The Case for Mandatory Regulation: Jurisprudence Showcases the Need to Move On from Self-Regulation in Tech   

The past decade has seen evolution of regulatory norms applicable to the tech sector simultaneously with a rising number of human rights violations implicating these companies. The rapid growth of tech firms has often outpaced the development of laws to police them, resulting in a dangerous reliance on self-regulation, courts, and after-the-fact measures as governments struggle to keep up with the pace and harms of the industry.  

Today’s tech landscape is consequently defined by a pervasive lack of accountability. Operating on a global scale, tech companies often evade national laws and regulations.  

Courts and law enforcement agencies are increasingly taking note of company failures in addressing misinformation, enabling surveillance, work exploitation, and infringing on personal privacy – and their consequent harms for society. For instance, the New Mexico Attorney General lawsuit against Meta’s CEO on the exploitation of children on the company’s platforms; and the recent criminal complaint against Bookings.com for allegedly profiting from listing rental properties in illegal Israeli settlements. 

Some tech companies have attempted to address the lack of clear regulation by establishing their own oversight boards. While these initiatives represent a step toward greater accountability, such boards often lack the independence and enforcement power, and are frequently criticised  for addressing issues only after they escalate into public scandals. 

As these harms begin to more frequently surface in courts across the world, there appears a growing global awareness of the role of regulation to mitigate and prevent them. The European Union (EU) has taken a leading role, enacting several regulations seeking to establish mechanisms and responsibilities based on business and human rights principles to hold tech companies accountable. In Brazil, similar regulations have been enacted, with authorities actively enforcing them to fight abuses facilitated or caused by tech companies. While these measures are not without flaws, they represent powerful steps in the right direction. 

Where an industry moves as quickly as the tech sector does, the onus should be on companies themselves to identify and mitigate the core human rights risks of their products – and they must be held accountable for failing to identify and address these risks.  Mandatory human rights and environmental due diligence initiatives such as the EU’s Corporate Sustainability Due Diligence Directive (CSDDD), in combination with other, issue-specific tech laws, offer significant promise for a better-regulated industry.   

• 3-part webinar series: 10 years on: A call to concrete action for a powerful legally binding instrument (July, September & October)  

• 10th session of the Intergovernmental Working Group (16-20 Dec) 

New lawsuit profiles

Amazon.com lawsuit (re gender discrimination and retaliation, filed in the US): On 20 November 2023, three Amazon employees filed a class-action lawsuit against Amazon.com in the US. They allege that Amazon assigns lower job titles and salaries to female employees performing the same roles as higher-paid male colleagues, and that the company demoted them and reduced their responsibilities after they reported these issues. Amazon denies the allegations and has sought to dismiss the lawsuit.  

BNP Paribas lawsuit (re fossil fuel investment, filed in France): On 23 February 2023, three NGOs filed a lawsuit against BNP Paribas in France. The lawsuit alleges that BNP Paribas violated the French Duty of Vigilance Law by financing fossil fuel expansion. BNP Paribas denied the allegations and responded that its vigilance plan aligns with the French Duty of Vigilance Law. This is the world’s first climate lawsuit against a commercial bank. The case is ongoing. 

Booking.com lawsuit (re allegedly profiting from war crimes, filed in the Netherlands): In November 2023, NGOS filed a criminal complaint against Booking.com in the Netherlands. They accuse the company of allegedly profiting from listing rental properties in illegal Israeli settlements. The complaint alleges that Booking is introducing proceeds of crime into the Dutch financial system, therefore violating Dutch anti-money laundering rules. The case is ongoing. 

Cognyte Software lawsuit (re allegedly aiding and abetting crimes against humanity in Myanmar, filed in Israel): On 2 January 2023,  a complaint was filed with Israel’s Attorney General on behalf of more than 60 Israeli citizens and human rights activists against Cognyte Software for alleged complicity in human rights abuses due to a contract to sell intercept spyware to Myanmar's telecommunications firm just before Myanmar's February 2021 military coup. Despite Israel's claims of halting defense technology transfers to Myanmar, documents suggest that the deal occurred and involved technology used for extensive surveillance, raising concerns about violations of international human rights standards. The case is ongoing. 

Danone lawsuit (re plastic use and pollution, filed in France): On 9 January 2023, three NGOs filed a lawsuit against Danone in France for alleged breaches of the 2017 French Duty of Vigilance Law, due to plastic pollution. The lawsuit alleges that Danone failed to publish a vigilance plan and issued plans that were inadequate to address its plastic use. Danone rejects the allegations and maintains that its vigilance plan meets the legal requirements. The case is ongoing. 

Meta lawsuit (re failing to protect children’s mental health, filed in the US): On 24 October 2023, 33 States filed a lawsuit against Meta in California federal court. They allege that Meta’s platforms, including Facebook and Instagram, create environments that endanger younger users’ mental health. The lawsuit accuses Meta of prioritising profit over child safety by deliberately designing addictive features that attract and retain minors, despite evidence of negative impacts on their mental health. Meta denies the allegations. The case is ongoing. 

Updates to existing lawsuit profiles

BHP & Vale lawsuit (re dam collapse in Brazil, filed in Brazil): In 2015, two mining dams operated by Samarco Mineração SA, a joint venture of Vale and BHP, collapsed in Brazil. This led to multiple lawsuits filed in several countries. The lawsuits include allegations for negligence in operating the dam brought by shareholders and a claim for damages by the victims and their families. In July 2024, BHP and Vale announced that they agreed to equally share the costs of any damages from proceedings in the UK, Netherlands and Brazil, while denying liability for related claims.  

Chiquita lawsuits (re Colombia, filed in USA by Colombian nationals): After Chiquita admitted to financing a Colombian paramilitary organisation – the AUC - between 1997-2004, several lawsuits were filed against the company by family members of individuals killed and targeted by the paramilitary group. In June 2024, a jury found Chiquita liable for financing the AUC. The jury awarded USD38.3 million in damages to the families of the victims. Chiquita announced its intention to appeal the verdict. The appeal process is expected to take at least 18 to 24 months. 

NSO Group lawsuit (re hacking WhatsApp users): In 2019, WhatsApp filed suit in California against NSO Group, an Israeli spyware vendor, alleging that the company had hacked the WhatsApp server to plant Pegasus spyware on 1,400 user devices worldwide, targeting journalists, lawyers, religious leaders, and political dissidents. Plaintiffs argue this violates the US Computer Fraud and Abuse Act (CFAA) and California Comprehensive Data Access and Fraud Act. They seek damages as well as an injunction to prevent NSO Group from accessing WhatsApp computer systems. In February 2024, a judge ordered NSO Group to hand over its code, specifically instructing the company to provide relevant spyware code for the period spanning one year before the alleged targeting of WhatsApp users in 2019 until one year after the supposed attacks concluded in May 2020. The case is ongoing. 

Colombia: Attorney General will investigate alleged purchase and illegal use of Pegasus spy software, Reuters, 5 Sep 2024 

Indonesia: Supreme Court rules in favour of communities' petition to revoke environmental permit for Dairi zinc-lead mine, Mongabay, 5 Sep 2024 

Brazil: X suspended after not complying with Supreme Court order, 2 Sep 2024 

UK: Dyson's libel claim against Channel 4 & ITN for reporting on migrant exploitation in Malaysian factory abandoned after 2 years of court proceedings, Channel 4 News, 29 Aug 2024 

Germany: NGOs take legal action against EDEKA over alleged human rights abuses in its palm oil supply chain in Guatemala; incl. company responses, 27 Aug 2024 

France: Court of Appeal rejects appeal against agrochemical companies over Vietnam War use of Agent Orange, Politico, 22 Aug 2024 

Canada: First Nations Chiefs file legal action against Ontario Mining Laws, arguing unconstitutionality, mining.com, 14 Aug 2024 

Philippines: Global Witness condemns decision of Court of Appeals denying petition for protective writs to two land & environmental defenders, Global Witness, 13 Aug 2024 

US judge dismisses claims against six of the eight gunmakers Mexico sued for allegedly facilitating the trafficking of firearms to violent drug cartels, The Guardian, 8 Aug 2024 

Japan: Youth file first climate change lawsuit against 10 major energy companies, The Asahi Shimbun, 6 Aug 2024 

South Africa: 471 Batswana ex-miners compensated for occupational lung disease by gold mining cos.; although compensation delays remain for others, The Voice BW, 6 Aug 2024 

USA: Senate passes Kids Online Safety Act to protect minors from harmful online content, NPR, 3 Aug 2024 

USA: Amicus brief urges court to consider garment brand’s alleged violation of UNGPs in lawsuit over abrupt cancellation of purchase orders, Responsible Contracting Project, 29 Jul 2024 

USA: Ride-hailing workers can be treated as independent contractors, California Supreme Court rules, Financial Times, 25 Jul 2024

Brazil: Landowner ordered to pay $50 million for damage to the Amazon, case is the largest civil suit for climate crimes in the country, The Guardian, 25 Jul 2024  

Bougainville: More residents join class action over Rio Tinto's alleged mismanagement of Panguna Copper Mine, Asia Pacific Report, 24 Jul 2024 

USA: Baltimore plans to appeal dismissal of climate lawsuit against major oil companies, Baltimore Sun, 12 Jul 2024 

S. Korea: Prosecutors charge CEO for subcontractor’s heatstroke death, OhMyNews, 12 Jul 2024 

Ecuador: Locals ask court to cancel environmental permit for Curipamba-El Domo copper-gold mining project, mining.com, 11 Jun 2024 

Arms manufacturers and complicity in crimes against humanity in Gaza, Business & Human Rights Resource Centre, 13 Aug 2024 

Corporate responsibility to avoid complicity in genocide in Gaza, British Institute of International and Comparative Law, 21 Jun 2024 

Worker organising as a remedy for forced labour, Fordham Law School, 5 Jun 2024 

From Business and Human Rights Resource Centre

Accusations and actions: A decade tracking tech company responses to human rights allegations, 16 Sep 2024 

KnowTheChain: Good Practice Guide 2024, 13 Aug 2024 

From mining to renewable energy: Lessons learnt from benefit sharing legislation for a just transition in Africa, 6 Aug 2024 

Unjust transition on trial: Communities and workers litigate to shape corporate practice, 10 Jul 2024 

• We seek to engage with stakeholders involved in just transition litigation to build our Tracking Tool. Please contact us to submit a case for our consideration at: cla[at]business-humanrights.org 

From other organisations

Guide with policy recommendations for actors involved in transposition of EU CSDDD, ClientEarth and Frank Bold, 19 Sep 2024 

Climate-focused lawsuits against fossil fuel companies are on the rise, report finds, The Guardian, 12 Sep 2024 

UK: Global Witness draws attention to the wide-scale criminalisation of climate activists, Global Witness, 18 Jul 2024 

Binding Business to Human Rights, Rosa-Luxemburg-Stiftung, 9 Jul 2024 

2024 WBA Social Benchmark finds 90% of world’s most influential companies lag behind on ensuring human rights, decent work & ethical conduct; incl. lessons for CSDDD, World Benchmark Alliance, 2 Jul 2024 

Report: From silence to strength: A regional response to SLAPPs in the Western Balkans, Balkan Civil Society Development Network, 2 Jul 2024