Tech Disputes - Winter 2022/2023

Key developments

Microsoft – Activision Blizzard deal would lead to higher prices, fewer choices, and less innovation for UK gamers

The CMA has published its provisional findings on its investigation into Microsoft’s proposed $69bn takeover of Activision Blizzard. The CMA has provisionally found that the merger may result in a substantial lessening of competition in gaming consoles and cloud gaming services in the UK. The CMA has proposed three options to remedy the issue: prohibition of the merger, divestiture of a part of Activision’s business, or behavioural commitments by the Parties. The CMA’s final report is due on 26 April 2023. See here for more information.

EU Directive on measures for high common level of cybersecurity now published

The new directive (EU) 2022/2555 seeking to achieve a high common level of cybersecurity across the European Union is now in force. It requires Member States to adopt national cybersecurity strategies and establish competent authorities to deal with cyber crisis management and incident responses. The directive also imposes supervisory and enforcement obligations on Member States, as well as establishing reporting obligations for entities in highly critical sectors such as energy, transport and health. Access the directive here.

French Regulator fines Discord, Microsoft’s Irish Unit and TikTok for data protection breaches

The French data protection authority (CNIL) has had a particularly active few months. Back in December 2022, CNIL fined Discord, the online voice, video and text communication company for several data protection breaches including the fact that users remained logged into the voice room even after closing the Discord application window. See our article here. That same month, CNIL fined Microsoft Ireland €60m for failing to allow users the opportunity to refuse cookies as easily as accepting them. In particular, CNIL found a breach of the French Data Protection Act for (i) the deposit of cookies without prior consent of the user; and (ii) the absence of a compliant means of collecting consent for the deposit of cookies (see here). CNIL also fined TikTok €5m in December 2022 for two reasons: (i) users of "tiktok.com" could not refuse cookies as easily as accepting them; and (ii) they were not informed in a sufficiently precise manner of the purposes of the different cookies (see here).

UK Competition Markets Authority sees emerging clean-energy markets such as EVs as a priority focus

The UK CMA has announced that it will prioritise work on fostering ‘strong competitive dynamics’ in the clean-energy market. In particular, it intends to monitor closely the competition around electric vehicle charging infrastructure which it currently considers to be too slow, inconsistent and lacking in transparency, especially with regards to pricing. The CMA is encouraging companies to invest in their supply chains and has warned that it will act on misleading claims on the environmental characteristics of products and services, known as greenwashing. See more here.

HM Treasury launches consultation on regulating crypto assets

Last month, HM Treasury launched its consultation and call for evidence on the future financial services regulatory regime for crypto assets. This consultation forms part of the Government’s commitment to managing the potential risks to consumers of an unregulated crypto asset sector. Recent market events including the failure of FTX have reinforced calls to regulate this swiftly-developing sector. Access the consultation here.

Meta Ireland fined €390m by the Data Protection Commission and a follow-on Class Action

Meta Ireland has been fined €210m (for breaches of the GDPR relating to its Facebook service), and €180m (for breaches in relation to its Instagram service). A follow-on class action claim has also been brought against Meta by a class of Facebook users. Whether the claim will take off is still to be determined - a hearing was held on 30 January to determine whether the class action procedure provided for in the Competition Appeal Tribunal could be invoked against Meta but the judgment has not yet been published. If the action is allowed to continue, this may be the revival of data breach class actions, previously set back by the Lloyd v Google judgment (as a reminder, see here).

Key cases

Chechetkin v Payward Ltd and others [2022] EWHC 3057 (Ch)

Following in the footsteps of the Soleymani v Nifty Gateway case (see article here), another case concerning cryptocurrency exchanges has reinforced the challenges associated with arbitration clauses in consumer-facing contracts. The claimant in this case brought a claim against Payward in the English Court, for breaches of the Financial Services and Markets Act 2000. In parallel, Payward commenced arbitration proceedings in California. The English court had to determine whether it had jurisdiction notwithstanding an arbitral award purporting to determine the claims. See the judgment here and our article here.

Osbourne v Persons Unknown Category A & Ors [2023] EWHC 39

The High Court has ruled that proceedings may be served solely by non-fungible token (NFT). The claimant in this case, Ms Osbourne, owned a digital wallet on the Opensea crypto asset marketplace containing two NFTs comprising 10,000 works of digital art, worth between £3,000 and £5,000. In January 2022, the NFTs were transferred out of the digital wallet by an unidentified hacker. The Court held that the claimant was entitled to serve the claim form on the unidentified hacker by NFT as she had no alternative method for serving it. The served documents were instructed to be redacted as the NFTs will be on the blockchain and so accessible to the public. While courts have previously allowed service by NFT, this decision is the first to allow service exclusively by NFT. See the judgment here.

LMN v Bitflyer Holdings Inc and others [2022] EWHC 2954 (Comm)

The English courts have again shown a willingness to assist victims of crypto-theft and fraud. LMN, a cryptocurrency exchange, was hacked in 2020. It subsequently brought a claim against rival cryptocurrency exchanges on the basis that these exchanges would have control over the addresses to which the hackers had allegedly transferred the cryptocurrency. It asked the court for three orders: i) permission to serve the defendants outside the jurisdiction, ii) service by alternative means and iii) Bankers Trust relief for the defendants to produce relevant information to LMN. The court granted all three orders. A key takeaway is that cryptocurrencies are now likely to be considered property under English law and will therefore be subject to proprietary remedies including asset tracing. Read the judgment here.

Tulip Trading Limited (A Seychelles Company) v Bitcoin Association For BSV & Ors [2023] EWCA Civ 83

On 3rd February, the Court of Appeal ruled that the question of whether digital asset developers owe fiduciary duties and duties of care should go to trial. The claim centres around Tulip Trading’s allegation that it lost $4.5bn worth of bitcoin on networks controlled by 16 developers when the computer of Tulip’s CEO was hacked and the private keys controlling the Bitcoin were deleted. Tulip claimed that the control of the networks by the defendants resulted in an imbalance of power that meant they owed it a duty of care to take all reasonable steps to restore the private keys. Read the full judgment here.

Seattle School District No. 1 v. Meta Platforms Inc. et al., 2:23-cv-00032 (W.D. Wash. Jan. 6, 2023)

In the US, the Seattle Public School (SPS) system has launched proceedings against the Big Tech companies behind the most popular social media platforms (Facebook, YouTube, Snap, Instagram and TikTok) for the impact the companies have had on the mental health of America’s young people. SPS’ claim relies on legal principles previously used successfully by claimants against Big Tobacco - that the companies had knowledge of the harm these platforms could cause and yet marketed them in a way that resulted in the addiction of young consumers to the platforms. While this type of general class action is unlikely to be seen in the UK any time soon, it will be interesting to observe any potential change in corporate practice as a result of the US lawsuit. See more here.

Demystifying ChatGPT: Practical application, risks and opportunities

Demystifying ChatGPT: Practical application, risks and opportunities

ChatGPT, OpenAI’s publicly-accessible AI language model, has been attracting increasing attention in recent months.

In our webinar on the topic we demystify ChatGPT by:

• explaining what it is and how it works (including its limitations);
• how organisations (including law firms) are using it, and how it may be used most effectively in future; and
• exploring the risks and opportunities, both practical and legal.

During the webinar, you'll see ChatGPT in action and discover:

• whether it can draft legal agreements and conduct legal research;
• whether it can explain AI regulation (in poetry!); and
• what it says itself about how it can / should be used and its risks.

Access the on-demand webinar here.