Recent developments in the area of collective redress will redefine the litigation landscape in Germany and throughout Europe.

Mass actions have been on the rise throughout Europe for some time. In 2020, the balance clearly tipped towards a more plaintiff-friendly environment. Most importantly, the EU passed a new directive on representative actions that will implement an EU-wide collective redress regime. Traditional mass actions have spiked, too, and a particular area of focus for many companies should be GDPR-related claims, a segment of the market that saw a number of troublesome judgments in 2020. Finally, legal tech companies and litigation funding received a big boost from the German Federal Court of Justice (FCJ), and now the German lawmakers is getting involved.

Market Observations and Outlook

EU-Wide Collective Redress Regime

The EU has adopted a new collective redress regime that will redefine the litigation landscape in Germany and throughout Europe. Here is what to expect.

On 25 November 2020, the EU adopted a new directive on representative actions that will allow certain qualified entities to bring collective actions on behalf of consumers across Europe. Member States will have to transpose the directive by 25 December 2022, and the new rules will apply as of 25 June 2023.

The directive aims to strike a balance between improving consumers’ access to justice and ensuring the necessary safeguards for companies to avoid abusive litigation. To that end, the directive provides that each Member State must implement an effective and efficient collective redress mechanism that will allow qualified entities to bring domestic and cross-border representative actions on behalf of consumers. Unlike the German Declaratory Model Action, representative actions will extend beyond a declaration to include injunctive relief and immediate redress (e.g., damages). At the same time, the directive abstains from awarding punitive damages and imposes certain requirements on the qualified entities, particularly relating to designation and funding.

The European legislature decided against a uniform approach to collective redress and instead opted to set out a number of minimum standards and safeguards that Member States will have to implement. This leaves ample discretion to Member States on how to transpose the directive into their national laws, and will likely lead to a patchwork of different rules across Europe. The fragmented rules create substantial risk that companies should be aware of. For example:

• The directive does not contain an independent regime for international jurisdiction, but instead refers to the Recast Brussels Regulation. In many cases, therefore, a qualified entity will have several options of jurisdiction in which to bring an action.
• Plaintiffs will likely pursue their claims in jurisdictions where the legal framework is most favorable to them (so-called forum shopping). As such, some Member States may try to attract legal proceedings by offering ever more favorable frameworks for qualified entities, which could result in a race to the bottom.
• The directive does not prohibit third-party litigation funding but provides that there must be no conflict of interest for the qualified entities and that consumer interests are protected. Accordingly, the availability of third-party litigation funding will have a significant impact on the attractiveness of each Member State’s new regime.

Against this background, the new directive will likely further strengthen the plaintiff bar and lead to an increase in consumer litigation. This expected outcome is in line with the overall trend towards greater commercialization of consumer rights, which is already a focus of litigation funders and legal tech companies in a number of areas, including air passenger rights and data protection.

For more information on the collective redress regime, see Latham’s article in FAZ.

For information on the FCJ’s decision preventing commercialisation of the German Declaratory Model Action, see this LathamGermany blog post.

Litigation Funders and Legal Tech

Litigation funders and legal tech companies continue to be on the rise. Now the German legislature is getting involved.

Legal tech companies entered 2020 with high hopes. The German Federal Court of Justice (FCJ) had just handed down a judgment validating the business model of legal tech company LexFox, which operates (and offers legal services) based on a collection license. Such an operation, the FCJ held, did not violate the German Legal Services Act (Rechtsdienstleistungsgesetz). The decision was groundbreaking in that many other legal tech companies, such as myRight and Flightright, basically operate under the same business model.

Following the Lexfox decision, 2020 saw several setbacks for legal tech companies. District courts across Germany held that the services offered by myRight and Flightright differed decisively from services offered by Lexfox and were therefore no longer covered by their respective collection license. As a result, the courts found the assignment of claims to the legal tech companies to be invalid and dismissed the claims for lack of standing to sue.

In 2021, the battle between “traditionalist” law firms and “modern” legal tech companies will continue. Not only will we see the first decisions by the appellate courts (and maybe even another decision by the FCJ), but the German legislator is also getting involved. Just a few weeks ago, the Ministry of Justice published a first draft for a revision of the Legal Services Act. The revision aims to provide further guidance and legal certainty for legal tech companies, while allowing law firms to offer contingency fees and litigation funding in certain circumstances — almost a revolution compared to the existing regime. The German Bar has already voiced strong opposition, and a heated debate is guaranteed.

Regardless of the initiative’s outcome, consumers’ options to pursue their claims will certainly increase in 2021. This is good news for consumers, but a challenging perspective for many companies.

For more information on the status of legal tech, see Latham’s article in LTO.

GDPR Civil Damages: New Risks for Mass Actions

In recent months, German courts have been increasingly following a course similar to the US model of awarding damages in actions alleging data privacy violations. This development may result in mass data litigation and other substantial financial consequences for companies, particularly those involved in the digital economy.

Under Article 82 GDPR, data subjects may claim compensation for any material and/or immaterial damage suffered due to a data protection violation. Before the GDPR became binding in May 2018, data subjects could not readily obtain substantial immaterial damage under German data protection laws. Critically, data protection violations now also give rise to potential damages claims. As data protection violations often affect a large number of data subjects, the financial risks may be considerable — particularly in the event of data breaches, such as ransomware or other cybersecurity incidents.

Experience has shown that respective mass claims for damages may have an even greater impact for companies than fines and other administrative proceedings. Data protection activists, plaintiffs’ counsel, litigation financiers, and other relevant parties across the EU have already recognized the far-reaching opportunities that the new legal situation under the GDPR presents. The risks for companies may multiply if a data protection violation affects both customers and business partners. In such circumstances, companies may face termination of business contracts and/or claims for contractual compensation payments, in addition to damages claims under Article 82 GDPR.

German courts are increasingly deviating from the restrictive approach they have traditionally taken in relation to immaterial damages for data protection violations. Recently, the courts have awarded GDPR damages claims of up to €5,000 per plaintiff.

Courts should consider the economic consequences that could result from dissuasive or deterrent damages. Even minor infringement of data protection rules can affect a large number of data subjects and potentially lead to mass proceedings against companies. These judgments are likely to give rise to considerable opportunity for plaintiffs, consumer lawyers, litigation financiers, and law firms to bring class actions for damage in future cases in which negligible harm is identified.

Summary, Defence Strategies, and Outlook

Defendants in data privacy damages proceedings should be aware that certain arguments have led other courts to dismiss actions for immaterial damages. For instance, defendants can often challenge the arguments put forward by the plaintiffs to prove the existence of damage of some materiality. Rapid action to mitigate a potential plaintiffs’ harm is often key to the success of such arguments. Experience shows that preparing defence strategies in advance or immediately after data subjects have raised claims according to Article 82 GDPR can minimize risks considerably.

The decisions on GDPR damages claims presented in this Latham Client Alert are a cause for concern, but not panic. Nevertheless, companies are well-advised to develop strategies to effectively defend against damages claims.