Commercial and tech update - May 2019

SAP ERP implementation issues give rise to class action lawsuits

This month’s news that a number of law firms are filing class action lawsuits against Revlon on behalf of its shareholders reminds us of the age old adage that by failing to prepare, you might just be preparing for failure. Shares in Revlon Inc plummeted after the company announced that it would be delayed in filing its annual report for 2018 after identifying a material weakness in its financial reporting controls. Revlon explained that the issues were down to problems with the implementation of its SAP enterprise resource planning ("ERP") software system in its North Carolina manufacturing facility. The lawsuits claim that a failure to properly prepare and plan for the implementation of the ERP system caused the service issues which ultimately led to the fall in the share price.

The implementation of the SAP ERP software, used to manage supply chains, logistics and accounting, should have delivered the integration of planning, sourcing, manufacturing, distribution and finance functions. However, failures in implementation affected Revlon’s ability to manufacture goods and fulfil orders to large US retail customers. According to one of the filed lawsuits, the disruption caused by the challenging implementation exercise in Q1 2018 meant that Revlon was unable to fulfil shipments of around US$64 million of net sales. Revlon has also been said to have incurred millions of dollars in incremental costs to remediate the disruptions to its service levels.

It certainly isn’t unusual to hear of problems arising with the implementation of ERP systems, particularly when migrating legacy data onto the new system, and integrating the system with existing systems and third party services. It’s vital to spend time planning how an ERP system will be implemented into your organisation’s existing processes, and making sure that the project plan forms part of binding contractual commitments, with each party’s responsibilities within the process made crystal clear.

Relational contracts and the duty of good faith

Bates v Post Office Ltd (No.3) [2019] concerned a group action with around 550 claimants (the majority of them sub-postmasters) involving various claims against the Post Office regarding software errors in its accounting system ("Horizon") that the claimants allege caused a number of accounting discrepancies for which they were not liable. The Post Office denied that Horizon was at fault and pursued the claimants individually for any shortfalls. The claimants sought damages for (amongst other things) financial loss, unconscionable dealing and unjust enrichment. The court held that certain contracts between the Post Office and the sub-postmasters were relational and therefore subject to an implied obligation on the parties to act in good faith.

Fraser J held that whether a contract is relational is dependent upon the context of such a contract (including the commercial circumstances and the nature of the relationship between the parties) as well as its terms. Fraser J offered a (non-exhaustive) list of characteristics that he considered relevant when establishing whether a contract was relational or not, such as:

• there must be no specific express terms in the contract that prevents a duty of good faith being implied into the contract;
• the contract will be a long-term one, with the mutual intention of the parties being that there will be a long-term relationship;
• the parties must intend that their respective roles be performed with integrity, and with fidelity to their bargain;
• the parties will be committed to collaborating with one another in the performance of the contract; and
• there may be a degree of significant investment or substantial financial commitment by one party (or both) in the venture.

The court’s view was that a duty of good faith goes beyond an obligation of honesty, but requires that parties refrain from behaving in a way that would be considered "commercially unacceptable by reasonable and honest people". Fraser J found that a number of implied terms identified should be implied into the contracts. Those terms included specific obligations on the Post Office to keep accurate records of all transactions affected using Horizon and to properly, fully and fairly investigate any shortfalls before seeking recovery from the claimants.

The judge decided that a further three of the identified terms should be implied, not as a consequence of the contracts being relational, but instead because they were necessary for business efficacy. Those terms included obligations on the Post Office: (i) to provide adequate training and support; (ii) to provide a system which was reasonably fit for purpose; and (iii) to take reasonable care in performing and exercising functions within the relationship.

Whilst the court added that an obligation of good faith will not be implied into all commercial contracts, it appears that the matter of when a duty of good faith should be implied will continue to raise questions until some clarification is provided by the Supreme Court.

I always remember a face

A claim challenging the use of facial-recognition technology by police has been filed in the United Kingdom.

Ed Bridges, with support from human rights group Liberty, is challenging the unlawful use of facial recognition by the South Wales Police, which allegedly scanned Bridges' face twice.

Bridges was shopping in Cardiff, when he walked past a police van. He alleges that by the time he noticed the automatic facial recognition on the side of the van his data had already been captured.

The cameras take a biometric map, creating a numerical code of the faces of each person who passes the camera. It then compares them to a watch-list of images, which can include suspects, missing people and persons of interest to the police. The cameras scan faces in large crowds in public places such as shopping centres, streets, sports matches or music events.

It operates in a similar way to taking DNA / finger print samples; however, with no specific regulation as to how the police can use the technology or the data it gathers, Liberty have sought to argue that the technology breaches human rights and therefore should not be used.

Facial recognition's usefulness for spotting, for example, terrorist suspects and preventing atrocities is clear but Liberty says the technology is being used for much more mundane policing.

South Wales Police counter argued its use of the technology does not infringe the privacy or data protection rights of Bridges as it is used in the same way as photographing a person’s activities in public, and it does not retain the data of those not on its watch-list.

The case lasted three days, with judgement to follow in due course.

OECD adopts principles on Artificial Intelligence

On 22 May 2019 The Organisation for Economic Co-operation and Development ("OECD") members approved and adopted the OECD Council Recommendation on Artificial Intelligence ("AI") (link here). The Recommendation sets out five complementary values-based principles for responsible stewardship of AI:

• Driving inclusive growth, sustainable development and well-being: to ensure that AI benefits people and the planet.
• Human focused values and safeguards: the design of AI systems should respect the rule of law, human rights, democratic values and diversity and include appropriate safeguards, such as enabling human intervention where required to ensure a fair and just society.
• Transparency: AI systems should be transparent and responsible disclosure of AI systems is encouraged to enable people to understand and challenge them as appropriate.
• Robustness, security and safety: the AI systems should be robust, secure and safe and regularly assessed and managed for potential risks.
• Accountability: those involved in developing, deploying or operating AI systems need to be held accountable for their functioning in line with the above principles.

The recommendation also contains suggested actions for governments to take to further the above principles:

1. Facilitate public and private investment in research & development to spur innovation in trustworthy AI: This includes interdisciplinary cooperation to create open datasets that are representative to tackle issues regarding bias interoperability and privacy.
2. Foster accessible AI ecosystems with digital infrastructure and technologies and mechanisms to share data and knowledge: An example of this would be promoting data trusts to support the safe, fair, legal and ethical sharing of data.
3. Ensure a policy environment that will open the way to deployment of trustworthy AI systems: Methods to achieve this includes using experimentation to provide a controlled environment for AI systems to be tested and scaled up and to review policy and regulatory frameworks/assessment mechanisms to encourage innovation and competition for AI.
4. Empower people with the skills for AI and support workers for a fair transition: Examples of this include offering training, information and support and new opportunities for those displaced as a result of AI.
5. International cooperation for trustworthy AI: There is a need for global technical standards to enable interoperability and use of internationally comparable metrics to assess progress in the implementation of the above principles.

The adoption of the recommendation comes just over a month after the release of the Ethics Guidelines for Trustworthy AI by the European Commissions’ High-Level Expert Group on AI. The responsible development and use of AI remains a global topic of discussion.