UK Supreme Court: Serious Fraud Office Cannot Compel Foreign Companies to Produce Documents Held Abroad
Case: R (on the application of KBR, Inc) (Appellant) v Director of the Serious Fraud Office (Respondent) [2021] UKSC 2
On February 5, 2021, the UK Supreme Court ruled that the Serious Fraud Office (SFO) cannot compel foreign companies with no presence in the jurisdiction to produce documents held abroad using its powers under Section 2(3) of the Criminal Justice Act 1987 (CJA 1987).
After losing its ability to use European Investigation Orders to obtain evidence located in other EU member states due to Brexit, the judgment is a further setback for the SFO in terms of the extraterritorial reach of its investigative powers and may in certain circumstances affect its ability to investigate fully cross-border serious fraud cases. When seeking documents or electronic data held abroad from foreign companies that are not registered in the UK or do not carry on business there, the SFO will now have to rely on mutual legal assistance or an overseas production order (where such mechanisms are available).
However, the Supreme Court’s ruling will provide foreign companies with greater certainty regarding documents that may have to be produced to the SFO, particularly where production could be resisted in their own jurisdiction on grounds of privilege.
UK Supreme Court Grants Google Permission to Appeal Class Action Claim in Lloyd vs Google LLC
The Supreme Court has recently granted Google permission to appeal the Court of Appeal’s decision in the case of Lloyd v Google LLC ([2019]) EWCA Civ 1599). The class action brought against Google by Richard Lloyd, the former editor of consumer protection rights group “Which?”, relates to the alleged tracking of personal data by Google of 4.4 million iPhone users and subsequent selling of the users’ data to advertisers, without the users’ knowledge and consent. Google is now appealing the Court of Appeal’s decision granting Mr Lloyd permission to serve his representative action on Google. This landmark case is of particular importance as it has the potential to significantly widen the scope for claims to be brought in respect of a failure to protect data under the GDPR.
UK Supreme Court Rules Morrisons Not Vicariously Liable for Malicious Data Breach by Employee
Case: WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12
In a decision that employers will welcome, the UK Supreme Court recently ruled that Morrison Supermarkets (Morrisons) was not vicariously liable for a data breach committed maliciously by a former employee who, acting to satisfy a personal vendetta against Morrisons, disclosed employee payroll data online.