the specifics of the case. The representation on permits was held to be limited to public permits only and the representation on IP only covered trademarks but not patents or licenses. Further, the court denied statutory damage claims of the purchaser ruling that the plaintiff was grossly negligent to not be aware of the missing licenses and therefore barred from successfully asserting claims against the seller pursuant to section 442 para. 1 2nd sentence of the German Civil Code (Bürgerliches Gesetzbuch – BGB). Gross negligence generally requires the applicable duty of care being disregarded in a particularly manifest way, e.g. by failing to consider what would be evident for a standard buyer in the respective case. In the court’s view, as an experienced M&A actor that was aware of the general risks in connection with the acquisition of a company, the plaintiff had to deduct from the information provided by the seller in the course of the due diligence as well as from the analysis of the disclosure schedules to the SPA that the patent situation of the target was bound to be problematic. In addition, the purchaser represented in the SPA that "it has been provided with sufficient and satisfactory documentation and information in relation to the transaction contemplated herein". The decision of the District Court of Hamburg illustrates the importance of both conducting a thorough due diligence and carefully wording the SPA. In view of the indications apparent during the due diligence regarding potential issues related to the IP situation of the main products of the target, the purchaser should have requested further clarifications as well as a specific representation or indemnity in this regard (rather than agreeing to a purchaser representation that sufficient information had been provided). In order to avoid any uncertainty regarding the ability to raise potential claims under a SPA (or an asset purchase agreement, as the case may be), a purchaser should try to insist on a clause that contractually excludes the applicability of section 442 para. 1 2nd BGB. Whether or not this can be achieved in practice clearly depends on the bargaining power of the parties in each relevant case. From a seller’s perspective, it is important to exclude any statutory liability exposure beyond the contractually agreed liability regime of the negotiated representations and warranties, indemnities and covenants. Such exclusion is generally permissible under German law unless a potential claim of the purchaser to be excluded is based on a willful act or a fraudulent misrepresentation of the seller. Back to Top 1.5       Corporate, M&A – Export of German Employee Co-Determination? Under the German corporate governance regime, limited liability companies ("GmbH") and stock corporations ("AG") with more than 2,000 employees have to establish a supervisory board whose members consist of 50% of employee representatives. In case the number of employees does not exceed 2,000 but is in excess of 500 employees, a supervisory board with one third of employee representatives has to be established. The requirement of employee co-determination on supervisory boards is unique to Germany and is often viewed with suspicion by foreign investors. In February 2015 the District Court of Frankfurt am Main (Landgericht Frankfurt am Main) issued a ruling, which – if upheld on appeal – would considerably increase the number of German companies subject to employee co-determination. Contrary to past prevailing opinion the Frankfurt District Court held that employees working at sites abroad and even employees of controlled affiliates in other EU Member States need to be taken into account for the calculation of the relevant number of employees. The Frankfurt District Court argued that disregarding EU employees in the context of co-determination thresholds infringes European law, in particular non-discrimination principles. Effectively, this ruling means that a GmbH or an AG with 100 German-based staff members which currently does not have to establish a co-determined supervisory board, would require an employee co-determined supervisory board in the future if the company in question has one or more subsidiaries in EU Member States with 400 (or more) employees. This ruling came as a big surprise but the matter is not finally settled yet. Just six months after the ruling of the Frankfurt District Court, the District Court of Munich (Landgericht München I) issued a conflicting ruling in August 2015. The Munich District Court argued that excluding employees of a GmbH or AG who are working abroad or employed at a subsidiary in another EU Member State from the election of employee representatives to the supervisory board does not contradict the European Union principle of free movement of labor or general anti-discrimination laws. Subsequently, in October 2015, the Berlin High Court (Kammergericht Berlin) ordered a stay of proceedings in a comparable case and submitted the key question regarding a potential breach of the principle of free movement of labor or anti-discrimination laws to the European Court of Justice (ECJ) for an advance ruling on this specific issue. Thus, despite the ruling of the Frankfurt District Court, immediate corporate restructuring activity to limit the effects of the Frankfurt ruling appears premature at this stage. However, the future developments should be closely monitored. The ultimate outcome of the pending proceedings is difficult to predict. If the Frankfurt ruling is upheld on appeal and/or if the ECJ concurs that the exclusion of employees of subsidiaries in other EU Member States from the calculation of the German-law co-determination employee thresholds breaches EU anti-discrimination law, management boards of companies potentially concerned would have to reexamine the requirement for and/or the composition of (existing) supervisory boards. Management boards may in particular have to initiate so called status proceedings (Statusverfahren) on the determination of the applicable supervisory board regime. Corporate restructuring measures to limit the effects of such court rulings could also be considered, but would have to focus beyond the Member States of the European Union to minimize the consequences of such a ruling. Finally, consequential questions and potential disputes on the enforcement of German employee co-determination laws in other EU Member States may well be on the horizon. Ultimately, the ripple effects of these co-determination issues could likely only be resolved by coordinated EU legislation which currently appears to be not on the agenda. Back to Top 1.6       Corporate, M&A – Gender Quota Enacted In March 2015, the German Parliament passed the Act on Equal Participation of Women and Men in Executive Positions in the Private Economy and the Public Sector (the "Gender Quota Act"). For further details on the Gender Quota Act, please see the article "Germany’s new hammer to glass ceilings"). Despite the introduction of this legislation, recent statistical data shows that a significant number of listed corporations will likely miss the 30% quota for female members in supervisory boards which applies as of January 1, 2016. It is expected, however, that this aspect of the Gender Quota Act will play a far more prominent role in any re-election process once an existing seat in the supervisory board becomes vacant after January 1, 2016. In such a scenario, the legal consequence that the seat shall remain vacant if gender quotas are not complied with appears to be a strong incentive for compliance with the quota as the shareholder representatives who would "lose" a supervisory board member could also miss out on the benefit of the casting vote in case of a tied supervisory board vote especially in co-determined supervisory boards where they could become outnumbered by employee representatives on the supervisory board. The second feature of the Gender Quota Act already applies since September 30, 2015, but has not yet measured up to expectations. The target thresholds for female representation in (i) the management boards, (ii) the two management levels below the management board and (iii) the supervisory board to be fixed by companies since September 30, 2015 are rather moderate in current practice. Many of the affected companies provide for minimal (or no) female target quota at all. The reluctance to fix reasonable target quotas may well trigger future legislation on sanctions in case of non-compliance, unless public perception issues cause affected corporations to reconsider their approach in the short to medium term. Back to Top 2.      Tax – Tax Amendment Act 2015 The Tax Amendment Act 2015 (Steueränderungsgesetz 2015), which was adopted by the German Parliament on October 16, 2015, provides for some important changes for German corporate and real estate transactions. While these changes generally apply for the tax year 2016, there are some amendments which affect transactions already executed in prior years. Corporate: Loss limitation rules – extended group definition: Under the current tax loss limitation rules, tax loss carry forwards of a corporation are forfeited on a pro rata basis if within a five year period more than 25%, but not more than 50% of the shares in the loss making entity are sold to the acquirer. If more than 50% are transferred, the losses carried forward will be forfeited in their entirety. The new law now provides for further exemptions on intra group restructurings. The definition of intra group restructurings is extended and permits acquisitions or transfers by the parent of the group that would not have been covered by the present wording of the intra group exemption rules. Moreover, sole proprietorships as well as partnerships can now qualify as parents in intra group restructurings. The new rule applies retroactively for share transfers after December 31, 2009. Corporate: Limitation on considerations paid for tax exempt contributions: Business units and shares granting a majority in a corporation can be contributed tax-neutral to another entity at cost (i.e. book value) in exchange for shares in the absorbing entity. Under current law, in addition to the newly issued shares by the absorbing entity the transferor may receive a consideration in cash or kind of no more than the book value of the assets contributed. Back in 2012, Volkswagen and Porsche used this rule to contribute Porsche into Volkswagen in exchange for one share in Volkswagen and an additional consideration in cash of EUR 4.5 billion without triggering any taxes. According to the new law the additional consideration is limited to 25% of the book value of the assets contributed or to an overall amount of EUR 500,000, but not more than the book value contributed. If the fair market value of the consideration exceeds one of these thresholds the hidden reserves of the contributed business unit are taxed proportionally. The new law applies retroactively to all contributions made after December 31, 2014. Real Estate: RETT on indirect change in a real-estate holding partnership: An indirect change in a real-estate holding partnership may trigger real estate transfer tax (RETT). RETT is due if within a five-year period at least 95% of the interest in a partnership is transferred directly or indirectly to new partners. In case a corporation is the partner in a partnership, the Highest German Tax Court (Bundesfinanzgerichtshof) ruled that – contrary to the view of the tax authorities – an indirect transfer is only deemed to exist if there is a transfer of 100% of the shares in that corporation. The opposing view of the tax authorities has now caused the tax legislator to legally define an indirect change of partners in a real-estate holding partnership. The indirect change of the interest in a partnership shall be determined based on the respective participating interest and by taking into account the legal form of the companies involved. If a corporation is partner of a partnership a relevant indirect change is assumed if at least 95% of the ownership in the corporation changes hands either directly or indirectly. In case of multi-tier corporations the 95%-threshold must be determined separately on each level. If the threshold is met, the indirect shareholding must be fully taken into account. In case of multi-tier partnerships as partners in a real estate holding partnership an indirect transfer is calculated on a pro rata basis for each indirect shareholding; the 95% threshold does not have be met on each upper-tier partnership level. Real Estate: RETT – Re-assessing the tax base for transfer of shares in real-estate holding companies: RETT is calculated as a percentage of the remuneration paid for the transfer of the real estate. In certain scenarios where there is no direct remuneration for the transfer of real estate (i.e. where a consideration does not exist, in a reorganization or share transfer of real-estate holding entities) the tax was based on a certain statutory formula. As a rule of thumb, the value based on the statutory formula was always around 60-80% of the market value of the underlying real estate. The calculation methodology of different tax bases for RETT purposes – depending on whether real estate is transferred directly or indirectly – has caused the German Federal Constitutional Court (Bundesverfassungsgericht) to hold this system of value calculation as being unconstitutional. The tax legislator has now implemented differing rules while adhering to the calculation based on valuation principles already applied for inheritance tax purposes and which more likely reflect the fair market value. The amendments are to be applied retroactively from January 1, 2009. However, a change of existing tax assessments to the disadvantage of the taxpayer is not possible if the assessment was issued prior to the announcement of the Tax Amendment Act 2015. Back to Top 3.      Finance, Insolvency and Restructuring 3.1       Finance, Insolvency and Restructuring – Potential Changes to Contestation Rights in Insolvency On September 29, 2015, the German government introduced a legislative draft proposal to reform certain aspects of the special contestation rights vested in an insolvent company’s insolvency administrator. The current German Insolvency Code (Insolvenzordnung, InsO) gives the insolvency administrator relatively far reaching contestation rights to set aside pre-insolvency transactions between the insolvent entity and its creditors to re-claim funds or other assets to the insolvent estate to be shared among the creditors at large. In the context of recent insolvency law reforms in Germany geared towards prioritizing the restructuring of ailing companies over their liquidation, several influential interest groups have lobbied for changes of the insolvency contestation regime. Both the very long potential contestation periods of up to ten years prior to insolvency and the case law on the burden of proof regarding when a creditor trading with an entity that later becomes insolvent is deemed to have indications of an impending insolvency were felt to be excessive. Such far-reaching contestation rights were argued, on the one hand, to create difficult to manage retro-active risks for any company dealing with business partners that are potentially in distress. On the other hand, it is claimed that business partners who have to be justifiably wary of having to surrender exchanged goods or funds to the insolvency administrator in the future will tend to act in ways that run counter to recent trends towards restructuring ailing businesses rather than taking them off the market because they will withdraw their backing even earlier. The government legislative proposal addresses these two points by reducing the contestation period in certain cases from 10 to 4 years and by modifying the court rules on the burden of proof in such a way that a business partner has to be aware of an actual insolvency and not just an impending insolvency. Other changes involve the point in time from which monetary reimbursement claims of the insolvent estate arising from contested transactions bear interest. The intention here is to encourage insolvency administrator to exercise their contestation rights earlier in the insolvency proceedings rather than wait, safe in the knowledge that their potential claims bear healthy interest already from the opening of insolvency proceedings irrespective of when the actual contestation is asserted. The initial reaction to the governmental proposal in legal and lobbying circles has been mixed but cautiously positive. It is expected that the details of the current draft may yet change as the proposal makes its way through the German law-making process and interested actors point out perceived shortcomings or lobby for amendments. Most commentators do, however, expect the proposal to become law at some stage in 2016 due to the broad economic consensus that the contestation rules in their current form have become somewhat over-reaching and very difficult to predict for companies and business in general. Back to Top 3.2.      Finance, Insolvency and Restructuring – New EU Insolvency Regulation (EU) 2015/848 In June 2015, Regulation (EU) 2015/848 on cross border insolvency proceedings (the "Regulation") came into force. It will be applicable to insolvency proceedings which commence as of June 26, 2017 and will replace Regulation (EC) No. 1346/2000. The new Regulation has direct effect in the Member States and is aimed at rendering cross-border insolvency proceedings more efficient. In a nutshell, the most significant changes include: The scope of the new Regulation also covers rescue and restructuring proceedings aimed at ensuring the continued existence of businesses in financial difficulties, thereby expanding the scope to interim proceedings prior to the opening of formal insolvency proceedings. Purely private restructuring measures between the debtor and individual creditors are, however, not covered. The Centre of Main Interest (COMI) relevant for determining the competent jurisdiction for the opening of insolvency proceedings is defined more precisely. Particular emphasis is placed on limiting forum shopping. A procedure to coordinate several contemporaneous insolvency proceedings regarding various companies of the same group of undertakings is introduced. Unlike in the past, cooperation and information rights can be enforced but a concentration of the proceedings with one court only is established if a qualified majority of the involved insolvency administrators so agrees. The new Regulation further provides for instruments to limit or even avoid secondary insolvency proceedings regarding the same insolvent company. Such measures include synthetic secondary proceedings or the postponement of secondary proceedings if a successful global solution for the insolvent company is otherwise endangered. Member States have to introduce electronically accessible insolvency registers containing mandatory information inter alia on the opening of insolvency proceedings, on the debtor and on the time period for filing claims against the insolvent estate. Thus, creditors and other parties will in the future have access to details of insolvency proceedings without having to undergo time consuming enquiry procedures. In summary, the Regulation would to a large extent appear to implement into binding law current coordination efforts introduced in practice by certain insolvency practitioners. Ultimately, the success of the new Regulation depends on the willingness of insolvency administrators and courts to cooperate in practice. In an insolvency scenario, time is often of the essence and appeal proceedings in cases where the necessary cooperation and coordination is lacking might endanger the stated purpose of the new Regulation, i.e. to render cross-border insolvencies more efficient. Back to Top 4.      Labor and Employment 4.1       Labor and Employment – The Majority Union Gets the Stake The German legislator has limited the circle of eligible unions which are bargaining for the employees of one company to only one union, namely the union with the most members in that plant. This law was passed in order to avoid (i) a compensation patchwork pattern within one and the same company and (ii) that small, skilled groups of professionals like doctors, pilots or train conductors gain enormous leverage to pursue their group interest and claims. The new law provides for a "One Plant–One Tariff" rule with an escalating process. First, any union can pursue its interests as it pleases. Only if a conflict with other unions arises in a particular company, this conflict should be solved by a poll among the company’s employees. Legal and HR practitioners have sharply criticized this law for being unconstitutional and not practical. So far, no field experiences have surfaced. From a company’s perspective, this law makes lifer easier, as dealing with several unions can lead to significant administrative challenges. Back to Top 4.2       Labor and Employment – Stricter Rules for Hiring Interim Specialists? The growing number of interim (esp. IT) specialists being hired as free-lancers has led to contentious court rulings and legislative endeavors. The main question is whether such a scenario can lead to a de-facto employment with the workplace company if the free-lancer is subject to detailed work instructions by the company regarding e.g. place, time and specifics of the work. The most contested issue revolves around regular temp agencies that also hire out free-lancers. According to current statutory law, a de-facto employment cannot be assumed if the temp agency possesses a valid personnel leasing license. This situation is viewed as an unintended loop-hole, which the current government coalition has agreed to close. In November 2015, the Social-Democratic labor minister Andrea Nahles has tabled a draft proposal to tackle this situation. However, influential employers’ lobbyists and the Christian-Democratic senior partner in the government coalition have voiced strong reservations regarding this draft, so it looks unlikely to be enacted in the near future. Nevertheless, companies are advised to exercise caution when hiring free-lancers. Back to Top 5.      Real Estate 5.1       Real Estate – Increase of Residential Rents in Berlin Capped Recent years have seen a strong increase of residential rents in German metropolitan areas and especially in Berlin. As a consequence, several new measures have been added to the German Civil Code (Bürgerliches Gesetzbuch – BGB) designed to soften this upward trend. One of these measures allows the federal state governments to designate by ordinance specific areas in which the regular increase of residential rents is limited to 15% in a period of three years if the supply of the general public with apartments rentable under reasonable conditions is endangered. These ordinances have a maximum term of five years but can be renewed (Section 558 para 3 BGB). In its 2013 ordinance, Berlin designated the entire city as such a specific area effective until May 10, 2018. Since then it has been highly disputed whether this ordinance was effective based on the argument that it also includes areas in which apartments can still be rented under reasonable conditions. On November 4, 2015, the German Federal Supreme Court (Bundesgerichtshof – BGH) upheld this ordinance of Berlin. The decision stresses that the state government has a wide discretion as to the range of the designated areas and the term of the designation. According to the BGH, the permitted limit of discretion is only exceeded by the state government if their considerations are apparently inappropriate in view of the purpose of the law. Although the BGH decision only refers to the ordinance of Berlin, it will impact legal proceedings related to such kind of ordinances of other federal states as well. Given the reasons of the decision by the BGH, it seems, however, rather unlikely that these other ordinances are held invalid. Back to Top 5.2       Real Estate – Clarification of Written Form Requirement In its decisions of April 22, 2015 and June 17, 2015, the German Federal Supreme Court (Bundesgerichtshof – BGH) clarified certain aspects of the written form requirement for lease agreements. If a lease agreement that has been entered into for a period of more than one year does not comply with this written form requirement, mandatory German law allows either lease party to terminate the lease agreement with the statutory notice period irrespective of whether a fixed lease term was agreed. The statutory notice period for commercial lease agreements is six months (less three business days) to the end of any calendar quarter. In its decision of April 2015, the BGH held that, contrary to previous interpretations of the BGH’s case law, the written form does not require all members of the executive board to sign a lease agreement on behalf of a German stock corporation unless the names of the board members are indicated in the lease agreement. According to the June 2015 decision of the BGH, a lease that was concluded orally or by implied action nonetheless meets the written form requirement if the agreed terms and conditions of the lease are recorded in a written and properly signed document, irrespective of whether the recording was made before or after the conclusion of the lease. Despite these clarifications and the ongoing tendency by the BGH to limit the scope of the written form requirement, the parties to German commercial lease agreements should ensure that the lease agreement complies with the written form requirement at all times. Back to Top 6.      Data Protection 6.1       Data Protection – Proposed EU Data Protection Regulation In December 2015, a compromise wording of the proposed new EU Data Protection Regulation (the "Regulation") was finally agreed during so-called ‘trilogue’ meetings between the European Commission, the European Parliament and the Council. The upcoming Regulation will revamp the Commission’s outdated 1995 Data Protection Directive that is widely found not to adequately cover the digital era. The Regulation intends to ensure a uniform set of data protections rules throughout the European continent. In addition, the Regulation will also implement a one-stop-shop approach. Companies will have to deal with only one regulator for all Member States. The European Commission estimated the resulting savings to amount to approx. EUR 2.3 billion per year. However, the Regulation will also implement rules that may put additional burdens on businesses – including businesses outside the EU. First, the marketplace principle will ensure that the Regulation will also apply to companies outside the EU to the extent they offer services in the EU. Second, the Regulation will implement principles that may require costly adaptions of existing product and services offerings, e.g. stricter consent requirements, the "right to be forgotten" , a right to data portability and notification obligations in case of data breaches (see also our 2015 Data Privacy Outlook and Review). Notably, the Regulation will implement a sanctions regime where violations of the Regulation can trigger fines of up to 4% of a company’s annual turnover. The Regulation is now expected to be formally adopted by the European Parliament and Council in early 2016. The Regulation would then enter into force two years later, i.e. in early 2018. Companies should, however, use these two years to ensure they are well prepared for its eventual entry into force. Back to Top 6.2       Data Protection – Update Safe Harbor / International Data Transfers In a landmark ruling of October 6, 2015, the European Court of Justice (ECJ) removed the assurance that personal data transferred to the US under the EU-U.S. Safe Harbor framework were automatically considered as being adequately protected as required by EU data privacy legislation. The decision originates from a request for a preliminary ruling from the Irish High Court on the compatibility of the Safe Harbor framework with Article 8 of the Charter of Fundamental Rights of the EU. The ECJ made that decision because in its view the ability of the US intelligence services to gain access to transferred personal data of European citizens was beyond what it considered strictly necessary and proportionate and, therefore, interfering with fundamental rights and freedoms guaranteed by the Charter Of Fundamental Rights Of The European Union. For the time being, the EU Commission Decisions on standard contractual clauses may still be relied on by companies to provide adequate protection at least during a transition period until end of January 2016 set by Article 29 EU Working Party of European data protection authorities. But the strong emphasis of the ECJ decision on fundamental rights and freedoms raises the question if additional protection must be added to standard contractual clauses as they, like the Safe Harbor rules, are not binding upon public authorities whether in the U.S. or elsewhere. As a result, the recommendation in our 2014 year-end alert to not solely rely on Safe Harbor certifications for data transfers to the U.S. has proved to become an urgent topic for all companies that transfer customer data, HR data or other types of personal data from Europe to the US or internationally. The European Union and the United States are currently negotiating the details of a proposed successor safe harbor regime, which is hoped to be agreed in early 2016 to close the enormous gap and uncertainty that the decision of the ECJ has caused. Back to Top 6.3       Data Protection – Draft Bill on Standing of Consumer Associations in Data Privacy Proceedings As already reported in our 2014 year-end alert, the German legislator considered strengthening the enforcement of data privacy laws by allowing consumer rights associations to bring actions for injunction on behalf of consumers. Relevant changes to the German Act Governing Collective Actions for Injunction (Unterlassungsklagengesetz – UKlaG) have now been agreed by the German Parliament in December 2015. The new law is expected to increase the enforcement pressure on both large companies but also on small- and medium-size companies to comply with German data protection laws. Back to Top 6.4       Data Protection – Transfer of Personal Data in M&A Asset Deals The Bavarian Data Protection Authority has fined a seller in an M&A asset deal transaction for the illegal transfer of customer data to the acquirer of substantially all of the seller’s business (including customer data). The authority alleged that there was no sufficient consent obtained from the individuals whose personal data was transferred together with the acquired business. The regulator’s position is a strictly literal interpretation according to which consent was granted to the specific entity that originally processed the individual’s data (and not the business operated by such entity). As a consequence, parties of future M&A deals where personal data is a key business asset will have to thoroughly consider the implications of an asset deal. Back to Top 7.      Compliance 7.1       Compliance – German Legislator expands Anti-Corruption Framework Effective as of November 26, 2015, Section 299 of the German Criminal Code (Strafgesetzbuch – StGB) sanctioning commercial bribery was significantly revised and expanded. The revised provision makes the request, acceptance of a promise for or acceptance of an advantage, a crime if this is made: (i) in return for providing an unfair advantage in a business competition, or (ii) in return for a breach of duty towards the commercial organization. Likewise, the offering, promising or granting of a benefit to an employee or an agent of a commercial organization is a crime if made: (i) in return for obtaining an unfair advantage in a business competition, or (ii) in return for a breach of duty towards the commercial organization. Prior to the revision, active and passive commercial bribery was only punishable under criminal statutes when the corrupt conduct was connected to unjustified preferential treatment in the context of a competitive transaction. The specific interpretation of the new relevant element of the crime, the "breach of duty towards the commercial organization" is still subject to debate. There are uncertainties as to which specific acts would qualify as a breach and thus fulfil the elements of the crime. According to explanatory notes provided by the legislator, a violation of a company’s internal compliance guidelines or concealing the acceptance of a benefit received by the employee from the commercial organization by itself may not be sufficient to establish a breach of duty. Rather, the benefit provided or accepted must be specifically made in return for acts or omissions which violate duties towards that employer relating to the commercial transaction. These modifications of the current law call for a review of corporate conduct guidelines and compliance controls as well as tailored communication to relevant and responsible employees in order to reassure and refresh awareness of risks associated with the expanded commercial bribery statutes in Germany. Back to Top 7.2       Compliance – New Legislation to Fight Corruption in the Healthcare Sector The German legislator has brought the Act to Combat Corruption in the Healthcare Sector (Gesetz zur Bekämpfung von Korruption im Gesundheitswesen) on its way in 2015 (the "Act"). The (draft) Act significantly increases the risk of criminal liability for members of the healthcare professions and persons working in the life sciences industry. The new legislation is expected to be enacted shortly by Parliament, with adoption likely as early as January 2016.  The Act closes gaps concerning the criminal prosecution of corruption in the healthcare sector. The legislative procedure was initiated in response to a 2012 German Federal Court of Justice (Bundesgerichtshof – BGH) decision where the court held that offering bribes and favors to resident medical practitioners, such as resident doctors, is not covered by the current anti-corruption legislation, as such doctors are not acting as agents of the statutory health system. Essentially, the forthcoming act will introduce two new criminal offences penalizing active and passive corruption in the healthcare sector. The current draft act extends the applicability of the offences to not just resident doctors but all healthcare professionals whose profession requires a state-recognized vocational education. Both criminal offences are penalized with imprisonment of up to three years or a fine. Serious cases are penalized with imprisonment of between three months and five years. According to the current draft of the Act, alleged offences will not be liable to mandatory public prosecution but will only be investigated and prosecuted if a charge is filed, or if the state prosecutor considers prosecution necessary because of a special public interest, e.g. due to the number of parties or the amount of bribes involved. But the group of individuals and entities that may press a charge is rather broad under the current draft. Besides competitors, it also includes professional associations of physicians, the chamber of commerce and other institutions for fair competition, as well as private and statutory health insurance companies. The draft Act has led to a sense of uncertainty in the healthcare sector. In particular, it is currently not clear where prosecutors and courts will draw the demarcation line between desirable cooperation between doctors and the health care industry and corruptive behavior. In order to avoid potential exposure, companies are well advised to interpret the new Act with caution and to ensure robust internal compliance procedures. Back to Top 7.3       Compliance – Legal Privilege in Investigations Strengthened On July 21, 2015, the District Court of Braunschweig (Landgericht Braunschweig) has rendered an important decision that clarifies and strengthens the legal privilege relating to documents prepared in the course of internal investigations. The court held that documents that are prepared by legal counsel, at least partially, for the purpose of defending a company against potential future proceedings by enforcement authorities are protected against seizure under the German attorney-client privilege (Verteidigungsunterlagen, § 148 StPO).  The court decided that documents prepared by legal counsel for the purpose of defending the corporate client against potential investigation proceedings are exempt from seizure, irrespective of their place of custody (at the office of the client or its legal counsel) and irrespective of the time of their preparation (before or after investigatory proceedings have been initiated). Also, the protection against seizure does not depend upon the nature of the investigatory proceedings as criminal or administrative. In the same decision the court clarified that the legal privilege does not extend to documents that have been prepared by an organization for purposes other than the potential defense in a criminal or administrative matter. In the specific case decided, a document held to fall outside of the protected attorney-client privilege was an internal audit report. The general approach with regard to the legal privilege for documents prepared by external counsel in internal investigations is still in flux, and the decision by the District Court of Braunschweig does not have any binding effect on other courts in Germany. However, following the recent decisions by various district courts, there is a noticeable trend towards strengthening the German legal privilege through a series of decisions. The decision of the District Court of Hamburg (October 15, 2010, 608 Qs 18/10) took a very narrow interpretation of the attorney-client-privilege and permitted the seizure of documents prepared by external counsel in their offices arguing that the attorney-client relationship between the law firm and its corporate client in the specific case was not comparable with the relationship between a criminal defense lawyer (Strafverteidiger) and his client. The 2012 decision of the District Court of Mannheim (July 3, 2012, 24 Qs 1/12 and 2/12) referred to the newly introduced provisions in the German criminal procedural code that strengthened the position of legal counsel to corporate organizations (see § 160a StPO, Gibson Dunn’s 2012 Year-end Client Alert further analyzed this decision in light of the respective changes in the law). The District Court of Mannheim prohibited the seizure of privileged material that was in the custody of external counsel. The recent decision by the District Court of Braunschweig goes above and beyond the initial two decisions since it does not require a specific criminal or administrative proceeding to be threatened or that the privileged documents must be in the physical custody of external counsel for the legal privilege to apply. While this new decision is instructive and important to further clarify the extent of the legal privilege for documents created in the course of an internal investigation, caution should still be exercised (i) when deciding upon the place where the privileged documents are being stored, and (ii) when documenting that the materials have been prepared in light of a potential defense against criminal and administrative proceedings against the client. Back to Top 7.4       Compliance – ISO 37001 – Another Compliance Standard on the Horizon After the publication of ISO 19600 (International Standard 19600 Compliance Management Systems) at the end of 2014, the International Organization for Standardization (ISO) is currently in the final stages to prepare ISO 37001 "Anti-bribery Management Systems" (ISO 37001) which is expected to be published in the course of 2016. Unlike ISO 19600, ISO 37001 is focusing on the narrower compliance topic of anti-bribery and it is being developed as a requirements standard, making it capable of independent certification. Critical voices of the current ISO 37001 draft who follow the work of the Project Committee closely warn that ISO 37001 needs to be more harmonized with ISO 19600 and its development should be more transparent (seeing that a draft of the current ISO 37001 is to date not publicly available). ISO plans to make the draft available through local ISO members once it reaches the public enquiry stages in early January 2016 and expects the country votes on the draft to close on April 5, 2016. If there is a majority vote in favor of publication, the publication of the standard is expected in late 2016. According to German law, third-party standards and guidelines do not impose strict obligations upon companies. At best, standards may serve as "anticipated expert opinions" (antizipiertes Sachverständigengutachten), the elements of which are considered commonly accepted as general standards of technology and science (Allgemeiner Stand der Technik und Wissenschaft). In order for a certain standard to be considered as general standard, a number of criteria must be met, in particular (i) the standard must reflect relevant legal requirements in Germany, (ii) the provisions of the standard must be adequately substantiated, (iii) the committee developing the standard needs to be equipped with sufficient expertise, and (iv) the development of the standard must follow a structured, transparent, well-documented approach, taking into account German public interests (Gemeinwohl) and comments from potentially affected parties ("interessierte Kreise"). Finally, the standard should reflect a commonly accepted approach, and not a "best-in-class" approach. It remains to be seen whether the further development of ISO 37001 will manage to meet these requirements. To date, existing standards in the market (e.g. the German IDW Assurance Standard 980) have not been confirmed by German higher courts to be considered a "commonly accepted" standard. Therefore, the question whether or not a certification based on any of these standards is a helpful defense in a criminal, administrative or civil proceeding against an organization, its board members or individual function holders, will remain subject to a case-by-case analysis made by the competent prosecutor and court in each individual case. Back to Top 8.      Antitrust and Merger Control 8.1       Antitrust and Merger Control – Antitrust & Merger Control Enforcement The German antitrust watchdog had an active year 2015, although in terms of fines imposed, it has by far fallen short of the record year 2014 when the total fines exceeded the amount of EUR 1 billion. In 2015, fines "only" reached a total of approx. EUR 190 million and covered seven cartel cases with fines imposed against 37 companies including automotive part manufacturers, mattress manufacturers, providers of container transport services and manufacturers of prefabricated garages and 24 individuals. In addition, the Bundeskartellamt reviewed approx. 1,100 merger filings. Only 1% of these merger notifications triggered an in-depth phase two review, and only one merger was prohibited by Germany’s competition watchdog. Back to Top 8.2       Antitrust and Merger Control – Internet Platforms The Bundeskartellamt continued to be very active in reviewing online businesses and, in particular, the conditions for online sales and attempts by brand manufacturers to prevent sales through internet platforms. For this purpose, the Bundeskartellamt set up a special task force in the beginning of 2015. Prominent proceedings that were closed in 2015 included investigations into the online sales practices of brand manufacturers such as adidas and ASICS, and best price clauses used by hotel booking portal operators like HRS and Booking.com. In addition, the Bundeskartellamt also reviewed two mergers concerning internet platforms (Immonet/Immowelt and Parship/Elitepartner). Additional investigations concerning restrictions to internet platforms and internet distribution channels are currently pending with the German competition watchdog. Therefore, the competitive arena will remain highly contentious among brand manufacturers, their distributors and the Bundeskartellamt. For example, on December 22, 2015, the Upper District Court of Frankfurt issued an appeal decision confirming that a contractual clause prohibiting the sale of certain branded rucksacks through an internet shopping platform was valid and does not infringe competition laws. Back to Top 8.3       Antitrust and Merger Control – New Guidance on Bid-Rigging Agreements In August 2015, the Bundeskartellamt published a guidance paper that intends to help contracting entities to uncover bid-rigging agreements (see Press Release, Bundeskartellamt, How to spot inadmissible bid-rigging agreements – Bundeskartellamt publishes guidance document for contracting entities (August 8, 2015), available here). The guidance resulted from indications in previous cartel proceedings (e.g. the fire-fighting vehicles cartel and the rail cartel) that certain indicators may help discover illegitimate bid-rigging agreements. By way of background, bid-rigging is the only cartel offense under German law that is subject to criminal prosecution (and thus potential imprisonment) of individuals (see Section 298 of the German Criminal Code). Other cartel infringements are enforced on the basis of (significant) administrative fines but cannot lead to imprisonment of individuals. Back to Top The following Gibson Dunn lawyers assisted in preparing this client update:  Benno Schwarz, Birgit Friedl, Marcus Geiss, Peter Decker, Lutz Englisch, Daniel Gebauer, Kai Gesing, Markus Nauheim, Sebastian Lenze, Sonja Ruttmann, Katharina Saulich, Martin Schmid, Hubertus Schröder, Michael Walther, Georg Zerr and Mark Zimmer. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. The Munich office of Gibson Dunn brings together lawyers with extensive knowledge of corporate, tax, labor, real estate, antitrust, intellectual property law and extensive compliance / white collar crime experience. The Munich office is comprised of seasoned lawyers with a breadth of experience who have assisted clients in various industries and in jurisdictions around the world. Our German lawyers work closely with the firm’s practice groups in other jurisdictions to provide cutting-edge legal advice and guidance in the most complex transactions and legal matters. For further information, please contact the Gibson Dunn lawyer with whom you work or any of the following members of the Munich office: General Corporate, Corporate Transactions and Capital MarketsLutz Englisch (+49 89 189 33 150), lenglisch@gibsondunn.com)Markus Nauheim (+49 89 189 33 122, mnauheim@gibsondunn.com)Birgit Friedl (+49 89 189 33 121, bfriedl@gibsondunn.com)Marcus Geiss (+49 89 189 33 122, mgeiss@gibsondunn.com)Hubertus Schröder (+49 89 189 33 150, hschroeder@gibsondunn.com) Finance, Restructuring and InsolvencyBirgit Friedl (+49 89 189 33 121, bfriedl@gibsondunn.com)Marcus Geiss (+49 89 189 33 122, mgeiss@gibsondunn.com)Hubertus Schröder (+49 89 189 33 150, hschroeder@gibsondunn.com) TaxHans Martin Schmid (+49 89 189 33 110, mschmid@gibsondunn.com) Labor LawMark Zimmer (+49 89 189 33 130, mzimmer@gibsondunn.com) Real EstatePeter Decker (+49 89 189 33 115, pdecker@gibsondunn.com)Daniel Gebauer (+ 49 89 189 33 115, dgebauer@gibsondunn.com) Antitrust and Intellectual Property Michael Walther (+49 89 189 33 180, mwalther@gibsondunn.com)Kai Gesing (+49 89 189 33 180, kgesing@gibsondunn.com) Corporate Compliance / White Collar MattersBenno Schwarz (+49 89 189 33 110, bschwarz@gibsondunn.com)Michael Walther (+49 89 189 33 180, mwalther@gibsondunn.com)Mark Zimmer (+49 89 189 33 130, mzimmer@gibsondunn.com) © 2016 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 27, 2017 |
2016 Trade Secrets Litigation Round-Up

2016 saw a number of significant developments in trade secrets law, including the passage of the Defend Trade Secrets Act, the first—and highly-anticipated—federal civil trade secrets statute.  On the criminal side, the Obama Administration continued to aggressively prosecute individuals for trade secret theft and cyber-espionage, including a number of foreign actors, as well as a professional baseball executive who pled guilty to illicitly accessing a rival team’s scouting reports.  In the civil realm, we saw several high-dollar jury verdicts and one court concluding that the location of bee hives is a trade secret.      Jason Schwartz, Greta Williams, Michael Jaskiw and Brittany Raia discuss these and other significant 2016 developments in trade secrets law in their article "2016 Trade Secrets Litigation Round-Up" published in BNA’s Patent, Trademark & Copyright Journal in January 2017. Reprinted with permission from BNA’s Patent, Trademark & Copyright Journal, 1/26/17.  © 2017, The Bureau of National Affairs, Inc.  Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors in the firm’s Washington, D.C. office: Jason C. Schwartz (+1 202-955-8242, jschwartz@gibsondunn.com)Greta B. Williams (+1 202-997-3745, gbwilliams@gibsondunn.com)Michael A. Jaskiw (+1 202-955-8298, mjaskiw@gibsondunn.com) Brittany A. Raia (+1 202-887-3773,braia@gibsondunn.com) Please also feel free to contact any of the following practice group leaders and members: Labor and Employment Group:Catherine A. Conway – Los Angeles (+1 213-229-7822, cconway@gibsondunn.com)Jason C. Schwartz – Washington, D.C. (+1 202-955-8242, jschwartz@gibsondunn.com) Intellectual Property Group:Josh Krevitt – New York (+1 212-351-2490, jkrevitt@gibsondunn.com)Wayne Barsky – Los Angeles (+1 310-557-8183, wbarsky@gibsondunn.com)Mark Reiter – Dallas (+1 214-698-3360, mreiter@gibsondunn.com)Michael Sitzman – San Francisco (+1 415-393-8200, msitzman@gibsondunn.com) Privacy, Cybersecurity and Consumer Protection Group:Alexander H. Southwell – New York (+1 212-351-3981, asouthwell@gibsondunn.com) Benjamin B. Wagner – Palo Alto (+1 650-849-5395, bwagner@gibsondunn.com) © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 13, 2017 |
2016 Year-End German Law Update

Over the last eight years, the German economic recovery seemed very robust to any sort of political and financial turbulences occurring in the EU and world-wide. The economy was booming, unemployment rates were at their lowest since the Second World War, and state coffers were filled with record tax collections that allowed Germany to run debt-free current budget accounts for the third consecutive year. The last twelve months, however, have the potential to derail this great journey. While BREXIT would at first and foremost appear to be harmful to the British economy, there have already been some negative knock-on effects on German exports to the UK. The unraveling of the Transatlantic Trade and Investment Partnership (TTIP), coupled with new protectionist tones emanating from the U.S. and many other countries, constitute an even bigger challenge to the export oriented German industry. These risks are amplified by the threat of a gradual decomposition of the EU, in particular, if recent concerns caused by the Italian referendum to reject a constitutional reform materialize and lead to a new financial crisis of the EU’s second-largest debtor (by measure of national debt in relation to GDP). As if this were not enough to contend with, more uncertainty lies ahead with elections in France and the Netherlands that could lead to success for anti-European and protectionist parties, further destabilizing the EU. And, finally, the elections for Germany’s parliament in the fall of 2017 may well yield results that endanger what had been dubbed as Germany’s policy of the “safe pair of hands” (Politik der ruhigen Hand), Chancellor Merkel’s highly successful and admired approach to tackling the significant challenges facing Germany in a considered and pragmatic “no-nonsense”-way. In light of these fundamental challenges that are likely to occupy the daily news in the coming months, the changes in many laws and regulations presented in this German Law Update seem like a report from better days in the past that may soon be overtaken by events of a different magnitude that threaten to shake the fragile shell of the EU over the next few months. As every year, we thank our clients and friends for their continued support and interest in our services. We hope that you will gain valuable insights helping you to successfully focus and steer your projects and investments in Germany in 2017 and beyond. We promise to keep you updated on any developments impacting your way of doing business in and with Germany in these exciting times. Table of Contents         1.  Corporate, M&A 2.  Tax 3.  Finance, Insolvency and Restructuring 4.  Labor and Employment 5.  Real Estate 6.  Data Protection 7.  Compliance 8.  Antitrust and Merger Control 1.      Corporate, M&A 1.1       Corporate, M&A – Audit Reform – New Challenges for Supervisory Boards & Audit Committees The directly applicable European Regulation (EU) No 537/2014 on specific requirements regarding statutory audits of public-interest entities (Abschlussprüferverordnung – APVO) and the accompanying German Audit Reform Act (Abschlussprüferreformgesetz – AReG) took effect on June 17, 2016. The key change they introduced is the principle of rotation after 10 years for the statutory auditor of so-called public interest entities, meaning the statutory auditor of public interest entities must change after 10 years, although the 10-year period can be extended to 20 years as long as the entity puts in place a procurement process by which it solicits bids from other auditors. Correspondingly, the responsibilities of the supervisory board and its audit committee in connection with the auditing procedure have been further specified more precisely, in particular with a view to (i) the appointment procedure and (ii) the monitoring of the independence of the auditor regarding (a) audit fees and (b) prohibited non-audit services (section 5 APVO). Non-compliance with these requirements may be sanctioned as an administrative offence and, under certain circumstances, even as a criminal offence. In the course of the reform, the requirements for the composition of the supervisory board and its audit committee were amended to the effect that (i) the required financial expert no longer needs to be independent (which, however, in practice will rarely make a difference because the German Corporate Governance Codex (DCGK) continues to require the chairman of the audit committee to be independent and a financial expert) and (ii) sector competence is required for the supervisory board and the audit committee, that means that these bodies in their entirety are now required in the same sector in which the company operates. Members of supervisory boards and audit committees should therefore make sure that (i) they are aware of, and comply with, their new responsibilities in relation to the appointment and monitoring of the auditor, (ii) the rules of procedure of the respective bodies are amended in line with the new requirements and (iii) the rules for the composition of the respective bodies are complied with. Back to Top 1.2       Corporate, M&A – Direct Communication between Supervisory Board and Investors Over the last few years, supervisory boards of many German public companies have increasingly faced requests by investors for direct interaction. This is not, however, provided for under German statutory law for the typical two-tier board structure. The prevailing view used to be that any communication with investors was a matter of managing the company (rather than supervising it) and was therefore the responsibility of the management board and not of the supervisory board. A more flexible view deemed communication between investors and the chairman of the supervisory board permissible if such approach was aligned with the management board (“one voice policy”). On July 5, 2016, a prominent working group issued “Guiding Principles for Dialogue between Investor and Supervisory Board,” which aimed at providing practical guidance on such communications and, in particular, stipulated that the chairman of the supervisory board may enter into discussions with investors on topics in the sole responsibility of the supervisory board as long as this was generally aligned with the management. This initiative intensified the ongoing discussion, and was followed by a proposal of the governmental commission (Regierungskommission) in October 2016 to amend the German Corporate Governance Codex accordingly and to recommend that the chairman of the supervisory board should be prepared, within an appropriate framework, to discuss with investors topics relevant to the supervisory board. The discussion is still ongoing. While practitioners welcome the proposal as it is said to meet the respective needs in practice and already reflects common practice, some scholars warn that these proposals are not in line with currently applicable law. For the time being, supervisory board members are thus well advised to communicate with investors only if they are aligned with the management board. Back to Top 1.3       The Future of German Co-Determination: The Battle Goes On The application of German co-determination laws to foreign employees of German corporations remains one of the most volatile battlegrounds in the German courts as they contend with traditional German local doctrine, on the one hand, and potential implications of European Union law and the freedom of establishment (Niederlassungsfreiheit), as laid down by the Treaty on the Functioning of the European Union (TFEU), on the other hand (please see in this regard our 2015 Year-End Alert, section 1.5). Under German law, the Co-Determination Act (Mitbestimmungsgesetz), which necessitates equal employee representation on the supervisory board, applies to corporations with more than 2,000 employees. More than 500 employees trigger the application of the so-called German One-Third Participation Act (Drittelbeteiligungsgesetz), which requires one third of the supervisory board to be constituted of employee representatives. In the past the by far prevailing assumption was that only employees of the relevant German domiciled group companies have the right to vote and be elected to the supervisory board. Extending the application of co-determination laws to employees outside of Germany for purposes of the calculation of the threshold number of employees, and also granting foreign employees the right to vote and to be elected to the supervisory board would have considerable effects not only on German corporations but also on their foreign subsidiaries. Almost two years after a surprise decision by the District Court of Frankfurt am Main (Landgericht Frankfurt am Main) in February 2015 that held that non-German employees employed by foreign subsidiaries of a German corporation (Deutsche Börse AG) would also need to be counted towards the above thresholds and were entitled to vote for and be voted onto the supervisory board as employee representatives, the legal situation remains uncertain. The above decision is still on appeal and there are currently three other similar cases that are either pending before, or have been finally decided by, other regional courts in Bavaria (BayWa), Berlin (TUI) and Rhineland-Palatine (Hornbach) that have reached different conclusions (for a more detailed analysis, see the article by Lutz Englisch and Mark Zimmer in the Business Law Magazine). These contentious questions on the territorial and personal reach of the German co-determination laws will soon be decided by the European Court of Justice in the early part of 2017 in response to a request for a preliminary ruling from the Berlin High Court (Kammergericht Berlin). Such a preliminary ruling would settle the differences of opinion between the various German courts and provide guidelines on an EU-conform interpretation of the German co-determination laws. In the medium-term, subject to the reaction in Germany and abroad to the European Court of Justice’s decision in the case referred, this might also lead to a more aligned European-wide approach if the European Commission decides to include this in its company law agenda going forward. For companies potentially affected by these developments it remains key to monitor the outcome of the above litigation and carefully analyze their own factual situation and employee numbers in Germany and abroad in order to be in a position to react adequately to any future developments. Back to Top 1.4       Corporate, M&A – Shareholder Activism on the Rise? Activist shareholders in Germany have in the past generally exercised their influence offstage by (successfully) pressuring management into supporting the instalment of their representatives in the supervisory board. In the summer of 2016, however, Germany saw the first prominent proxy fight about supervisory board elections between the management of German public company STADA and the German activist shareholder AOC – Active Ownership Capital. AOC, holding approximately a 7% participation, was about to strike a deal with the supervisory board of STADA about AOC’s representation in the supervisory board which was later rejected by the company. After an extensive proxy fight during which, inter alia, STADA’s CEO resigned, AOC managed to have the chairman of the supervisory board (though no other board members) replaced during the shareholders meeting. Earlier this year, the German capital market experienced two severe short attacks: in March, a formerly unknown research entity (Zatarra) published a research report alleging fraud and corruption at Wirecard on a newly set-up webpage without disclosing the author(s). Concurrently, massive short positions had been built up. Wirecard’s share price dropped by approximately a third on this day. The author of the Zatarra report has not yet been identified nor have the report’s allegations been proven. Wirecard’s share price has recovered in the meantime. In April, New York-based hedge fund Muddy Waters published a report alleging a lack of transparency and indications of non-compliant behavior at German public company Stroer, in particular, in connection with related parties’ transactions. Muddy Waters, referring to a history of detecting non-compliant behavior at public companies, concurrently explained that it had acquired significant short positions since it expected the share price of Stroer to drop. Stroer’s share price dropped by approximately 30% on that day and has not recovered since. Back to Top 1.5       Corporate, M&A – New European Market Abuse Regime – Extended Scope and Increased Sanctions On July 3, 2016, the European Market Abuse Regulation (“MAR“) came into force, creating a new regulatory framework on market abuse across the European Union (EU). The parts of the German Securities Trading Act (Wertpapierhandelsgesetz – WpHG) dealing with insider dealing, ad hoc disclosure, director’s dealings and market manipulation have been replaced by the provisions of the MAR. On the same day, changes to the WpHG with regard to criminal sanctions for the violation of market abuse rules came into force which implemented requirements of the European Directive on Criminal Sanctions for Market Abuse (“CRIM-MAD“). Together, the MAR and the CRIM-MAD have extended the scope of the market abuse regime and incorporated a wider range of more stringent sanctions. Some of the key changes implemented by the MAR include: Scope: The rules regarding ad hoc disclosure, manager’s transactions and maintenance of insider lists now also apply to issuers who have approved trading of their financial instruments on a multilateral trading facility (“MTF“) or organized trading facility (“OTF“) or have requested admission to trading of their financial instruments on an MTF. Examples of MTFs include the Euro MTF in Luxembourg and the Open Market (Freiverkehr) of the Frankfurt Stock Exchange. Insider dealing: The use of inside information to amend or cancel an order is now considered to be insider dealing. In addition, MAR sets out certain types of “legitimate behavior” which do not constitute insider dealing. MAR clarifies that stake-building in the context of a public takeover offer by an investor who obtained inside information concerning the target does not fall under the legitimate behavior exemption. Market sounding: MAR permits inside information to be legitimately disclosed to potential investors and shareholders for the purposes of a market sounding subject to certain prescribed and detailed steps which need to be taken by any issuer or person acting on an issuer’s behalf (e.g., brokers or investment banks) prior to conducting a market sounding. Detailed record keeping requirements are also imposed under MAR. Delaying disclosure of inside information: As before, an issuer may delay the disclosure of inside information, provided certain conditions are satisfied. However, outstanding approval from the supervisory board may only qualify as a legitimate interest for delaying disclosure if it is not certain that the supervisory board will approve the decision. Further, if rumors with sufficiently concrete information are spreading, irrespective of whether or not the rumors originated from the issuer’s sphere, it is assumed that the information’s confidentiality can no longer be ensured and, consequently, the issuer is not justified in delaying disclosure, but must disclose the inside information to the public as soon as possible. Manager’s transactions: The scope of the disclosure regime regarding transactions in the issuer’s shares or other financial instruments by “persons discharging managerial responsibilities” (“PDMRs“) and persons closely associated with them has broadened, and requirements as to form, timing and permitted exceptions have become stricter. Dealings in debt instruments and related financial instruments are now generally within the scope of MAR. In addition, MAR introduced so-called “closed periods” during which PDMRs are prohibited from dealings subject to certain exceptions. The duration of the prohibition is 30 calendar days prior to the “announcement” of a mandatory interim financial report or year-end report. Under certain circumstances, “announcement” can also be the publication of preliminary financial results. Market manipulation: MAR extends market manipulation to the manipulation of certain benchmarks and indices as well as to manipulative high-frequency trading. The market manipulation offence now also covers attempted manipulation. MAR leaves it up to the national competent authorities jointly with ESMA (European Securities and Markets Authority) to establish “accepted market practices” (“AMPs“) which will not be treated as market manipulation. The German Federal Financial Supervisory Authority has not yet established any AMPs. Sanctions: Monetary fines for the violation of the market abuse rules have been increased to up to EUR 5 million for an individual, and EUR 15 million or 15 per cent of the annual turnover for a firm. For example, fines of up to EUR 2.5 million or 2 per cent of the annual turnover can be imposed on a firm for the violation of ad hoc disclosure rules. In addition, sanctions available to the national competent authorities now also include public warnings (also known as “naming and shaming”) and temporary or permanent occupational bans of individuals. Back to Top 1.6       Corporate, M&A – Balance Sheet Guarantees – New Liability Risks for Sellers Balance sheet guarantees (representations and warranties) in share sale and purchase agreements can be considered standard. Often sellers feel comfortable to agree on such a guarantee, in particular, when the annual financial statements are audited. On the other hand, most sellers are reluctant to grant an additional undisclosed liability guarantee on “the absence of liabilities except as set forth in the most recent year-end balance sheet.” A ruling of the Higher District Court of Frankfurt am Main (Oberlandesgericht Frankfurt am Main) of May 2015 which was only published in 2016 appears to have rendered the distinction between a balance sheet guarantee and a guarantee on the absence of liabilities obsolete in certain cases. In the case before the court, the seller seems to have agreed on a clause comparable to the following clause: “The audited financial statements of XY-GmbH have been prepared with the care of a prudent business person (mit der Sorgfalt eines ordentlichen Kaufmanns) in accordance with German local generally accepted accounting principles (“GAAP”), including valuation principles (Bewertungsgrundsätze), consistent with past accounting and valuation practices, and present a true and fair view of the assets and liabilities (Vermögenslage), financial position (Finanzlage) and earnings position (Ertragslage) of XY-GmbH.” The Higher District Court of Frankfurt am Main held that clauses of the aforementioned type amount to a hard or objective balance sheet guarantee. As a consequence, the seller was held to be in breach even though the seller was not and could not have been aware of the liability in question when the annual financials were drawn up and even though the relevant accounts were, thus, in all respects in line with applicable accounting principles and were audited accordingly. Effectively, the ruling has the potential to turn balance sheet guarantees into a catch-all clause in cases where the requirements of other more specific guarantees are not met. The Frankfurt court went on to rule that the loss suffered by the purchaser consisted of the difference between the purchase price which was calculated on the basis of the available balance sheet and the purchase price which would have been arrived at had the additional liability been reflected therein. In contrast, the Higher District Court of Munich (Oberlandesgericht München) had some years earlier held that the loss is the amount of the relevant liability which was disregarded. Depending on the circumstances, the loss suffered by a purchaser can be higher or lower depending on which of the different calculation methods is applied. There are also cases where a purchaser would not have insisted on a lower purchase price, for example if the key decisive element for the purchaser were certain assets such as real estate or IP, which are unrelated to the disregarded liability. As a seller is often not aware of the components and drivers of the purchaser’s price calculation, balance sheet guarantees create an unforeseeable risk for sellers on the basis of the ruling of the Frankfurt Higher District Court. In order to avoid this, first of all, sellers need to be aware of the scope of the balance sheet guarantee. Secondly, precise wording will be key and even greater care will need to be taken when drafting balance sheet guarantees. In order to avoid that a balance sheet guarantee is later construed as objective, sellers could try to negotiate knowledge qualifiers. Moreover, sellers may consider linking the “true and fair view” part of the guarantee to the applicable accounting principles. For the assessment of the liability risks, a seller should further insist on a precise provision that sets out the loss calculation methodology specifically for balance sheet guarantees. Back to Top 1.7       Corporate, M&A – Sell-Side M&A Transactions and Pitfalls for Management Liability The decision of the Higher District Court of Munich (Oberlandesgericht München) dated July 8, 2015 adds another chapter to the expanding canon of potential management liability in M&A transactions. This time, however, not on the buyer’s side – where managing directors traditionally might find themselves confronted with allegations that they did not conduct a thorough due diligence – but on the seller’s side. In this case, the company claimed damages from its former managing director for an alleged violation of his managerial duties regarding the sale of a second-tier subsidiary in an auction process. Under German limited liability companies law, managing directors must – in fulfilment of their duties and obligations – exercise the due care and diligence of a prudent business person and may be held liable if their conduct is found to fall below this standard of care. Regarding business decisions (unternehmerische Entscheidungen), the so-called business judgement rule constitutes a safe harbor for the managing director. He cannot be held liable for failing to meet the above duty of care if, (i) at the time of taking the decision, (ii) he or she acted free of private interests and inappropriate influences, (iii) on the basis of adequate information, and (iv) for the benefit of the company. This business judgement rule does not apply in the case of a breach of a legal duty, i.e. if the law requires a certain decision or conduct. In the case at hand the company took the view that the insufficient information given to the shareholder of the company as regards the sale of the company’s second-tier subsidiary, in particular, caused a violation of the duties of the managing director. The question of whether or not the shareholder is sufficiently informed is a legal and not a business question. Thus, the business judgement rule does not apply. The Higher District Court of Munich, however, referred to an earlier ruling of the German Federal Supreme Court (Bundesgerichtshof, BGH) and held that the company had to prove that (i) damage was caused by the managing director and (ii) that it was caused by the managing director acting “potentially in breach of a duty”. In the present case, the court held that the managing director was not liable because the company had failed to prove that he had a duty to inform the shareholder in a certain way. The court stressed that such a high standard as regards the requirement to prove an alleged potential breach of duty by the managing director is necessary to rebut the statutory presumption that the managing director is liable once damage has been proven. Despite the managing director ultimately not being held liable, the present case shows that M&A transactions may involve significant risks for managing directors not only on the buyer’s but also on the seller’s side: if the transaction turns out to be less successful than anticipated by the company or its shareholder, sellers may try to look for a “scapegoat.” As it is easier to prove breaches of legal duties such as the provision of insufficient information or non-compliance with reporting lines, this may be their preferred route. For managing directors, it is, thus, of utmost importance to have clear competencies and reporting lines. They have to ensure that they are in a position where they know who is to be informed when and which internal reporting and consent requirements exist in a transaction, in particular if a final transaction agreement deviates from an already approved draft of such an agreement. Back to Top 2.      Tax – German Year-End Tax Update Corporate: Country-by-Country reporting and obligations to prepare master and local files: On December 16, 2016, the German legislator passed a tax law that transposes a specific recommendation of the final OECD Report on Base Erosion and Profit Shifting (OECD-BEPS Report) into German tax law. The recommendation, which has now become German law, is a standardized approach to transfer pricing documentation. The new transfer pricing documentation regime requires German multinational enterprises (MNE) to provide the German tax administration with a three-item documentation package consisting of a country-by-country (CbC) report, a “master file” and a “local file.” The CbC report has to be filed by the German head of a consolidated group with a consolidated turnover of more than EUR 750 million and, at least, one foreign consolidated subsidiary. It has to provide annually and for each tax jurisdiction, in which the group is engaged, an overview of the financial data including the aggregate allocation of income, taxes and business activities. The master file, which has to be filed by a German MNE that belongs to a group and has an annual turnover of at least EUR 100 million, has to include high-level information regarding its global business operations and transfer pricing policies. Detailed transactional transfer pricing documentations are provided in a local file that, for domestic entities, identifies materially related party transactions, the amounts involved in those transactions and the company’s analysis of the transfer pricing determination it has made with regard to those transactions. The obligation to prepare a local file is, in essence, already in existence under the current transfer pricing documentation regime and does not require a specific turnover threshold. While the CbC report would have to be filed with the tax administration no later than 12 months after the end of each fiscal year, the master and local files need to be prepared upon request by the tax authorities in the course of a tax audit and within a 60 day period (30 days for extraordinary business transactions) after the request. The new rules regarding master and local files apply as of January 1, 2017. The CbC reporting already applies to fiscal years beginning after December 2015. In addition to the new transfer pricing documentation regime, Germany also transposed into national law the automatic information exchange between EU Member States on tax rulings for cross border transactions and transfer pricing purposes. The new law is based on the EU Mutual Assistance Directive on Automatic Exchange of Information and Transfer Pricing Documentation as agreed between the EU Member States on December 8, 2015. The new rules on transfer pricing documentation and information exchange are the first important measures taken by Germany to implement the OECD-BEPS Report into German law. Further legislative measures on BEPS are expected until 2018, namely with respect to the taxation of controlled foreign companies and anti-hybrid rules for outbound payments made by German entities. Corporate: Loss limitation rules – exemption for business continuation losses: Also on December 16, 2016, a new exemption from the tax loss limitation rules for “business continuation losses” was incorporated in the Corporate Income Tax Act (Körperschaftsteuergesetz – KStG). The new law allows German companies that are undergoing a transfer in ownership, to take advantage of tax loss carryforwards they are currently precluded from using. Under the tax loss limitation rules, tax loss carryforwards of a corporation are forfeited on a pro rata basis if within a five years’ period more than 25 % but not more than 50% of the shares in the loss making entity are transferred. If more than 50% are transferred, the loss carryforwards will be forfeited in total. Exemptions from the loss limitation rules already exist for certain internal group reorganizations and to the extent that taxable built-in gains in assets exist at the level of the loss making entity. Under the new exemption, which targets to promote the venture capital industry, the tax loss limitation rule would not be applicable where the business operations of the loss making entity are continued and unchanged from the time of incorporation or at least during 3 years before the change in ownership, whichever is shorter. Upon application, regular tax loss carryforwards would be transformed into a “business continuation tax loss carryforward” and can still be used after a change in ownership. However, the business continuation tax loss carryforward would be forfeited, if, until the end of the year in which the share transfer took place, (i) the business operations are temporarily or finally discontinued, (ii) the purpose of the business operation is changed, (iii) additional new business operations are taken over, (iv) partnerships are acquired, (v) the corporation becomes a parent in a tax group or (vi) assets are contributed at less than the fair market value. Criteria to be taken into account in determining whether business operations have changed or new business operations have been added are, e.g., the type of services and goods offered by the company, the supplier and customer base, any key market areas and the qualification of the employees. The contribution of capital by the shareholder does not qualify as a change in business operations. The new rule is applicable to ownership transfers that occur after December 31, 2015 and applies for both corporate and trade tax purposes. Real Estate: Potential abolishment of the 95% hurdle for real estate transfer tax purposes: Real estate transfer tax (RETT – Grunderwerbsteuer) is imposed on asset deals that cause a change in the ownership of German real property. The tax rate is between 3.5% and 6.5% of the purchase price depending on the location of the real property in Germany. In share deals, RETT is also triggered by an acquisition of shares in a German or non-German corporation or partnership owning German real property if, after the transfer, at least 95% of the shares are held by the acquirer, new partners of the partnership or by a group of controlled companies (e.g. members of a tax group). While the RETT cannot be avoided in asset deals, the 95% hurdle in share deals has given rise to structuring considerations in order to prevent the application of RETT. The most commonly known structure is the “94/6 %” transfer, according to which 6% of the shares remain with the seller or – in case of corporations – are transferred to third parties unrelated with the acquirer. According to market estimates, around 65% of all German real estate deals with a volume above EUR 100 million are structured via share deals. The German Federal States (Bundesländer) are entitled to collect RETT. Several Federal States have now started an initiative to reform the RETT law and to broaden the scope of RETT for share deals. Current proposals are to lower the threshold, according to which the share deal is subject to RETT, from 95% to 75% or even abolish the threshold altogether and subject the share deal to RETT pro rata to the amount of shareholding acquired. For example, an acquisition of 35% of the shares in a real estate holding entity would then trigger RETT on 35% of the tax basis. Until now, a draft law with proposed changes has not yet been circulated. However, it appears likely that in the course of 2017 the legislative process to amend the RETT law will be initiated. Market participants are therefore advised to closely monitor further developments and consider the impact of potential changes on existing structures and future deals. Back to Top 3.      Finance, Insolvency and Restructuring 3.1       Finance, Insolvency and Restructuring – German Federal Supreme Court Clarifies Treatment of D&O Insurance in Insolvency Proceedings On April 14, 2016, the German Federal Supreme Court (Bundesgerichtshof, BGH) handed down an important decision regarding the treatment of D&O insurance policies in insolvency. German corporations are not obliged to enter into such D&O insurance policies in favor of their officers. If a corporation does enter into such an insurance policy and later becomes insolvent, insolvency administrators often terminate such contracts as a mutually not fully satisfied contract. In this case, the insolvency administrator later asserted personal liability claims against management of the debtor for alleged breaches of their managerial duties. The managers lodged a counterclaim against the insolvency administrator, arguing that the termination of the D&O insurance policy in insolvency was a breach of the insolvency administrator’s duties which resulted in rendering them personally liable to the insolvent estate for damages that otherwise would have been covered under the D&O insurance policy. The BGH dismissed the counterclaim by clearly stating that the insolvency-specific duties of the insolvency administrator are owed only to the debtor, the various groups of creditors or persons with a right to preferred satisfaction, but not to the corporate bodies of the debtor. The managers in question were not therefore owed any insolvency-specific duties by the plaintiff insolvency administrator. The court did, however, note in an obiter dictum that the interests of the creditors (not of management) may in certain cases require the insolvency administrator to consider maintaining the D&O insurance coverage after the opening of insolvency proceedings (Insolvenzeröffnung) if it is predictable at that stage that potential insurance coverage is beneficial for the insolvent estate because management is likely unable to pay any claims raised against them personally due to the scope of such damages. In such cases, the benefits of insurance recourse outweigh the savings made on no longer paying insurance rates to the insurer. Bearing in mind that the D&O insurance contract is entered into by the corporation with the insurer in favor of its officers, management and other beneficiaries of a D&O insurance policy might be well advised to contact the insolvency administrator early after the filing of the insolvency proceedings and before a decision on the continuation of the D&O insurance policy has been taken. At that stage, it often is possible to reach a negotiated solution on the continuation of D&O coverage, if necessary by offering to pay the insurance rates on behalf of the corporation during insolvency, thus removing the insolvency administrator’s incentive to terminate the insurance. Back to Top 3.2.      Finance, Insolvency and Restructuring Prompt (Re-)Action by German Legislator to Preserve Financial Stability – Netting Arrangements and the German Insolvency Code In December 2016, the German legislator passed an amendment to Section 104 of the German Insolvency Code (InsO) thereby retroactively annulling the effects of an earlier landmark ruling of the German Federal Supreme Court (Bundesgerichtshof, BGH) which only six months earlier had held netting arrangements in derivative transactions to be void in insolvency and had caused an outcry by the financial sector. On June 9, 2016, the Bundesgerichtshof held that certain provisions of an option agreement on SAP stock entered into on the basis of the German master agreement for financial derivative transactions (“German Master Agreement“) were void due to an infringement of the mandatory provisions of Sections 104, 119 of the German Insolvency Code (InsO) which aim at preventing speculative dealings by an insolvency administrator to the detriment of the insolvent estate. The German Federal Supreme Court held that the German Master Agreement infringed Section 104 InsO to the extent that (i) the option agreement terminated automatically upon an insolvency filing, (ii) the compensation claim of the insolvent debtor was contractually restricted in the German Master Agreement, and (iii) the provisions on the calculation method of the respective parties’ claims against each other also deviated from Section 104 InsO. The likely knock-on effects of the ruling beyond the case decided were considered momentous. Firstly, netting arrangements are rather standard not only in the German Master Agreement but in comparable standard contracts worldwide, e.g. in the ISDA (International Swaps and Derivatives Association) Master Agreement. Secondly, subject to certain exceptions, the ruling applied whenever German insolvency proceedings were opened (eröffnet) in respect of one of the contracting parties to such an agreement. Thirdly, potential regulatory effects were also deemed likely. There was a risk that, in view of the limitations imposed by Section 104 InsO, netting arrangements may no longer be recognizable under the Capital Requirements Regulation (“CRR”, EU No. 575/2013 of the European Parliament and Council), and could potentially lead to increased collateral requirements under the European Market Infrastructure Regulation (“EMIR”, EU No. 648/2012 of the European Parliament and Council). In view of the potential effects on the financial markets, the German Federal Government already announced on the day of the ruling that it would take the required action to ensure that standard master agreements would continue to be recognized in the market and by regulatory authorities. Also, on the very same day the German Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin) issued a decree (Allgemeinverfügung) to counteract the effects of the ruling for certain market participants in the interim period until December 31, 2016 (General Administrative Act by the Federal Financial Supervisory Authority of June 9, 2016) to ensure legal certainty for netting agreements also within the scope of German insolvency law. On December 16, 2016, the Federal Council (Bundesrat, the second chamber of the German legislative body) voted in favor of granting derivative transactions a preferential treatment for purposes of Section 104 InsO. The amended version of this provision will preserve the netting option with the result of a single claim of one of the parties, and market participants will be given the necessary flexibility in the calculation of close-out amounts and the date on which the respective derivative transactions are terminated in case of an insolvency of a contract partner thereto, as long as the basic principles of the underlying statutory provisions are respected. The preferential handling of derivative transactions will likely enter into force in January 2017 and will apply retroactively to all insolvency applications filed on or after July 10, 2016. Thus, the German legislator took the opportunity to respond promptly to the requirements of the (German) financial markets in a case where real risks for the financial stability of (mostly German) market participants loomed on the horizon. The amended version of Section 104 InsO also assists in safeguarding the international competitiveness of German market participants. Back to Top 4.      Labor and Employment 4.1       Labor and Employment – Tightened Rules for Hiring Temporary Workers As of April 1, 2017, a new law comes into effect which intends to put an end to what the government perceives as an abuse of temporary workers (“Temps“). The most important new rules are the following: Maximum Temp period limited to 18 months; Equal treatment of Temps with customer’s employees after nine months; Stricter formalities in contract between Temp agency and customer; Temps not to be used as strike-breakers; Temps count towards co-determination thresholds at customer’s after six months. While these new rules will indeed make the handling of Temps more burdensome, there will still be (legal) work-arounds, e.g. limiting the working period of a particular Temp to six or nine months. In any case, particular care should be given to the requirements set out in the agreement between the Temp agency and the customer that the person being supplied to the customer needs to meet. Back to Top 4.2       Labor and Employment – Transparency Rules to Avoid Gender Pay Gap In its quest for equal pay between the genders, the German Family Ministry has proposed legislation to enhance transparency regarding compensation. According to the ministry’s draft, companies (in Germany) with over 200 employees would be subject to provide certain information upon request by employees. Each individual employee could ask the company to disclose: the criteria and process for determining his/her own compensation; and the compensation paid to colleagues of the opposite sex performing the same or equivalent work. With regard to the second bullet point, the employer would have to determine the median of the compensation paid to all (!) opposite-sex colleagues doing the same or equivalent job as the claimant. Obviously, this could be quite a burdensome undertaking for employers. Yet, it is unclear, whether the intended goal of closing the gender pay gap would be reached by this complicated mechanism. In this context, it should be borne in mind that class actions are not established in Germany, so every employee feeling disadvantaged would have to individually claim said disclosure by the company. Whilst employers should be aware of the new legislation and monitor its legislative progress, such claims are not expected to be widespread: the ministry itself reckons that only 1% of eligible employees will make use of this right. Back to Top 4.3       Labor and Employment – Plans to Reform the Company Pensions Act The German government intends to limit companies’ liability with regard to occupational pension schemes by allowing defined contribution in addition to defined benefit schemes. So far only the latter are acknowledged as company pension schemes. Due to this fact and strict investment restrictions for pension plan managers, German companies are currently struggling to meet the defined benefit goals in light of the current extremely low interest rates. In order to relieve such pressure and to make company pension plans more attractive for employers, the government now wants to allow plans without a certain benefit guarantee, which would initially open the door to pure defined contribution schemes. However, according to the current plan, such defined contribution schemes will only be possible on the basis of a collective bargaining agreement with the union. It has yet to be determined whether and how these plans will become law. The reactions from several lobby groups were not particularly welcoming. Even if the law is enacted in the remaining six months of this parliamentary period, it would not take effect before January 2018. Back to Top 5.      Real Estate 5.1       Real Estate – Transfer of Lease by Operation of Law Pursuant to Section 566 of the German Civil Code (Bürgerliches Gesetzbuch – BGB), real estate lease agreements automatically transfer to an acquirer of the underlying real property by operation of law if the transferor is both the landlord and the owner of the property. The transfer of the lease takes effect, once the acquirer has been registered in the land register as the new owner of the property. In its decision of April 5, 2016, the German Federal Supreme Court (Bundesgerichtshof, BGH) confirmed that lease agreements only transfer to the acquirer of the property by operation of law if the lease is still effective and the tenant is (still) in possession of the leased premises at the time when the acquirer is registered as the new owner of the property in the land register which could take several weeks or even months. The tenant may hold the original landlord liable for damages if the lease agreement is not transferred to the acquirer of the property as new landlord and the tenant is, consequently, no longer entitled to use the leased premises. Therefore, the original landlord and the transferor should procure that the lease agreement is expressly and contractually (rather than by operation of law only) transferred to the acquirer and/or the acquirer, at least, assumes the obligations under the lease agreement. Back to Top 5.2       Real Estate — Disclosure Obligations and Liability of the Property Seller According to the statutory warranty regime in Section 433 et seq. of the German Civil Code (Bürgerliches Gesetzbuch – BGB), the seller of real property located in Germany shall transfer the property to the purchaser free from any defects in quality and/or in title. If the sold property is not free from such defects, the purchaser may request remediation of such defects, rescind the purchase agreement, reduce the purchase price and/or claim damages. German property sale agreements almost always restrict this statutory warranty regime or replace it with a regime agreed upon by the parties of the sale agreement. Pursuant to Section 444 BGB, the seller, however, is not entitled to invoke any agreed upon restriction and/or waiver of the statutory warranty regime, to the extent that the seller fraudulently concealed (arglistig verschwiegen) the defect and/or gave a corresponding guarantee; consequently, the broad statutory warranty regime applies in such a case. On July 8, 2016, the German Federal Supreme Court (Bundesgerichtshof – BGH) ruled that a sold property generally exhibits a defect if the prior use of this property poses the risk of significant pollution. The seller fraudulently conceals such a defect if the seller knows or suspects that the defect exists and, at the same time, knows or expects and accepts (damit rechnen und billigend in Kauf nehmen) that the purchaser is not aware of this defect. The seller of German property is therefore compelled to disclose to the purchaser any suspected previous use of the sold property that may pose a risk of significant pollution to avoid liability under the broad statutory warranty regime. Back to Top 6.      Data Protection 6.1       Data Protection – EU Data Protection Regulation In May 2018, the European General Data Protection Regulation (“GDPR“) will come into force. Although European regulations have direct effect in Member States, the GDPR provides for an unusually high number of opening clauses granting Member States the liberty to address certain data protection issues which the GDPR does not explicitly regulate. As the German legislator is planning to make use of several of these opening clauses and to ensure that the German Federal Data Protection Act (“FDPA“) complies with the GDPR and the new Data Protection Directive ((EU) 2016/680), it is currently preparing a comprehensive reform of the FDPA. After the Government’s first draft of September 5, 2016 was withdrawn due to extensive criticism, a new draft has been submitted by the Federal Ministry of the Interior and published by the German Association for Data Protection and Data Security on November 11, 2016 (the “Draft“). Section 24 of the Draft concerns the processing of employee data and basically corresponds to the current section 32 FDPA, but includes a legal definition of “employee” in section 24 (3) of the Draft. However, as section 24 of the Draft only concerns the admissibility of processing employee data, it seems questionable whether section 24 meets the requirements of Art. 88 (2) GDPR which stipulates that such rules shall include specific measures to safeguard certain employee interests. Further, sections 30 – 35 of the Draft reduce the information obligations of the data controller (i.e. the body which determines the purposes and means of the data processing) provided by Art. 13 and 14 GDPR on the one hand, and on the other hand, limit the data subject’s rights as laid down in Art. 14 et. seq. GDPR. Some of these restrictions have not been envisioned by the European legislator. It is also striking that section 40 of the Draft sets an upper limit of EUR 300.000 for administrative fines imposed on natural persons exercising their duties for the data processor or controller, although Art. 83 (1) GDPR requires “effective, proportionate and dissuasive” fines. Art. 83 (4) and (5) GDPR stipulate that, depending on which GDPR provision is infringed, the administrative fine shall either not exceed EUR 10.000.000 / EUR 20.000.000 or, in case of an undertaking, shall be calculated on the basis of 2% / 4% of the undertaking’s total worldwide annual turnover of the preceding financial year. Although the legislator obviously intends to make data protection requirements easier for the economy, it is questionable whether this draft will achieve this goal. At the moment it is not even foreseeable if this draft will pass the German Parliament. Even if it does, the resulting law would be highly complex and will cause many uncertainties for companies which are unfamiliar with data protection law – especially in combination with the provisions of the GDPR. Especially for companies operating throughout Europe, it seems advisable to adopt measures in compliance with the GDPR until the legislative developments in Germany gain greater predictability. Back to Top 6.2       Data Protection – International Data Transfers Following the invalidation of the EU-U.S. Safe Harbor framework by the Court of Justice of the European Union (“CJEU“) in October 2015, uncertainty about the lawfulness of personal data transfers to the US existed among affected companies. This has only changed since the adoption of the EU-U.S. Privacy Shield on July 12, 2016 by the European Commission as Safe Harbor’s succession regime. However, until the European Commission publishes new model contracts (standard contractual clauses – “SCC“), the current SCC as published by the European Commission remain a possible alternative for the transfer of personal data to third countries under the Privacy Shield regime. The extent to which the European Commission will publish new SCCs is currently unclear. It is expected that only those SCCs governed by the respective Member State laws will be amended in the near future. Meanwhile, the data protection authority in Hamburg has imposed fines of EUR 8.000 (approximately US$ 8,500) on a US software company, EUR 9.000 (approximately US$ 9,500) on a beverage producer and of EUR 11.000 (approximately US$ 11,700) on the world’s largest producer of consumer goods for the continuing transfer of personal data based on the invalidated Safe Harbor framework instead of reverting to available legal alternatives. Although these fines are rather modest, they were the first of their kind and are intended to send a signal to other companies that German Data Protection Authorities (“DPAs“) will pursue investigations and sanction data transfers based on the Safe Harbor regime with fines and – more importantly – prohibition orders. Back to Top 6.3       Data Protection – Collective Actions for Injunctions The German legislator has adopted an act amending the German Act Governing Collective Actions for Injunctions (Unterlassungsklagengesetz – UKlaG) which entered into force in February 2016. The main achievement of this amendment is that, in addition to the federal and state DPAs, consumer organizations and the chamber of commerce and competition now have legal standing to bring collective injunction proceedings for infringements of data protection law on behalf of consumers. Back to Top 7.      Compliance 7.1       Compliance – Proposed Reform of Public Recovery of Criminal Assets On July 13, 2016, the German federal government passed a draft bill to comprehensively reform the public recovery of criminal assets (Entwurf eines Gesetzes zur Reform der strafrechtlichen Vermögensabschöpfung). The draft bill which still needs to pass both German legislative bodies (Bundestag and Bundesrat) before entering into force will implement the European Directive 2014/42/EU of April 3, 2014 into German domestic law, but exceeds the scope of the EU directive considerably. One of the draft bill’s major changes is abolishing Section 73 Subsection 1 Sentence 2 of the German Criminal Code (Strafgesetzbuch), which provides that a victim’s right to asset recovery under civil law prevails over confiscation through a criminal court order. Under the new draft bill, any type of asset recovery would be conducted exclusively by the state authorities. Such general incorporation of asset recovery into criminal proceedings – including related civil law aspects – has been subject to severe criticism, because it deprives victims of their right to take civil legal action and thereby forces them to wait to assert further claims until the related criminal proceedings have been concluded. Moreover, under the new framework, a victim will be bound by the limitation periods set out in the German Criminal Code, which are often significantly shorter than those under civil law. The draft bill also suggests that assets of unclear origin may be confiscated without specific evidence if a court is convinced – in particular in view of an evident discrepancy of the value of the assets and the rightful earnings of the individual – that they were obtained from an illegal activity and if the investigation relates to certain enumerated offenses (e.g., organized crime and terrorism). The draft bill’s reasons specifically reference the comparable U.S. concept of “non-conviction-based confiscation/forfeiture.” The draft bill also contains guidance for calculating illegal profits in the context of insider trading activities. Specifically, it provides that those convicted of insider trading cannot deduct the original purchase price of stock subject to confiscation (draft of revised Section 73d Subsection 1 Sentence 2 of the German Criminal Code). This approach suggests that the recovery of assets is no longer a mere administrative measure but also includes a penalizing element. Back to Top 7.2       Compliance – Court Ruling on Seizure of Documents from Law Firms On March 16, 2016, the District Court of Bochum handed down a noteworthy decision regarding the seizure of documents from a law firm (Landgericht Bochum, Order from March 16, 2016, file reference 6 Qs 1/16). According to Section 97 Subsection 1 Number 3 German Code of Criminal Procedure (Strafprozessordnung), objects are, among other things, not subject to seizure if they are covered by an attorney’s right to refuse to testify. This right only applies to information that was entrusted to or became known to the attorney in his capacity as an attorney. The Bochum court ruled that this legal provision applies exclusively to the trusted relationship between a criminally accused person and someone who is granted the right to refuse to testify, meaning that it does not protect the relationship between someone who is not accused of a crime and any custodian of professional secrets, such as an attorney. The case relates to a public prosecutor’s investigation of a managing director suspected of having received kick-backs. According to the complaint, the company’s ombudswoman, an external attorney, had received relevant information from a whistleblower, but did not disclose it to the investigators. Upon final seizure of the documentation by the public prosecutor, the ombudswoman filed an appeal claiming a violation of the respective statutory restrictions arising from her capacity as an attorney and the whistleblower’s trust in her professional confidentiality obligation. In addition to the court’s finding that the law did not protect the relationship between the non-accused, anonymous whistleblower and the attorney, the court noted that the attorney was acting on behalf of the company in her capacity as ombudswoman, which prevented the establishment of a privileged relationship between her and the whistleblower. Companies often designate external attorneys as ombudspersons to ensure that allegations conveyed to an ombudsperson are fully privileged and thus protected from access by state authorities. The Bochum decision now calls into question whether this approach is sound for Germany. Companies affected by this ruling will have to assess what additional protective measures they can provide to potential whistleblowers. Back to Top 7.3       Compliance – German Federal Constitutional Court on Extradition to the United States A recent decision by the German Federal Constitutional Court (Bundesverfassungsgericht) may be of crucial importance for future extraditions between Germany and the United States in multi-jurisdictional matters. In March 2016, the German Federal Constitutional Court remitted a 2015 ruling by the Higher District Court of Frankfurt am Main (Oberlandesgericht Frankfurt am Main) which in the constitutional court’s view disregarded applicable key principles of the German Constitution and as a consequence stopped the deportation of a Swiss national from Germany to the United States. The Federal Constitutional Court’s ruling took issue with a 2015 decision by the U.S. Court of Appeals for the Second Circuit in United States v. Suarez regarding the contours of the Principle of Specialty under international law. For the sake of international comity, the Principle of Specialty generally requires a country seeking extradition to adhere to any limitations placed on prosecution by the surrendering country. In interpreting this principle, the US court in the Suarez case had held that an extradited person lacks standing to challenge the requesting nation’s adherence to the doctrine absent an official protest by the extraditing nation. Because German law requires courts to assess whether a requesting nation adheres to the Principle of Specialty before extraditing a person in German custody to that nation, the Federal Constitutional Court noted its disapproval with the Suarez decision in holding that the complainant could not be extradited to the United States. Specifically, it held that the mere reference to the opportunity of requesting the extraditing nation to raise an official protest generally violates fundamental rights of the German Constitution (Grundgesetz, GG), namely the right to personal freedom (Article 2 subsection 2) and, in any case, violates the guarantee of general freedom of action (Article 2 subsection 1 of the German Constitution). Back to Top 8.      Antitrust and Merger Control 8.1       Merger Control 8.1.1    Adjustment to Thresholds in German Merger Control Cases On September 28, 2016, the German government adopted a draft bill for the ninth amendment to the German Act Against Restraints of Competition (Gesetz gegen Wettbewerbsbeschränkungen -“GWB”). The draft bill provides in respect of Section 35 GWB for additional thresholds for German merger control proceedings before the Bundeskartellamt. If the draft is adopted in its current form, mergers which cumulatively meet the following requirements are subject to notification and additionally may require approval by the Bundeskartellamt: (i)    At least one of the merging parties generated a domestic turnover of more than EUR 25 million in the last business year, but no other merging party generated a domestic turnover of more than EUR 5 million; (ii)   the consideration for the merger is more than EUR 400 million; and (iii)  the activities of the company being acquired in the domestic market are substantial in the sense laid out in (i). Back to Top 8.1.2    Tengelmann Merger The Edeka/Kaiser´s Tengelmann merger was finalized at the beginning of December 2016. For more details on this merger please refer to our 2016 Antitrust Merger Enforcement Update and Outlook. Just a few days after the Minister for Economic Affairs Sigmar Gabriel had granted his ministerial approval (Ministererlaubnis) to the merger, the major competitors of the merging parties, REWE, Markant and Norma, appealed against this decision. On July 12, 2016 the Higher District Court of Düsseldorf (Oberlandesgericht Düsseldorf) held the Ministererlaubnis to be unlawful and therefore suspended it by way of an interim injunction. One of the reasons given by the court was bias by the Minister of Economic Affairs. Subsequently, Edeka challenged the Higher District Court’s decision not to allow an appeal. After several weeks of negotiations, Markant and Norma declared their agreement to the merger by withdrawing their appeals. After some mediation talks led by former German chancellor Gerhard Schröder, REWE and Edeka finally reached an agreement on the merger. Since its introduction in 1973, only eight mergers have been approved by a Ministererlaubnis. Since then the Ministererlaubnis has been subject to ample controversy in legal literature, in particular because the grant decision is not based on competition law considerations and may potentially interfere with the Bundeskartellamt’s work. The Edeka/Kaiser’s Tengelmann merger has fueled the discussion anew due to the fact that the Minister’s main reasoning was to secure jobs at Kaiser’s Tengelmann which is arguably not a very strong consideration for granting a Ministererlaubnis. However, as is shown by the ninth amendment to the GWB, the German regulator has no intention of reforming or abandoning the concept of the Ministererlaubnis. Back to Top 8.2       Antitrust and Merger Control – Private Antitrust Litigation 8.2.1    Legislative Reform The ninth amendment to the GWB will also implement the European Damages Directive. Some of the implementing provisions were already mentioned in our 2016 Mid-Year Criminal Antitrust and Competition Law Update. Apart from this, the amendment also includes provisions on the availability of the passing-on defense which allows defendants to prove that the claimant did not suffer any damages because he was able to pass on the cartel overcharge to his own customers (indirect customers). The passing-on of cartel overcharges is refutably presumed if (i) the defendant infringed section 1 / 19 GWB or Art. 101 / 102 TFEU, (ii) such infringement resulted in an overcharge for the defendant’s direct customers, and (iii) the indirect customer has purchased goods or services that were the object of the infringement, or that derived from or contained goods or services which were the object of the infringement. Further, the draft stipulates certain exceptions to the principle of joint and several liability of cartelists for cartel damages in relation to (i) internal regress, (ii) leniency applicants, and (iii) settlements between cartelists and claimants. In the latter case, non-settling cartelists may not recover contribution for the remaining claim from settling cartelists. The draft also foresees a rather broad section on the disclosure of evidence which is foreign to principles of German civil procedure. As a rule, pursuant to the German Code of Civil Procedure (Zivilprozessordnung, ZPO), the party relying on a fact has to produce the relevant evidence. Only sections 142 and 422 ZPO relate to the other party’s obligation to produce evidence – in both cases limited to specific, and precisely identified or identifiable documents. Section 33g GWB of the draft bill, however, broadens this scope substantially by referring to evidence which is necessary to bring a damages action in general – not just specific documents, and by reducing the aforementioned designation requirements to the extent to which a claimant is reasonably able to identify the evidence with the information available to him. Considering that a substantial amount of evidence in damages actions for competition law infringements is usually held by the defendant, this could potentially include a large number of documents relating to the defendant’s pricing and business strategies. The implementation of the ninth amendment is expected to substantially lessen the burden and difficulties claimants faced in past damages actions for competition law infringements. Back to Top 8.2.2    Case Law In 2016, there were a few noteworthy decisions in relation to private competition law enforcement in Germany, most of which clarified the extent of evidence a claimant has to present to the court in order to succeed with a damages claim. For the first time since 2011 the German Federal Supreme Court (Bundesgerichtshof, BGH) ruled on some of the open questions in private competition law enforcement in its Lottoblock II decision of July 12, 2016 (BGH, KZR 25/14). In Lottoblock II the Bundesgerichtshof held: (i)    Only the operational part and reasoning on which the decision by a competition authority is based are binding on German courts pursuant to section 33 (4) GWB. (ii)   Once a concerted practice is concluded, there is a rebuttable presumption that cartelists abide by such practice, as long as it exists and the cartelists remain active on the relevant market. The presumption may be rebutted if essential economic and legal market factors change and at least one of the cartelists clearly and recognizably distances itself from the concerted practice. (iii)  The question whether the claimant provided sufficient evidence to prove that he was affected by the cartel needs to meet the standards set out in section 286 ZPO. Therefore, the claimant has to provide enough evidence to allow the judge to form a confident opinion on the facts. However, the existence of a concerted practice may constitute prima facie evidence pursuant to section 287 ZPO that the anticompetitive conduct caused damage. On November 19, 2015 the District Court Düsseldorf (Landgericht Düsseldorf, case no.: 14 d O 4/14) ruled on damage claims brought by indirect customers of the Autoglas cartel. It held that the question whether a cartel overcharge has been passed on to indirect customers forms part of the assessment whether the claimant was affected by the cartel and thus needs to meet the standards of evidence laid out in section 286 ZPO. On November 9, 2016 the Higher District Court Karlsruhe (Oberlandesgericht Karlsruhe, case no.: 6 U 204/15 Kart (2)) held that for cartels with significant market coverage and of a longer duration there is prima facie evidence that the cartel had an impact on market prices which were not subject to the cartel (so-called umbrella pricing) because such prices, too, will be set with respect to attainable market prices. However, where market conditions are transparent and mutual observation occurs, significant market coverage (irrespective of the duration of the cartel) is sufficient for such prima facie evidence. Furthermore, the court held that the probability of damage is not excluded by the fact that the damage has been passed on to the end consumer (so-called passing-on-defense). On September 8, 2016 the District Court Düsseldorf (Landgericht Düsseldorf, case no.: 37 O 27/11 [Kart]) ruled on the liability of parent companies. Even if a parent company has been held jointly and severally liable for its subsidiary’s anticompetitive conduct pursuant to European competition law principles, such liability does not apply to damages claims based on German tort law. On the contrary, the separation principle, whereby a legal entity is liable only with its own assets, prevails. Back to Top 8.3       Antitrust and Merger Control – Cartel Enforcement – Corporate Liability Moreover, the aforementioned draft bill for the ninth amendment to the GWB brings a company’s liability in line with the existing European model. According to this model, parent companies can be held liable for their subsidiary’s anti-competitive conduct even if they were not party to the infringement themselves. Provided that, at the time of the infringement, the parent company and the subsidiary form a single economic unit allowing the parent company to exercise decisive influence over the conduct of its subsidiary, the parent company can be held jointly and severally liable for the administrative fine. There is a rebuttable presumption that the parent company exercises decisive influence in case of wholly owned subsidiaries, but decisive influence can also be established by other factors. Further, the legislative gap known as the so-called “sausage gap” is being closed. This gap became apparent and was named after a decision of the Bundeskartellamt in October 2016, pursuant to which the Bundeskartellamt had to conclude its proceedings against two sausage manufacturing companies due to the fact that these companies no longer existed following internal restructuring measures (press release of October 19, 2016; available here). Thus, even though the parent corporation still existed, the fines imposed on the two subsidiaries in 2014 could no longer be enforced. The fines would have been in the amount of EUR 128 million (approximately US$ 136 million). According to the draft bill, future fines may also be imposed on the legal universal successor as well as the economic successor of the company that infringed competition law. Back to Top 8.4       Antitrust and Merger Control – Cartel Prosecution In December 2016, the Bundeskartellamt concluded its last proceedings for vertical price fixing in the retail food market (press release of December 15, 2016; available here). It imposed fines of EUR 18.3 million (approximately US$ 19,1 million) on several food retailers for fixing retail beer prices. In 2015 and 2016 the Bundeskartellamt imposed fines on one brewery and eleven retailers for vertically fixing beer prices amounting to a total of approximately EUR 112 million (approximately US$ 117 million). Back to Top The following Gibson Dunn lawyers assisted in preparing this client update:  Benno Schwarz, Birgit Friedl, Marcus Geiss, Silke Beiter, Peter Decker, Lutz Englisch, Ferdinand Fromholzer, Daniel Gebauer, Kai Gesing, Johanna Hauser, Lukas Inhoffen, Julia Langer, Sebastian Lenze, Annekatrin Pelster, Wilhelm Reinhardt, Sonja Ruttmann, Martin Schmid, Michael Walther, Jutta Wiedemann, Mark Zimmer and Caroline Ziser Smith. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. The two German offices of Gibson Dunn in Munich and Frankfurt bring together lawyers with extensive knowledge of corporate, tax, labor, real estate, antitrust, intellectual property law and extensive compliance / white collar crime experience. The German offices are comprised of seasoned lawyers with a breadth of experience who have assisted clients in various industries and in jurisdictions around the world. Our German lawyers work closely with the firm’s practice groups in other jurisdictions to provide cutting-edge legal advice and guidance in the most complex transactions and legal matters. For further information, please contact the Gibson Dunn lawyer with whom you work or any of the following members of the German offices: General Corporate, Corporate Transactions and Capital Markets Lutz Englisch (+49 89 189 33 150), lenglisch@gibsondunn.com) Markus Nauheim (+49 89 189 33 122, mnauheim@gibsondunn.com) Ferdinand Fromholzer (+49 89 189 33 121, ffromholzer@gibsondunn.com) Dirk Oberbracht (+49 69 247 411 510, doberbracht@gibsondunn.com) Wilhelm Reinhardt (+49 69 247 411 520, wreinhardt@gibsondunn.com) Birgit Friedl (+49 89 189 33 121, bfriedl@gibsondunn.com) Silke Beiter (+49 89 189 33 121, sbeiter@gibsondunn.com) Marcus Geiss (+49 89 189 33 122, mgeiss@gibsondunn.com) Annekatrin Pelster (+49 69 247 411 521, apelster@gibsondunn.com Finance, Restructuring and Insolvency Birgit Friedl (+49 89 189 33 121, bfriedl@gibsondunn.com) Marcus Geiss (+49 89 189 33 122, mgeiss@gibsondunn.com) Tax Hans Martin Schmid (+49 89 189 33 110, mschmid@gibsondunn.com) Labor Law Mark Zimmer (+49 89 189 33 130, mzimmer@gibsondunn.com) Real Estate Peter Decker (+49 89 189 33 115, pdecker@gibsondunn.com) Daniel Gebauer (+ 49 89 189 33 115, dgebauer@gibsondunn.com) Technology Transactions / Intellectual Property / Data Privacy Michael Walther (+49 89 189 33 180, mwalther@gibsondunn.com) Kai Gesing (+49 89 189 33 180, kgesing@gibsondunn.com) Corporate Compliance / White Collar Matters Benno Schwarz (+49 89 189 33 110, bschwarz@gibsondunn.com) Michael Walther (+49 89 189 33 180, mwalther@gibsondunn.com) Mark Zimmer (+49 89 189 33 130, mzimmer@gibsondunn.com) Antitrust and Intellectual Property Michael Walther (+49 89 189 33 180, mwalther@gibsondunn.com) Kai Gesing (+49 89 189 33 180, kgesing@gibsondunn.com)     © 2017 Gibson, Dunn & Crutcher LLP   Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 19, 2018 |
2017 Trade Secrets Litigation Round-Up

2017 saw a number of interesting developments in trade secrets law, including the emergence of several trends under the Defend Trade Secrets Act, as courts grappled with the federal civil trade secrets statute enacted just over a year and a half ago.  On the criminal side, we saw the Trump administration aggressively prosecute individuals for trade secret theft and cyberespionage, including an engineer who allegedly sold military trade secrets to an undercover FBI agent whom he believed to be a Russian spy.  We also saw the U.S. Supreme Court deny certiorari in two closely watched trade secrets cases under the Computer Fraud and Abuse Act. Jason Schwartz, Greta Williams, Mia Donnelly and Brittany Raia discuss these and other significant 2017 developments in trade secrets law in their article “2017 Trade Secrets Litigation Round-Up” published in BNA’s Patent, Trademark & Copyright Journal in January 2018. Reprinted with permission from BNA’s Patent, Trademark & Copyright Journal, January 19, 2018.  © 2018, The Bureau of National Affairs, Inc.  Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors in the firm’s Washington, D.C. office: Jason C. Schwartz (+1 202-955-8242, jschwartz@gibsondunn.com) Greta B. Williams (+1 202-887-3745, gbwilliams@gibsondunn.com) Mia C. Donnelly (+1 202-887-3617, mdonnelly@gibsondunn.com) Brittany A. Raia (+1 202-887-3773, braia@gibsondunn.com) Please also feel free to contact any of the following practice group leaders and members: Labor and Employment Group: Catherine A. Conway – Los Angeles (+1 213-229-7822, cconway@gibsondunn.com) Jason C. Schwartz – Washington, D.C. (+1 202-955-8242, jschwartz@gibsondunn.com) Intellectual Property Group: Josh Krevitt – New York (+1 212-351-2490, jkrevitt@gibsondunn.com) Wayne Barsky – Los Angeles (+1 310-557-8183, wbarsky@gibsondunn.com) Mark Reiter – Dallas (+1 214-698-3360, mreiter@gibsondunn.com) Michael Sitzman – San Francisco (+1 415-393-8200, msitzman@gibsondunn.com) Privacy, Cybersecurity and Consumer Protection Group: Alexander H. Southwell – New York (+1 212-351-3981, asouthwell@gibsondunn.com) Benjamin B. Wagner – Palo Alto (+1 650-849-5395, bwagner@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 18, 2018 |
2017 Year-End E-Discovery Update

Click for PDF E-discovery in 2017  featured increasing stability and maturity, due in large part to the continuing impact of the 2015 federal rule amendments addressing sanctions and proportionality. Yet, many challenges remain. Here are some of the highlights from the past year: Most courts are faithfully applying the requirements of amended Rule 37(e) to sanctions motions, only awarding the most serious sanctions where the responding party destroyed evidence with the intent to deprive, tailoring sanctions to be proportionate to actual prejudice, and denying sanctions where there was no prejudice. Nevertheless, some courts have based their findings of an intent to deprive on inferences drawn from conduct that might reasonably have been interpreted as negligent. A surprising number of courts continued to analyze spoliation sanctions issues on common law pre-dating the 2015 rule amendments, apparently unaware of amended Rule 37(e) and its requirements. Reliance on courts’ inherent powers to sanction persists—and may even have increased in 2017—despite the statement in the Committee Note that the amendment to Rule 37(e) was intended to foreclose such reliance. Proportionality continues to gain traction in limiting the scope of discovery. With respect to possession, custody and control, there continues to be a split in authority between courts applying the legal right test and those applying the practical ability test. Courts in jurisdictions applying the practical ability test are increasingly finding litigants to have control—and therefore preservation obligations—over discoverable information in the possession of non-parties. Discovery of social media is becoming increasingly commonplace. Decisions in 2017 reflected that early notions of social media having a “special status” because of privacy concerns (leading to, for example, a requirement of a threshold showing before discovery could be propounded) are giving way to social media being treated no differently from other forms of evidence. The use of technology assisted review (“TAR”)—also known as predictive coding—to search and review large document populations appears more widespread than in past years, particularly for requesting parties’ review of substantial incoming productions and in symmetrical litigation involving large document volumes, where both sides may want to use TAR. The consolidation among medium-sized and large e-discovery service providers only seemed to accelerate in 2017. It is not apparent whether this consolidation is fundamentally altering the market for e-discovery services, other than to possibly result in greater stability in the space once all of the M&A dust settles. Local and regional vendors seem to be increasingly squeezed, being acquired or facing stiff competition from large commodity vendors on the one hand, and potentially losing smaller customers to vendors of do-it-yourself online e-discovery software services, on the other hand. Other noteworthy developments in the vendor space have been the challenges posed by mobile devices, social media and ESI stored in the cloud—often requiring advanced tools and significant expertise to collect, process and search—and the more widespread availability of analytics applications that vendors can license and provide to their clients rather than having to develop in-house. As always, the year was an interesting one for e-discovery. We invite you to read our more detailed analysis and observations below. Spoliation Sanctions: Rule 37(e) Continues to Have a Substantial Impact Amended Federal Rule of Civil Procedure 37(e) continues to have a substantial impact on sanctions for failure to preserve ESI. Most courts are faithfully applying the requirements of amended Rule 37(e) to sanctions motions, only awarding the most serious sanctions where the responding party destroyed evidence with intent to deprive, tailoring sanctions to be proportionate to actual prejudice, and denying sanctions where there was no prejudice. Nevertheless, a surprising number of courts still relied on common law pre-dating the 2015 rule amendments, apparently unaware of amended Rule 37(e) and its requirements. Intent to Deprive Leads to Most Serious Sanctions Under amended Rule 37(e), courts can only issue the most serious sanctions—e.g., case terminating sanctions or an adverse inference jury instruction—where a party acted with the intent to deprive another party from using the ESI in the litigation. In Organik Kimya, San ve Tic. A.S. v. Int’l Trade Comm’n, 848 F.3d 994, 103 (Fed. Cir. 2017), the defendant presented evidence that, days before an investigation was to take place, the plaintiffs intentionally began overwriting their laptops to delete what the court estimated to be hundreds of thousands of relevant files. Applying Rule 37(e), the court found that the plaintiffs acted with intent to deprive and held that a default judgment was appropriate “not merely to penalize those whose conduct may be deemed to warrant such a sanction, but [also] to deter those who might be tempted to such conduct in the absence of such a deterrent.” In Basra v. Ecklund Logistics, Inc., No. 8:16-cv-832017, WL 1207482, at *1, *4 (D. Neb. Mar. 31, 2017), which arose out of an accident involving two trailer-tractors, the plaintiffs alleged the defendant had intentionally destroyed relevant ESI, including accident logs and reports. The plaintiffs requested an adverse jury instruction and attorneys’ fees. The court found that, “although [the] defendant’s record-keeping [was] less than meticulous,” the plaintiffs did not establish that the defendant had destroyed evidence with an intent to suppress the truth. The court therefore held that the defendant did “not engage in conduct that would warrant the sanction of an adverse jury instruction for spoliation of evidence,” and did not issue any sanctions. The court did not explicitly reference Rule 37(e), but appeared to apply its requirements. In Jackson v. Haynes & Haynes, No. 2:16-cv-01297-AKK, 2017 WL 3173302, at *3–4 (N.D. Ala. Jul. 26, 2017), the court found that the plaintiff failed to take reasonable steps to preserve relevant ESI on her smartphone when she relinquished it to her provider after having retained counsel to pursue the litigation. The court denied the defendants’ request for default judgment or an adverse inference jury instruction, however, because the plaintiff had not acted with intent to deprive the defendants of the evidence. The court reasoned that being “negligent and irresponsible in maintaining the information” and “knowing of her obligation to preserve the integrity of the information” are “not sufficient to show an intent to deprive[.]” Some courts have found an intent to deprive based on inferences drawn from conduct that might reasonably have been interpreted as negligent, at worst. For example, in Moody v. CSX Transp., — F. Supp. 3d —, No. 07-CV-6398 P, 2017 WL 4173358, at *15 (W.D.N.Y. Sept. 21, 2017), a case arising out of railway accident, the court granted the plaintiff’s motion for an adverse inference instruction where the defendant transferred information from an event data recorder saved on a laptop computer to a central repository, permitted the data on the recorder to be overwritten and recycled the laptop, only to later discover that the data in the repository was unreadable. The court found that the defendant’s conduct supported an inference that it acted with the intent to deprive plaintiff of the event recorder data. Actual Prejudice Required Absent evidence of actual prejudice, courts continued to deny sanctions under amended Rule 37(e)—even in the face of an intentional failure to preserve evidence. For example, in HCC Ins. Holdings, Inc. v. Flowers, No. 1:15-cv-3262-WSD, 2017 WL 393732, at *2-*4 (N.D. Ga. Jan. 30, 2017), the defendant and her husband ran several computer cleaning programs on her personal laptop after a court ordered her to produce her computer. The court concluded that, although the couple’s actions were “troubling, and in breach of [their] duty to preserve,” spoliation sanctions were “not warranted” because the presence of any trade secrets or other information that was relevant to the case was merely “speculati[ve].” Similarly, in Simon v. City of New York, No. 14-CV-8391-JMF, 2017 WL 57860, at *7 (S.D.N.Y. Jan. 5, 2017), the court refused to impose sanctions against the plaintiff for failing to retain a cell phone video of the events giving rise to an alleged false arrest. The court held there was no prejudice under amended Rule 37(e) because there was no evidence that the video would help the defendants and arguments regarding the contents of the video amounted to “pure speculation.” In Eshelman v. Puma Biotechnology, Inc., No. 7:16-cv-18-D, 2017 WL 2483800, at *5 (E.D. N.C. June 7, 2017), the plaintiffs sought an adverse inference jury instruction due to the defendant’s failure to preserve internet web browser and search histories relating to an alleged defamatory investor presentation. In refusing to sanction the defendant, the court first noted that, despite the loss of the internet browser history, “other avenues of discovery [were] likely to reveal information about the searches performed.” For example, the defendant could seek such information from people who previously had worked with the plaintiff and assisted her in preparing the investor presentation. The court also found that the defendant had failed to present any evidence “regarding the particular nature of the missing ESI in order to evaluate the prejudice it [was] being requested to mitigate.” In Crow v. Cosmo Specialty Fibers, Inc., No. 3:15-cv-05665-RJB, 2017 WL 1128505, at *1, *5 (W.D. Wa. Mar. 24, 2017), a court refused to sanction a party under amended Rule 37(e) for its failure to produce an email, where the email was later produced after a more careful search, finding only “meager prejudice.” The moving party was able to conduct several depositions in which it explored topics in the email, and there was no showing that delayed receipt of the email had affected any aspects of the case. In Edelson v. Cheung, No. 2:13-cv-5870 (JLL (JAD), 2017 WL 150241, at *2-*4 (D. N.J. Jan. 12, 2017), the court awarded an adverse inference jury instruction sanction against the defendant for deleting emails from his personal computer. The plaintiff presented evidence that the defendant had opened a second email account, which he did not disclose even to his own counsel, for the purpose of evading discovery, and then deleted key emails when it was discovered. The plaintiff pointed to an email from the undisclosed account obtained from a third party that stated, “don’t forget to use only gmail account . . . Do not use frontier email. They read everything.” The defendant, for his part, testified that it “didn’t occur” to him to disclose the email account and that he deleted the e-mails because his computer “was running very sluggish” and someone recommended that he delete “certain items” from his computer in order to increase its speed. The court did not find the defendant’s explanation credible. Remedy Should be No Greater than Necessary to Cure the Prejudice Pursuant to amended Rule 37(e), courts have continued to order remedies no greater than necessary to cure the prejudice that the moving party suffered. For example, in Edelson, supra, 2017 WL 150241 at *1, *4, the plaintiff sought a default judgment, or, in the alternative, an adverse inference jury instruction, where the defendant deleted key emails from his personal computer. The court found that the defendant had intentionally deleted the emails in an attempt to deprive the plaintiff of relevant information. Nevertheless, the court held that the plaintiff had “failed to demonstrate that he ha[d] suffered a degree of prejudice that merit[ed] the imposition of a default judgment against [the] defendant.” Other evidence besides the emails at issue was available for use at trial to support the plaintiff’s allegations. Thus, the court adopted the “more appropriate sanction [and] instruct[ed] the jury that it [could] presume the information was unfavorable to [the] defendant.” Some Courts Still Fail to Apply Amended Rule 37(e) Despite fairly broad application of amended Rule 37(e) in 2017, a surprising number of courts failed to apply it in spoliation sanctions motions. In many, but not all, of the cases, it nevertheless appears that the sanctions decision would have been the same under Rule 37(e). For example, in Dallas Buyers Club, LLC v. Huszar, No. 3:15–cv–907–AC, 2017 WL 481469 (D. Or. Feb. 6, 2017), the plaintiff claimed that the defendant illegally downloaded its eponymous movie. The defendant denied doing so, and subsequently destroyed his computer’s hard drive. He claimed the computer began exhibiting signs of failure, at which point he took it to a technician and the content was lost. Id. The court found the defendant credible but still issued an adverse inference jury instruction, finding that “although an adverse inference instruction is not as drastic a remedy as a default order, it is still a harsh remedy and will sufficiently compensate for the potential prejudice suffered by [the plaintiff].” Id. The Court did not consider amended Rule 37(e). Had it done so, the court’s finding that the defendant’s explanation was credible may have precluded a finding of intent to deprive, which would have been necessary to award an adverse inference instruction, and its finding of “potential prejudice” rather than actual prejudice would have been insufficient for any sanction under Rule 37(e). In Redzepagic v. Hammer, No. 14-civ-9808-ER, 2017 WL 780809, at *4, n. 9 (S.D.N.Y. Feb. 27, 2017), the court refused to issue spoliation sanctions for the plaintiff’s deletion of text messages following commencement of the lawsuit, despite the defendant’s argument that a “very strong inference” could be drawn “that the information [the] plaintiff had would support [the] defendant’s position.” Without reference to amended Rule 37(e), the court found that an employee of the defendant had separately preserved the relevant text messages, and the employee voluntarily turned over those texts to the court. The court reasoned that “because these documents were preserved by an employee . . . and were available to both parties in the action, there [was] no reason to infer that the text messages [the plaintiff] deleted would support [the defendant’s] position.” Thus, the court “decline[d] to impose sanctions or grant an adverse inference,” a result that would likely have been the same under Rule 37(e). Brown v. Certain Underwriters at Lloyds, London, No. 16-cv-02737, 2017 WL 2536419, at *2–6 (E.D. Pa. Jun. 12, 2017), arose out of a fire that occurred at plaintiffs’ property. The defendants suspected that the plaintiff was involved in setting the fire. They were interested in examining his cell phone to determine whether it contained any evidence that would tend to corroborate their suspicion. A day before the plaintiff was scheduled to produce the contents of his cell phone, he claimed for the first time that he had lost it “months ago.” He provided no details, however, regarding how he lost the phone or his attempts to preserve or recover its contents. The court failed to reference Rule 37(e) and instead relied on common law superseded by the rule. Finding that the defendant’s explanation lacked credibility, the court awarded an adverse inference jury instruction and attorneys’ fees. Finally, in Charles v. City of New York, No. 12-cv-6180 (SLT) (SMG), 2017 WL 530460, at *25-26 (E.D.N.Y. Feb. 8, 2017), a wrongful arrest case, the court declined to apply Rule 37(e) to a video recording on a smart phone. The defendant sought case terminating sanctions because the plaintiff had lost the smart phone on which she recorded video of her interaction with the police. Noting that the smart phone was not the only evidence in the case, and that there was no evidence of intentional destruction, the court refused to issue sanctions, finding that the plaintiff’s actions at most amounted to “mere negligence, not gross negligence.” The court did not apply amended Rule 37(e), reasoning that amended Rule 37(e) only applies to ESI and that neither the phone nor the video constituted ESI. Inherent Authority: Still Alive Many had expected that the December 2015 amendment to Rule 37(e) would eliminate courts’ inherent authority to impose sanctions for preservation failures, particularly in light of the statement in the Committee Notes that the amended rule “forecloses reliance on inherent authority or state law to determine when certain measures should be used.” Yet, the language of the amended rule itself did not address the issue. And, barely a month after the amendment’s effective date, Magistrate Judge James C. Francis IV held in Cat 3 LLC v. Black Lineage Inc., 164 F. Supp. 3d 488 (S.D.N.Y. 2016), that if a party’s apparent alteration of e-mails was not sanctionable under amended Rule 37(e), then the court could still impose sanctions pursuant to its inherent authority. Judge Francis subsequently co-authored an article laying out his case for the survival of inherent authority. See Hon. James C. Francis IV & Eric P. Mandel, Limits on Limiting Inherent Authority: Rule 37(e) and the Power to Sanction, The Sedona Conference Journal (Vol. 17, No. 2, p. 613) (2016). Following Judge Francis’ opinion in Cat 3, Judge Paul Grimm, who was a member of the Civil Rules Advisory Committee, stated that “[w]hen the drafters were crafting Rule 37(e), we did so with a desire to occupy the field.” To obtain spoliation sanctions under inherent authority, according to Judge Grimm, you would “have to argue that in some way, the existing Rule is insufficient and you also have to be faithful to the law of inherent authority,” meaning “you would need to show bad faith.” Tera Brostoff, Reports of Death of Inherent Judicial Authority Exaggerated?, Bloomberg BNA Electronic Discovery and E-Evidence (Nov. 15, 2016). Judge Grimm’s statement is reminiscent of the Supreme Court’s statement in Chambers v. NASCO, a key case regarding inherent authority, that courts ordinarily should rely on the Rules in imposing sanctions, but “if in the informed discretion of the court, neither the statute nor the Rules are up to the task,” the court may rely on inherent authority. Similarly, Judge Francis has stated that “[t]he point is, if there is a gap in the rule, then the exercise of inherent power is appropriate[.]”  Views from the Bench: Leading Federal Judges in Conversation on EDiscovery and More, 34 (R. Hilson & C. Sullivan eds., 2017). Nevertheless, it appears to be Judge Francis’ view that inherent authority exists even if a matter is covered by Rule 37(e). See id. at 34-35. That view is not shared by all others.  See, e.g., id. at 35 (Hon. Frank Maas, ret., quoted as stating “I’m far less sure than Judge Francis is that inherent authority lives on in cases that fall within the four corners of Rule 37(e).”) See also Gareth Evans and Phillip Favro, Unfinished Business: A Holiday Wish List For New E-Discovery Centered FRCP Amendments, LegalTech News (Dec. 15, 2017) (calling for moving to the text of the rule the language in the Rule 37(e) Committee Note foreclosing reliance on inherent authority). In 2017, the Supreme Court addressed courts’ inherent authority to impose discovery-related sanctions in Goodyear Tire & Rubber Co. v. Haeger, __ U.S. __, 137 S.Ct. 1178 (2017). The Court held that sanctions imposed under inherent authority must be compensatory rather than punitive and must have been “causally related to the sanctioned party’s misconduct.” The case did not involve spoliation, however, and the court did not address whether amended Rule 37(e) forecloses reliance on inherent authority. Thus, it appears unlikely that Goodyear has resolved the issue whether courts may rely on inherent powers in awarding sanctions for a failure to preserve ESI. Meanwhile, some courts continued to rely upon inherent powers in issuing sanctions for preservation failures. In Hsueh v. New York State Dept. of Financial Servs., 15-civ.-3401-PAC, 2017 WL 1194706, at *4, *6 (S.D.N.Y. Mar. 31, 2017), for example, the court found that amended Rule 37(e) did not apply to the destruction of ESI where the party had “intentionally deleted” the information (despite the fact that Rule 37(e) expressly applies where a party acted with intent to deprive). The court stated that “[b]ecause Rule 37(e) does not apply, the Court may rely on its inherent power to control litigation in imposing spoliation sanctions” in granting an adverse inference sanction for spoliation. The court in Hsueh observed that amended Rule 37(e) is aimed at “serious problems resulting from the continued exponential growth in the volume of ESI as well as excessive effort and money that litigants have had to expend to avoid potential sanctions for failure to preserve ESI.”  In this case, the court reasoned, the ESI was not lost on account of “improper systems in place to prevent the loss of the recording” but rather “because she took specific action to delete it.” The court concluded, however, that under either amended Rule 37(e) or the court’s inherent authority an adverse inference and attorneys’ fees were appropriate because (i) the plaintiff was under an obligation to preserve the recording, (ii) there was no doubt the destroyed evidence was relevant to the claims in the case, and (iii) the plaintiff acted in bad faith and with an intent to destroy the ESI. Accordingly, the debate continues over whether inherent authority survives as a basis for spoliation sanctions. At least some of the discussion, however, has shifted to limits on the circumstances under which inherent authority may be invoked (assuming that it can be invoked at all)—for example, that Rule 37(e) must not provide an adequate remedy and bad faith conduct must have been involved. In any event, we doubt that we have heard the last of this issue from courts, commentators and possibly even drafters of future rule amendments. Proportionality: Alive, and Well Proportionality as a limit on the scope of discovery continues to gain traction following its incorporation into Rule 26(b)(1)’s definition of the scope of discovery in the 2015 rule amendments. Of particular note in 2017, the Sedona Conference released its Commentary on Proportionality in Electronic Discovery, 18 Sedona Conf. J. 141 (2017), which sets forth six “Principles of Proportionality” pertaining to the amended rule’s proportionality factors and courts’ application of them since the 2015 rule amendments. These principles consist of the following: (1) “[t]he burdens and costs of preserving relevant electronically stored information should be weighed against the potential value and uniqueness of the information when determining the appropriate scope of preservation;” (2) “[d]iscovery should focus on the needs of the case and generally be obtained from the most convenient, least burdensome, and least expensive sources;” (3) “[u]ndue burden, expense, or delay resulting from a party’s action or inaction should be weighed against that party;” (4) “[t]he application of proportionality should be based on information rather than speculation;” (5) “[n]onmonetary factors should be considered in the proportionality analysis;” and (6) “[t]echnologies to reduce cost and burden should be considered in the proportionality analysis.” The discussion in the Commentary on Proportionality reflects that the evaluation of whether discovery is “proportional to the needs of the case” is highly dependent on the specific facts of any given case, and it is the parties’ burden to provide evidence and educate the court on their specific situation. Additionally, proportionality does not merely involve an analysis of the cost of collection and production compared to the need for the documents—it extends beyond this, taking into account the good faith of the parties, the parties’ comparative access to information, and the importance of the issues. Further, the Commentary advocates that parties work together and utilize appropriate technologies in the discovery process. Judicial decisions in 2017 continued to reflect that proportionality in discovery has gained traction since the 2015 federal rule amendments. In Solo v. United Parcel Service Co., No. 14-12719, 2017 WL 85832 (E.D. Mich., Jan. 10, 2017), for example, the court considered whether UPS should be compelled to produce information stored on backup tapes because their billing system only maintained live data for a short period of time. Id. at *2. UPS submitted a declaration attesting that it would take six months and $120,000 to recover the data from the back-up tapes. The court held that restoring back-up tapes was not proportional to the needs of the case not only because of the expense, but also because the data would only be relevant if the plaintiffs prevailed on certain issues on the merits. In Scott v. Eglin Fed. Credit Union, No. 3:16-CV-719-RV-GRJ2017, 2017 WL 1364600, at *3 (N.D. Fla. Apr. 13, 2017), an employment discrimination case, the defendant (the plaintiff’s former employer) moved to compel the plaintiff’s current employer (a third party) to produce emails and text messages with the plaintiff. Noting that “emails and text messages may be fair game for discovery in most cases,” the court nonetheless denied the motion to compel, explaining  “[b]alancing the marginal relevance of information in emails and text messages against the time and expense that would be involved for a small business … in searching cellular telephones, servers and other electronic storage facilities makes little sense and would cause Plaintiff’s current employer to incur an expense that ultimately will have little or no impact on the outcome of this case.” Id. at *3. In Simon v. Northwestern Univ., No. 1:150-CV-01433, 2017 WL 467677 (N.D. Ill. Feb. 3, 2017), the court engaged in a substantial proportionality analysis, including analyzing the importance of the issues (“The court finds the importance of the issues at stake in this action extremely high”); the amount in controversy (“the Court finds this amount to be high as well”); the relative burden on the defendants (the court determined it was high as to the individuals but “relatively low” as to the university); and the parties’ access to relevant information (determining that the university had the greatest access). In Crabtree v. Angie’s List, Inc., No. 1:16-CV-0087-SEP-MJD, 2017 WL 413242, at *3 (S.D. Ind. Jan. 31, 2017), a wages and hours action, the defendant requested a forensic examination of the plaintiffs’ electronic devices to determine how many hours the plaintiffs were working offsite. The court denied the request as not proportional to the needs of the case. Notably, as part of its proportionality analysis, the court considered the plaintiffs’ privacy and security interests. In Gordon v. T.G.R. Logistics, Inc., 321 F.R.D. 401 (D. Wyo. 2017), the defendant moved to compel production of an electronic copy of the “entire Facebook account history” from the plaintiff’s two Facebook accounts on the ground that the information would be relevant to her claims of physical and emotional injury resulting from a motor vehicle accident. The court engaged in a proportionality analysis, stating that “[s]ocial media presents some unique challenges to courts in their efforts to determine the proper scope of discovery of relevant information and maintaining proportionality.” While it is conceivable that almost any post to social media will provide some relevant information concerning a person’s physical and/or emotional health, it also has the potential to disclose more information than has historically occurred in civil litigation. Possession, Custody or Control: Split in Authority Persists Whether a party has “possession, custody or control” over relevant and responsive documents—and therefore an obligation to preserve and produce them—continued to be an important issue in 2017. A split in authority has persisted between courts applying the “legal right” test (i.e., finding that a party has control over documents in the possession of others only when it has the legal right to the documents) and those applying the “practical ability” (i.e., finding that a party has control when it has the practical ability to obtain the documents, even if it does not have a legal right to them). In Parris v. Pappas, No. 3:10-cv-1128 WWE, 2017 WL 3314001, at *2 (D. Conn. Aug. 3, 2017), the court applied the practical ability test in denying a motion to compel the defendant to produce documents in the possession of his girlfriend. The court held that the plaintiff had failed to sustain her burden of establishing that the documents were in the defendant’s possession, custody or control because the defendant attested that he had asked his girlfriend for the documents, but she had refused to provide them. The court noted, however, that the plaintiff could subpoena the documents from the girlfriend pursuant to Rule 45. By contrast, the court in Ronnie Van Zant, Inc. v. Pyle, No. 17 Civ. 3360-RWS, 2017 WL 3721777, at *8-*9 ( S.D.N.Y. Aug. 28, 2017), also applying the practical ability test, imposed sanctions on a defendant for its failure to prevent a third-party independent contractor from destroying relevant text messages on his smart phone. The lawsuit arose out of a “blood oath” among the surviving members of the band Lynyrd Skynyrd and the family members of band members who had been killed in a 1977 plane crash that none would seek to profit from the band’s name or story. Despite the oath, which was later reflected in a consent order, the band’s drummer—Artemis Pyle—worked with the defendant film company to produce a film about the band. In the ensuing lawsuit for breach of the consent order, the court awarded an adverse inference jury instruction holding the defendant film company responsible for the failure of the film’s director—an independent contractor—to preserve relevant text messages that were lost when he turned in and upgraded his personal smart phone. The court reasoned not only that the film company had the ability to ensure that the director preserved relevant data on his smart phone, but also that its failure to do so coupled with the director’s actions “evince the kind of deliberate behavior that sanctions are intended to prevent and weigh in favor of an adverse inference.” In Williams v. Angie’s List, No. 1:16-00878-WTL-MJD, 2017 WL 1318419, at *2-*3 (S.D. Ind. April 10, 2017), a wage and hours action, the court applied the legal right test. The plaintiffs—who often worked from home and, accordingly, their hours were not reflected in badge-swipe data—sought from the defendant background data automatically recorded while they were working on Salesforce, a sales platform utilized by the defendant. The court rejected the defendant’s argument that it did not have possession, custody or control of the Salesforce data, citing the defendant’s contractual relationship with Salesforce giving the defendant the right to the data. Discovery of Social Media Grows Increasingly Commonplace It is not an overstatement to say that social media has become an integral part of modern life. Social media has played an important role for a number of years in keeping us in touch with friends and family. In recent years, social media applications have also played an prominent role in professional networking and, increasingly, in workplace communications and collaboration. Not surprisingly, therefore, the discovery of social media is also becoming increasingly commonplace. As social media has expanded into many different areas, conceptions of what it exactly is are becoming somewhat blurred. No longer just Facebook, but numerous other social and professional networking and communication applications may be considered social media. The Oxford English Dictionary defines “social media” as “websites and applications used for social networking” and “social network,” in turn, as “the use of dedicated websites and applications to communicate with each other by posting information, comments, messages, images, etc.” See Concise Oxford English Dictionary (12th ed. 2011). Many social media applications have their own direct and group messaging functions, and many instant messaging applications have features that are common to social media. As social media is becoming ubiquitous, early notions that social media might have a special status because of privacy concerns (leading to, for example, a requirement of a threshold showing before discovery could be propounded) are giving way to social media being treated no differently from other forms of evidence. See, e.g., United States ex rel Reaster v. Dopps Chiropractic Clinic, LLC, No.13-1453-EFM-KGG, 2017 WL 957436, at *1-*2 (D. Kan. Mar. 13, 2017) (“while information on social networking sites is not entitled to special protection, discovery requests seeking this information should be tailored so as not to constitute the proverbial fishing expedition in the hope that there might be something of relevance in the respondent’s social media presence”) (internal quotations and citation omitted). Proportionality and relevance requirements can play a particularly important role in discovery of social media. Because social media accounts usually contain a substantial amount of irrelevant and personal information, courts must balance legitimate rights to discovery against overly broad and intrusive inquiries. See, e.g., Brown v. Ferguson, No. 4:15-cv-0083-ERW, 2017 WL 386544, at *1-*2 (E.D. Mo. Jan. 27, 2017) (rejecting disclosure of social media passwords as constituting unfettered access, but also rejecting a distinction between private messages and public content on Facebook). Gordon v. T.G.R. Logistics, Inc., 321 F.R.D. 401 (D. Wyo. 2017), illustrates the challenge facing courts in determining the appropriate scope of social media discovery. In Gordon, the defendant brought a motion to compel the production of the “entire Facebook account history” of the plaintiff’s two Facebook accounts on the ground that the information would be relevant to her claims of physical and emotional injury resulting from a motor vehicle accident. The court engaged in a proportionality analysis, observing that “[s]ocial media presents some unique challenges to courts in their efforts to determine the proper scope of discovery of relevant information and maintaining proportionality.” The court continued that “[w]hile it is conceivable that almost any post to social media will provide some relevant information concerning a person’s physical and/or emotional health, it also has the potential to disclose more information than has historically occurred in civil litigation. While we can debate the wisdom of individuals posting information which has historically been considered private, we must recognize people are providing a great deal of personal information publicly to a very loosely defined group of ‘friends,’ or even the entire public internet.” The court explained that the relative ease and low cost of downloading a user’s Facebook history would not itself resolve the issue. The court observed that, in the past, “[n]o court would have allowed unlimited depositions of every friend, social acquaintance, co-employee or relative of a plaintiff to inquire as to all disclosures, conversations or observations. Now, far more reliable disclosures can be obtained with a simple download of a social media history.” The court reasoned, on the one hand, that even though producing the plaintiff’s Facebook history would involve very little time or expense, it could nevertheless have a very significant impact in generating additional discovery and in lengthening testimony. “It’s not difficult to imagine a plaintiff being required to explain every statement contained within a lengthy Facebook history in which he or she expressed some degree of angst or emotional distress or discussing life events which could be conceived to cause emotion upset, but which is extremely personal and embarrassing.” On the other hand, the court recognized that “Defendant has a legitimate interest in discovery which is important to the claims and damages it is being asked to pay. Information in social media which reveals that the plaintiff is lying or exaggerating his or her injuries should not be protected from disclosure. Courts must balance these realities regarding discovery of social media and that is what most of the courts which have addressed this issue have done.” In the end, the court denied the defendant’s request for the entirety of the plaintiff’s Facebook history and instead limited the scope of the discovery to Facebook posts after the accident that relate to the accident and her resulting physical and emotional injuries and any posts relating to other events that could reasonably be expected to result in emotional distress. Technology Assisted Review: Gaining Strength? A noticeable practice trend in 2017 has been that the use of technology assisted review (“TAR”)—also known as predictive coding—to search and review large document populations appears to be more widespread than in past years. We are seeing requesting parties more frequently using TAR in their review of substantial incoming productions, where the TAR protocol and training of the TAR tool will not be subject to challenge from the opposing party. We are also seeing TAR used more often in symmetrical litigation, where both sides have large production obligations and both use TAR—or want to have the option to use TAR—in their document search and review process. That is not to say that the use of TAR is commonplace, as many had anticipated would be the case by now. Rather, within a relatively small slice of litigation matters—those that involve particularly massive amounts of ESI to search and review—it appears that TAR is being used more than in the past. A substantial body of case law has developed regarding issues relating to the use of TAR.  See The Sedona Conference TAR Case Law Primer, 18 Sedona Conf. J. 1 (2017). Yet, many issues remain unresolved—except that TAR is generally accepted by the courts as a legitimate search and review methodology. There was a dearth of case law in 2017 involving disputes over TAR, perhaps reflecting that TAR is most being used on incoming productions and pursuant to stipulated protocols in symmetrical litigation. The two decisions in 2017 regarding TAR disputes dealt with the extent of transparency required regarding the TAR process and the use of search terms to cull a document population before the use of TAR. In Winfield v. City of New York, No. 15-cv-05236 (S.D.N.Y. Nov. 27, 2017), the plaintiffs argued that the defendant’s TAR model was improperly trained because its reviewers had over designated documents in the seed and training sets as non-responsive. The plaintiffs argued—and the court agreed—that several inadvertently produced documents designated as non-responsive used to train the TAR model were actually responsive. The plaintiffs sought both to bar the defendant from continuing to use TAR and to require disclosure of information about the TAR process—including the defendant’s coding of seed and training documents, how the defendant trained its document reviewers, and detailed information about the ranking system used in the TAR process (i.e., what relevance score cut-off was used, and how many documents were deemed responsive and unresponsive at each ranking level). The court referenced Sedona Principle 6, which provides that the producing party is in the best position to “evaluate the procedures, methodologies, and technologies appropriate for preserving and producing their own electronically stored information.” Id., slip op. at 20; see also The Sedona Conference Principles, Third Edition, 19 Sedona Conf. J. 1, 118 et. seq. (forthcoming 2018) (available at www.thesedonaconference.org). The court stated that, “[t]raditionally, courts have not micro-managed parties’ internal review processes for a number of reasons.” Those reasons include that “attorneys, as officers of the court, are expected to comply with Rules 26 and 34 in connection with their search, collection, review and production of documents, including ESI.” Additionally, the court stated that “internal attorney ESI work processes may reveal work product” and noted that “perfection in ESI discovery is not required[.]” Nevertheless, the court asserted, “parties cannot be permitted to jeopardize the integrity of the discovery process by engaging in halfhearted and ineffective efforts to identify and produce relevant documents.” Id., slip op. at 20-21. The court reviewed information about the defendant’s TAR process in camera—including information about the seed and training sets, its training of reviewers, and the validation process the defendant used. The court concluded that “the City’s training and review processes and protocols present no basis for finding that the City engaged in gross negligence in connection with its ESI discovery—far from it.” Id., slip op. at 23. Additionally, with respect to detailed information about the defendant’s TAR process—such as the cut-off used and the number of responsive and unresponsive documents at each ranking level—the court stated that it “views this information as protected by the work product privilege and, accordingly, [it] is not subject to disclosure.” Id., slip op. at 27; see also John M. Facciola and Philip J. Favro, Safeguarding the Seed Set: Why Seed Set Documents May Be Entitled to Work Product Protection, 8 Fed. Cts. L. Rev. 1 ( Feb. 2015). Nevertheless, because there was some evidence of “human error” in the training process, the court ordered the defendant to provide the plaintiffs, on an attorneys’ eyes only basis, with a random sample of 300 non-privileged documents from the population of documents the TAR process determined to be non-responsive. Id., slip op. at 25-26. The only other reported or widely publicized TAR decision in 2017, FCA US LLC, v. Cummins, Inc., No. 16-12883, 2017 WL 2806896, at *1 (E.D. Mich. Mar. 28, 2017), involved a dispute over “whether the universe of electronic material subject to TAR review should first be culled by the use of search terms.” Without any substantive discussion, other than to cite materials that it reviewed, the court stated that “[a]pplying TAR to the universe of electronic material before any keyword search reduces the universe of electronic material is the preferred method.” E-Discovery Vendor Developments The consolidation among medium-sized and large e-discovery service providers, usually financed by private equity funding, that has been going on for several years now only seemed to accelerate more in 2017. It is not apparent whether this consolidation is fundamentally altering the market for e-discovery services, other than to possibly result in greater stability in the space once all of the M&A dust settles. Generally, the market appears to be settling into several different segments: (1) large vendors with a national and often international footprint providing basic, commodity services using mostly standard technologies; (2) medium-sized vendors—also with a national and global footprint—focused on providing both expert e-discovery consulting and professional services as well as standard and more advanced technologies; (3) vendors of “do it yourself” online e-discovery software services (i.e., “SAAS,” aka software as a service), usually targeted at small and medium-sized law firms that now, increasingly, must deal with e-discovery; and (4) traditional local and regional vendors providing basic services, much as they have in the past. The local and regional vendors seem to be increasingly squeezed in this market, either being acquired by or not able to compete with the large vendors providing commodity services. Notably, it appears that there are far fewer new entrants in e-discovery services market—which used to have relatively low barriers to entry—than in the past. Also, there appears to have been significant maturation of some of the SAAS providers, which appear to be finding a solid niche in a potentially large market segment—small and medium-sized law practices—often not previously serviced by e-discovery providers. Other noteworthy developments in the vendor space have been the challenges posed by mobile devices, social media and ESI stored in the cloud—often requiring advanced tools and significant expertise to collect, process and search—and the more widespread availability of analytics applications that vendors can license and provide to their clients rather than having to develop in-house. Conclusion The past year showed once again that e-discovery continues to progress, but also continues to face new and pre-existing challenges. We hope that you found our 2017 Year-End E-Discovery Update informative. We invite you review further the many articles, client alerts and updates that our attorneys have published by going to the Gibson Dunn Electronic Discovery Practice Group’s page on the Firm’s website. The following Gibson Dunn lawyers assisted in the preparation of this client update:  Gareth Evans, Jennifer Rearden, Heather Richardson, Chelsea Mae Thomas and Natalie Dygert. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. The Electronic Discovery and Information Law practice group brings together lawyers with extensive knowledge of electronic discovery and information law.  The group is comprised of seasoned litigators with a breadth of experience who have assisted clients in various industries and in jurisdictions around the world.  The group’s lawyers work closely with the firm’s technical specialists to provide cutting-edge legal advice and guidance in this complex and evolving area of law.  For further information, please contact the Gibson Dunn lawyer with whom you usually work or the following leaders of the Electronic Discovery and Information Law practice group: Gareth T. Evans – Orange County (+1 949-451-4330, gevans@gibsondunn.com) Jennifer H. Rearden – New York (+1 212-351-4057, jrearden@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.