Developments in mass claims & class actions

The Netherlands has a long tradition of representative actions on behalf of affected parties, in particular of collective settlements under the Act on the Collective Settlement of Mass Damages (WCAM). With the introduction of the Act on Collective Damages Claims (WAMCA) in 2020, the Netherlands anticipated the European Directive on cross-border representative actions.

The WAMCA has been a game-changer in Dutch mass claims proceedings. It allows the claims of various affected parties to be channelled through a claims organisation acting on their behalf. Those claimants are bound by the collective WAMCA proceedings if they have their domicile or residence in the Netherlands, unless they have explicitly opted out. Affected parties without domicile or residence in the Netherlands are not bound by the collective proceedings, unless they have opted in, although the applicability of the opt-out regime to foreign affected parties can be requested if sufficient grounds are given.

The WAMCA has international appeal for several reasons, such as:

(i) Permitting awards for damages, thereby allowing for effective and conclusive conflict solving

(ii) Multiple potential jurisdiction grounds, facilitating the recognition and involvement of international defendants.

Dutch courts take a rather flexible and cooperative approach to WAMCA proceedings. They are willing to consider phased approaches, tailor-made proceedings and other adaptions where possible and in the interest of the parties. Procedural strategy is rewarded and pays off later in the process. Different types of cases have been initiated under the WAMCA regime. Some are about actual claims for damages, but a large proportion is about non-compensatory actions, such as claims for privacy breaches or infringement of intellectual property rights.

A key question is whether proceedings under the WAMCA are effective and efficient. If the answer to this question is not clear, defendants have several defences relating to the admissibility of the claimant organisation, especially if claim organisations attempt to overcomplicate the proceedings or are not transparent in their funding arrangements.

The Netherlands is one of the most popular European jurisdictions for damages claims based on an infringement of competition law. In such proceedings, the claimant seeks compensation for harm suffered due to a cartel or an abuse of a dominant market position. Such claims are usually brought after companies have been fined for an infringement by the European Commission or a national competition authority.

Depending on the nature of the infringement, multiple high-value claims may be brought by a large number of injured parties before the courts in various countries. In the past decade, different mass claims of this nature have been brought before the Dutch courts, including by claimants who are acting on the basis of claims that have been assigned to them by multiple other parties.

The popularity of the Dutch jurisdiction has different reasons, including experience, costs, and certain aspects of Dutch procedural law. However, it should always be assessed on a case-by-case basis whether the Netherlands is indeed the most appropriate forum, and whether the Dutch courts have jurisdiction.

Article 8(1) Brussels I bis Regulation provides that a person domiciled in a member state may also be sued - where he is one of a number of defendants - in the courts for the place where any of them is domiciled (the anchor defendant), provided the claims are so closely connected that it is expedient to hear and determine them together to avoid the risk of irreconcilable judgments resulting from separate proceedings. Three cases are currently pending before the European Court of Justice (ECJ) for preliminary rulings on the application of these rules: C-393/23, C-672/23 and C-673/23. They have in common that the claimants consider one or more parties domiciled in the Netherlands which are not addressees of an infringement decision as ‘anchor defendants’ for the Dutch court’s jurisdiction for damages claims against non-Dutch co-defendants that are such addressees.

C-393/23 concerns a matter that has been referred by the Dutch Supreme Court (Hoge Raad). The ECJ has been asked whether the court of the parent company’s domicile, when assessing its jurisdiction under Article 8(1) Brussels I bis Regulation with regard to a subsidiary established in another member state, in the context of the close-connection requirement referred to in that provision, must rely on the competition law presumption that the parent company exercises decisive influence on the economic activity of the subsidiary which is the subject of the proceedings. If that question is to be answered in the affirmative, the ECJ has been asked how the criterion formulated in the ECJ’s prior judgments in Kolassa (C-375/13) and Universal Music (C-12/15) is to be interpreted. In those judgments the ECJ held that in the context of the determination of jurisdiction, it is not necessary to conduct a comprehensive taking of evidence in relation to disputed facts that are relevant both to the question of jurisdiction and to the existence of the claim, but that the court must assess all the evidence available to it, including, where appropriate, the arguments put forward by the defendant.

C-672/23 and C-673/23 concern different matters that have been referred by the Amsterdam Court of Appeal (Gerechtshof Amsterdam). The questions in these matters also pertain to the application of Article 8(1) Brussels I bis Regulation. They seek clarification about the close connection requirement when considering different factors, such as the roles and activities of the various defendants.

The referred questions in one or both of these cases inter alia seek to clarify:

• The relevance of whether it is foreseeable that the relevant co-defendant will be sued in the court of the anchor defendant
• Whether the allowability of the claim against the anchor defendant should be considered when determining jurisdiction
• Whether the right under EU law to damages following an established breach of the EU law prohibition on cartels includes the right to claim damages suffered outside the EEA
• Whether an intermediate holding company which merely manages and holds shares meet the second criterion of the ECJ’s Sumal judgment (C-882/19)
• Whether the competition law presumption of decisive influence by the (fined) parent companies over the economic activity of the subsidiaries can be applied in cartel damages cases
• Whether different defendants domiciled in the same member state can be anchor defendants (together)
• Whether Article 8(1) Brussels I bis Regulation directly and immediately designates the relative competent court, overruling national law
• Depending on the answers to other related questions, whether there is room for internal reference to the court of the defendant’s domicile in the same member state when applying Article 8(1) Brussels I bis Regulation.

The anticipated preliminary rulings could offer further guidance on jurisdiction over these types of claims based on competition law infringements. Not only for Dutch courts, but also for courts in other member states.

The European Union is poised for a significant overhaul of its product liability framework. The consensus reached by EU bodies on the forthcoming EU Directive on Liability for Defective Products (the New PLD) will replace the current EU Product Liability Directive. This marks the first comprehensive revision of the EU’s strict liability system in almost four decades.

Prompted by concerns that the existing regime was ill-suited for modern digital challenges, including those arising from connected products, artificial intelligence, e-commerce these reforms aim to modernise. Concurrently, the New PLD broadens both the potential claims and recoverable damages while simplifying proof requirements for consumers. This could lead to more frequent product liability lawsuits throughout the EU in sectors like pharmaceuticals, medical devices, technology, and food and beverage.

The key reforms and considerations are:

• The New PLD includes standalone software (AI included), with certain exceptions. Companies should assess if their software is within scope of this directive.
• The scope of entities potentially accountable for products or their components (software and associated services included) has been widened under the New PLD. Importers, manufacturers’ authorised representatives or fulfilment service providers need to evaluate their potential inclusion under this directive.
• Compensation rights under the New PLD have been extended to natural persons for various types of harm. Notably covered are medically acknowledged psychological injuries and data destruction or corruption damages - excluding data used professionally.
• The New PLD mandates disclosure provisions for claimants in product liability cases, including collective actions. Companies must devise strategies to manage disclosures across member states while safeguarding confidential and privileged information.
• Presumptions regarding a product’s defectiveness or a causal link between a defect and incurred damage are established within the New PLD. These presumptions lower barriers for claimants - individuals or groups - to seek legal remedies. Additional presumptions apply when proving defects or causality presents ‘excessive difficulties’ due to technical or scientific complexities.
• New criteria set forth by the New PLD guide courts in determining product defects. Considerations include compliance with relevant safety regulations - cybersecurity included - and whether a product can learn or gain new features post-deployment.

The New PLD is designed to streamline the process for claimants, whether they are filing individually or on a collective basis. The disclosure and rebuttable presumptions mechanisms, which are primarily intended to support individual consumers facing challenges in substantiating a claim on their own, will probably be tactically employed by well-funded claim foundations orchestrating class-actions.

These reforms coincide with other policy developments on new AI regulation proposals, circular economy initiatives, and cybersecurity measures - all contributing to a fundamental shift in Europe’s risk management landscape. The anticipated timeline suggests that EU institutions may adopt the New PLD mid-2024. Following adoption, member states will have two years to implement it into national legislation.

The wave of ESG-related legislation resonates outside the EU, as several ESG laws will apply directly to non-EU companies with turnover in the EU, while also serving as an example for legislation in non-EU jurisdictions. As a general trend, international frameworks for responsible business conduct are increasingly finding their way into binding EU legislation, be it as a source of inspiration or by direct incorporation.

Three trends underpin the development towards a more demanding legal ESG space in the years to come:

• Under the Corporate Sustainability Reporting Directive (CSRD), companies are required to disclose a multitude of qualitative and quantitative ESG-related datapoints following a double materiality-approach. The ensuing transparency will spark debate both inside and outside the courtroom. In practice, non-EU companies already take note of the CSRD and ESRS for their reporting.
• The Corporate Sustainability Due Diligence Directive (CSDDD) has been adopted by the European Parliament and will require large companies to act by conducting ESG due diligence on their own operations as well as on their ‘chains of activities’. Its ESG due diligence is rooted in international frameworks for responsible business conduct, which companies can use as guidance in designing their ESG due diligence processes. Companies in scope of the CSDDD must also adopt and put into effect a Paris-aligned climate transition plan, including inter alia time-bound, science-based emissions reduction targets for Scope 1-3 emissions. Non-EU companies with turnover in the EU will be in scope of the CSDDD as well. The Deforestation Regulation and the Forced Labour Regulation bring additional due diligence responsibilities.
• Upcoming anti-greenwashing regulation, such as the EU Green Claims Directive, requires companies to re-design their communication and reporting policies and processes on sustainability-related matters. Greenwashing rules apply to statements on both the product- and entity-level. We see a notable uptick in public and private greenwashing enforcement, while companies should also prepare for stricter anti-greenwashing legislation.

Changing civil law duties towards society and within business concerns
European ESG legislation does not operate in a vacuum. As a more general trend, the responsibility of holding companies towards their subsidiaries is shifting under Dutch civil law. Claimants increasingly attempt to extend claims at the subsidiary-level to holding companies and other companies within the group, arguing that the holding company is bound by a duty of care towards third parties that are affected by the dealings of their subsidiaries. This trend is visible in for example the EU, England and Brazil. Furthermore, (prospective) ESG legislation and international frameworks for responsible business conduct influence the responsibilities of companies under national civil law.

Frameworks such as the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (OECD Guidelines) and the UN Guiding Principles for Business and Human Rights (UNGPs) are increasingly considered to reflect societal and legal expectations from companies. Companies should therefore assess how they will give effect to the notion of corporate responsibility towards their value chain and ESG due diligence processes.

Domestic and cross-border litigation on the ‘E’ in ESG
In terms of litigation, a diverse range of climate, environmental and greenwashing cases requires Dutch boards’ attention. While ‘backward-looking’ claims for climate damages are prevalent in the US, litigants in the EU at this stage predominantly argue for a ‘forward-looking’ climate-related duty of care. In the Netherlands, this approach was already applied successfully against the Dutch State in Urgenda, and against Shell plc in Milieudefensie/Shell (currently under appeal). As many ESG-related claims can be regarded as opportunistic and will not succeed, companies should distinguish litigation risks and liability risks as much as possible.

At the same time, outcomes of climate litigation procedures are still uncertain. It should be considered that the materialisation of climate change will inevitably have an increasing impact on human lives. The notion that the European Charter of Human Rights requires states to protect their citizens against dangerous climate change was accepted by the Dutch Supreme Court in the landmark Urgenda case, and was confirmed by the European Court of Human Rights in Verein KlimaSeniorinnen v. Switzerland. NGOs will rely on such judgments in an attempt to argue that companies should respect human rights as well, and are therefore bound to take ambitious climate action in order to “do their part”. Whether or not courts will feel the urge to step in will depend inter alia on the level of ambition of legislation. Political inaction will increase the likelihood that the judiciary will address regulatory gaps that contribute to violations of citizens’ rights. This tension will influence the debate on ESG litigation for the years to come.

With regards to mass claims for environmental damages, a trend can be discerned in which claimants attempt to hold foreign companies liable in front of Dutch courts by relying on a Dutch anchor defendant. This trend cannot be viewed separately from the emergence of third-party litigation funding. Dutch courts have to date shown a varying willingness to accept jurisdiction for such claims. On the merits of these cases, often based on foreign law provisions, outcomes are mixed as well. Nevertheless, the number of mass claims relating to foreign environmental damages at Dutch courts may rise in the years to come.

The General Data Protection Regulation (GDPR) has introduced a new dimension to data protection with the emergence of collective damage claims. These claims are becoming increasingly significant as they offer individuals and advocacy groups a means to seek redress for privacy rights violations.

Under the GDPR, individuals are granted extensive data protection rights, including access to their data, the right to erasure, and data portability. A key enforcement tool is the right to compensation for both material and non-material damages arising from data protection breaches. This has led to collective actions against non-compliant entities under Article 80 of GDPR, which provides:

• Opt-in representation under Article 80(1): entities can represent individuals who have given explicit consent, including filing complaints and seeking compensation.
• Opt-out representation under Article 80(2): member states may allow representation without explicit consent but not necessarily for compensation claims unless specified by national law.

In the Netherlands, the Dutch WAMCA complements GDPR by offering a framework for collective redress without individual mandates, subject to representativeness criteria. The Directive on Representative Actions aims to enable consumer organisations to bring representative actions against companies for unlawful practices. However, it does not alter GDPR’s stance on collective damage claims without individual mandates. The Dutch Minister’s interpretation suggesting otherwise may exceed GDPR boundaries.

Legal ambiguities and interpretation issues
Despite these mechanisms, ambiguities persist regarding whether organisations can claim damages under GDPR without direct mandates from affected parties - a matter that has seen varied interpretations in Dutch courts. Notably, a discrepancy in Recital 142’s translation - specifically in its Dutch version - has raised questions about whether interest organisations can claim compensation on an opt-out basis.

Oracle and Salesforce argued before the Amsterdam court that this translation error could mislead one to believe that such claims are permissible without individual mandates. However, legislative intent suggests otherwise; EU negotiations intended for compensation claims only within opt-in scenarios due to concerns over creating a claim culture.

The Amsterdam court’s decision in TikTok’s case was criticised for relying solely on the Dutch text rather than considering all language versions or broader EU context. This approach missed an opportunity for greater judicial clarity at an EU level on whether organisations can bring collective damage claims under GDPR without individual consent.

The Amsterdam court recently ruled in the TPC/Salesforce and Oracle case that a preliminary question might need to be asked regarding the interpretation of Article 80(2), specifically concerning the requirement of an assignment.

European legislators had a clear intention with Article 80(2) GDPR: they did not want interest organisations to initiate collective damage claims without individual mandates from the persons concerned. This implies that, while advocacy is recognised, the right to litigate on behalf of others is strictly regulated to prevent collective damages claims absent individual mandates. Upcoming appellate decisions especially preliminary decision(s) will hopefully provide further clarity on how Dutch courts interpret WAMCA alongside GDPR provisions.

Looking ahead: rules for the use, protection and liability of AI
As we consider the current landscape shaped by the GDPR, it is imperative to also direct our foresight towards impending regulatory developments within the EU, particularly those concerning artificial intelligence. The proposed Artificial Intelligence Act and the AI Liability Directive represent significant advancements in EU legislation, poised to address the complex interplay between emerging technologies and legal accountability.

The Artificial Intelligence Act (AI Act) seeks to establish a legal framework for AI deployment within the EU. It categorises AI systems based on their safety risk and aims to impose stringent compliance requirements on high-risk AI systems, including transparency obligations, data governance standards, and human oversight mechanisms. By delineating these obligations, the AI Act could substantially influence liability considerations for developers and operators of AI systems.

Complementing the AI Act, the proposed AI Liability Directive intends to modernise existing liability rules and adapt them to the digital age. It proposes harmonised rules that would facilitate non-contractual civil liability claims for damages caused by AI systems. The directive’s focus is not only on establishing clear criteria for attributing liability but also on ensuring that victims have effective remedies at their disposal when harmed by an AI system.

The convergence of these two legislative instruments has profound implications:

• Enhanced legal certainty - By providing specific provisions related to high-risk AI applications, these regulations aim to reduce legal uncertainty about who bears responsibility when things go wrong - a clarity that could embolden potential claimants.
• Facilitation of collective redress - With clearer attribution of liability, affected parties may find it easier to aggregate claims into collective actions - especially where an issue affects many individuals in a similar way.
• Preventive effect - The prospect of mass claims might incentivise companies to invest more heavily in compliance measures upfront, potentially reducing instances of harm from high-risk AI applications.
• Increased litigation risk - Entities involved in developing or deploying AI may face heightened litigation risks as these laws lower barriers for claimants seeking compensation for harm caused by such technologies.
• Cross-border implications - Given the borderless nature of digital markets and services, harmonised EU-wide regulations could lead to cross-border mass claims involving multiple jurisdictions within Europe.
• Interplay with GDPR precedents - GDPR enforcement has already set precedents regarding mass data protection claims. Similar patterns may emerge under the new framework as it relates to harms caused by artificial intelligence.

While there is potential for an increase in mass claims under these new regulations, much will depend on how the AI Liability Act is finalised and implemented across member states. As such developments unfold, entities operating within or entering into the European market should closely monitor these regulatory changes and prepare accordingly for a new era of accountability in artificial intelligence.