Whether the media is an encrypted text transmitted via Telegram X, a seemingly anonymous end-to-end encrypted message sent using Signal, an emoji string relayed though WhatsApp, or even a shared Snapchat image, businesses should consider whether an enforcer or litigation adversary may claim these communications are relevant, must be preserved, and potentially subject to disclosure in the proceeding. This possibility may seem a bit alarming given the sudden and unpredictable evolution of automatically deleting communication technologies—or perhaps not given the rapid rate at which messaging applications have proliferated and been adopted by both individuals and businesses alike. However, while technology changes at a rapid pace, it is a time-tested truism that the law sets its own pace and at times struggles to keep up—but eventually gets there.
This article addresses recent developments regarding the duty to preserve in antitrust litigation and investigations in the United States, European Union, and United Kingdom.
I. Enforcer Interest in Ephemeral Messaging
The United States competition agencies have for the last few years warned of potential risks companies face by failing to preserve information sent via ephemeral, or automatically deleting, messaging applications where the information is relevant to an antitrust investigation. The EC and the national member state regulators in the EU also have shown signs of concern. The United Kingdom’s competition agency, the Competition and Markets Authority (CMA), has not as of yet followed suit, but at least one civil court has condemned a failure to preserve WhatsApp messages.
A. The United States
The U.S. Department of Justice (DOJ) and Federal Trade Commission (FTC) have broadcast their concern over the adoption of ephemeral messaging systems in day-to-day business communications, highlighting the potential for vast amounts of information to be automatically deleted from those applications, possibly hampering their investigative efforts.
In September 2022, then United States Deputy Attorney General (DAG) Lisa Monaco put down a marker: companies’ abilities to preserve messages on ephemeral messaging applications can impact a prosecutor’s analysis of that corporation’s compliance and cooperation. Following this guidance, in March 2023, the DOJ’s Criminal Division stated that prosecutors would consider whether the use of messaging applications— and explicitly ephemeral messaging applications—impaired the company’s ability to adhere to its compliance program or respond fully to investigations and other requests from the agency. That same month, the DOJ and the FTC announced the formation of a joint-working group to consider revising language in grand jury subpoenas and civil investigative demands (CIDs) to specifically address ephemeral messaging.
Their efforts culminated in the agencies’ joint statement issued on January 26, 2024, in which they announced they would be updating the language in their standard document preservation letters and specifications for second requests, voluntary access letters, and compulsory legal process, to specifically address ephemeral messaging applications. Manish Kumar, then Deputy Assistant Attorney General of the Justice Department’s Antitrust Division, characterized these commonly used messaging applications as applications “designed to hide evidence,” an indicator of the agency’s hostility towards the technology and its capabilities.
This is not simply idle chatter. A few months later, in April 2024, the Federal Trade Commission accused Amazon and its top executives of using the application Signal to send messages about competitors and competition that were automatically deleted, despite a pending Federal Trade Commission investigation into the company for potential antitrust violations. The Federal Trade Commission alleged the company did not instruct its employees to preserve messages until more than a year after the start of the investigation.
Indeed, this would not mark the first time an agency has accused a company of using Signal to allegedly avoid agency scrutiny. In August 2021, the United States District Court for the District of Arizona granted the Federal Trade Commission’s motion for spoliation sanctions against the operator of an alleged pyramid scheme for encouraging his team to use Signal and other encrypted communications and their auto-delete functions after he learned the Commission was investigating him.
The current tenor of the agencies’ messaging is sounding a more dramatic tone, as they increase their interest in counsel’s role in monitoring the use of these platforms, with the DOJ warning that obstruction charges possibly could be brought for failure to produce ephemeral messages automatically deleted by these platforms.
The U.S. antitrust enforcement agencies are not the only ones baring their teeth over ephemeral messaging platforms. The Securities and Exchange Commission (SEC) has settled several orders against regulated entities for failing to maintain communications exchanged between employees through ephemeral messaging platforms, in violation of the agency’s record-keeping rules. One take-away from these recent events is that just as ephemeral messaging applications are here to stay, so too is agency scrutiny.
B. The European Union
In a sign that concerns about the use of messaging apps are also present across the Atlantic, the EC recently issued its first ever fine for the deletion of WhatsApp messages during an antitrust investigation. The fine totaled 15.9 million Euros, and was issued to International Flavors & Fragrances Inc. and International Flavors & Fragrances IFF France SAS, for obstruction of an EC inspection in 2023. The EC detected that during the inspection, a senior IFF employee deleted WhatsApp messages exchanged with a competitor that concerned business-related information, after having been informed about the inspection.
In explaining the decision, Margrethe Vestager, then-Executive Vice-President in charge of competition policy, emphasized that companies undergoing regulatory inspections must “ensure that employees do not delete or manipulate business records,” including “communications on mobile phones.” Vestager emphasized that the EC “will not tolerate” any action that could impact the effectiveness of their investigations.
C. The United Kingdom
Ephemeral messages have not yet been put under the same spotlight in the United Kingdom’s antitrust enforcement but have been prominently discussed in the context of misconduct proceedings of public officials in civil litigation, celebrities’ libel litigations, COVID-19 Inquiry’s demand of former Prime Minister’s WhatsApp messages, and in employment disputes.
II. Where We Are Now: Current Preservation Jurisprudence
A. The United States
The duty to preserve evidence is of common law origin. The duty has been codified in part in the Federal Rules of Civil Procedure (FRCP) and various procedural state laws. The duty most clearly arises after litigation is filed and a party is on “express notice” of their duty to preserve from the fact that they are or will shortly be in discovery. Some courts have found that this duty may arise prior to litigation if “a party should have known that the evidence may be relevant to future litigation.” Whether and at what point this duty attaches is a fact specific and debatable inquiry into one’s awareness that, among other considerations, the information to be preserved would likely be relevant to litigation.
1. The Federal Rules of Civil Procedure
FRCP 26(a)(1)(A)(ii) (Rule 26), which applies to all federal civil litigation, began to codify the duty to preserve evidence by directing parties to provide in their initial disclosures a description and the location of documents that may be relevant to their claims and defenses. The rule states that the parties are to identify electronically stored information (ESI) that is not reasonably accessible, although this does not relieve a party of its duty to preserve that inaccessible evidence. Parties are encouraged to informally discuss and resolve preservation issues early in litigation. Rule 26 serves to put the parties on notice of the scope of the common law duty to preserve, and encourages them to place document preservation at the forefront of their discussions and to resolve any associated issues early to limit any disruption to the trial process.
FRCP 37I is another procedural rule that codifies the duty to preserve, although it focuses on a party’s recourse for relief when the opposing party fails to preserve electronically stored information to the prejudice of the moving party. This provision allows the court to take steps necessary to cure prejudice resulting from a party’s failure to satisfy the duty to preserve, assuming that duty cannot be satisfied by additional discovery from other sources. A court may even take such extreme measures as to grant the moving party an adverse inference or dismiss claims or the case altogether. However, such measures typically would only come into play upon a finding that the party who failed to preserve documents did so with the intent to deprive the moving party of evidence to use during litigation.
FRCP 37I was first codified in 2006, when the use of ESI had become so ubiquitous and commonplace that the Advisory Committee decided intervention was needed to provide clarity. In justifying this change, the Committee cited the “distinctive feature of computer operations, the routine alteration and deletion of information that attends ordinary use” as the impetus for its action.
ESI presents different considerations than paper documents. Unlike the destruction of physical documents, which typically requires someone to purposefully move documents from a folder into a recycling bin or shredder, the destruction of ESI is done “often without the operator’s specific direction or awareness” as the process often is programmed to occur automatically and periodically in accordance with a business’ document retention policies. This automatic and unconscious process posed a particular problem for the common law rule which had not been developed with the ephemeral nature of ESI in mind.
The Committee’s first attempt at defining the contours of the duty to preserve as it relates to ESI were subject to significant criticism. In 2015, the Committee altered and expanded this rule to provide more detailed guidance on the scope of options available to a court in the face of “the continued exponential growth in the volume” of ESI in everyday business.
During this almost decade-long gap between the rule’s codification in 2006 and revision in 2015, many ephemeral messaging platforms were launched, including WhatsApp (November 2009), WeChat (January 2011), SnapChat (September 2011), Telegram X (August 2013), and Signal (November 2015). Microsoft Teams followed in March 2017.
2. United States: Recent Treatment of Ephemeral Messaging in Litigation
Courts grappling with motions for sanctions over a party’s asserted failure to preserve communications conveyed on ephemeral messaging platforms have largely continued to apply the same principles as they have to email communications, electronically stored data, and other forms of ESI, without distinguishing ephemeral messaging systems as posing distinct problems. Three recent cases are illustrative.
In a 2022 New York lawsuit alleging tortious interference and misappropriation of trade secrets, the plaintiff contended that the defendant had conducted most of its tortious conduct with the plaintiff’s employee over WhatsApp. A significant gap period existed during which messages exchanged were irretrievably lost, apparently due to user mistake, WhatsApp’s own preservation/deletion policies, and naturally deleted messages through the ordinary course of business. The plaintiff asked for, and was granted, an adverse inference that the deleted messages would show that payments made during this gap period were for sales impermissibly diverted from the plaintiff to the defendant.
To obtain this jury instruction, the plaintiff had to prove under New York law that the defendant both had a duty to preserve the WhatsApp communications and that the defendant (an individual) breached his duty. Relevant facts included that the defendant had upgraded his phone a month after the action commenced and gave his old phone to his assistant, who overwrote existing messages and data on the phone. Because litigation had already commenced, the court held that the defendant had a duty to preserve the WhatsApp messages and failed to do so when he upgraded his phone without saving the messages. The court also held that the other two elements of the spoliation claim—a culpable state of mind proven by gross negligence, and the loss of communications relevant to the case—were met.
In that same year, the District Court for the Central District of California likewise granted an adverse inference against a defendant who had deleted multiple Telegram X and WeChat messaging threads after receiving multiple cease-and-desist letters alleging copyright infringement, but before an action commenced. The court’s test was nearly identical to that of the state of New York, finding that to prove spoliation, a movant had to show (1) a duty to preserve, (2) a culpable state of mind, and (3) the relevance of the evidence.
The court found that the cease-and-desist letters made litigation reasonably foreseeable because they clearly identified a potential legal copyright claim. The court found a culpable state of mind because, while under the duty to preserve, the defendant took no affirmative actions to actually preserve the data. Finally, the court found the lost messages were likely highly relevant because they would have discussed the subject matter allegedly copyrighted.
The final illustration likewise concerns the duty to preserve prior to the commencement of an action in court, but ended with the opposite outcome. The plaintiff, seeking a declaratory judgment in an Illinois federal court that it did not enter a joint venture with the defendant, filed a Rule 37I motion seeking sanctions for the defendant’s deletion of his WhatsApp account. The defendant’s CEO deleted his account three weeks after his company had sent a demand letter to the plaintiff, and thus litigation arguably was reasonably foreseeable.
The magistrate judge first recommended that the district judge deny the motion as untimely, but in the alternative, held the motion for sanctions should be denied on the merits, because while the plaintiff showed the defendant failed to meet its obligations under the duty to preserve, it had not shown the defendant intended to deprive the plaintiff of evidence for use at trial. In particular, the judge found the plaintiff’s arguments about the defendant’s efforts to hide and minimize the deletions unavailing. Moreover, in finding that an adverse inference or other severe sanctions were inappropriate, the court noted that the plaintiff expressly disclaimed any argument it may have had to have been prejudiced by the account deletion.
These cases demonstrate that while courts in the United States—state and federal—generally apply a similar framework to the duty to preserve ephemeral messages, they may reach very different conclusions based on the particular facts of the case, underscoring that the duty to preserve requires a fact-intensive inquiry. Litigants and potential litigants should consider taking timely and appropriate preservation steps to minimize risk against side litigation (and/or a negative result) over alleged spoliation.
B. The European Union
In the European Union, the EC investigates suspected and alleged breaches of the EU’s rules on anti-competitive agreements and abuse of a dominant position. Appeals of its decisions are made to the General Court (GC) and the Court of Justice of the EU (CJEU).
In the EU sanctions may be imposed for non-compliance with document production requests by the EC during its investigations. When a company receives a Request for Information (RFI) from the EC under Article 18(3) of Regulation 1/2003, the company has a duty to provide a complete response. This implies that it cannot delete documents responsive to the RFI after it has received the RFI. If it does, it risks a fine for failure to produce a complete response.
Furthermore, companies have a general “duty of care” to ensure “the proper maintenance of records in their books or files of information enabling details of their activities to be retrieved, in order, in particular, to make the necessary evidence available in the event of legal or administrative proceedings.”
Once an EC investigation begins and a company has been notified that it will be inspected, this general duty of care implies that the company should “preserve the evidence available to it.”
The EC’s inspections guidance notes that this “duty to preserve evidence” extends beyond the on-site inspection, citing Qualcomm.
Qualcomm involved litigation commenced by the semiconductor manufacturer after the EC found in a preliminary conclusion that it had sold its chipsets below cost with the aim of forcing competitor Icera out of the market. Subsequent to its preliminary conclusion, the EC had sent Qualcomm an RFI and later a formal Decision which required Qualcomm to provide specified information. Qualcomm applied to the EU’s General Court for an action for annulment of the Decision, arguing that it faced practical difficulties in conducting its defense due to the difficulty of obtaining some of the requested information and could not access it because its records were not organized in a systematic way, it not being legally obliged to keep financial records for more than three and a half years.
The General Court (Second Chamber) held that while undertakings cannot be obligated to provide documents no longer in their possession and which they are under no legal requirement to maintain, the general duty of care still applies. From at least the moment of receipt of a request from the EC, a company must act with greater diligence and “take all appropriate measures to preserve such evidence as might reasonably be available to them.”
In an example of the “greater diligence” required, in a case involving pharmaceutical companies, the General Court (Fourth Chamber) held that the initiation of an EC inquiry into their sector was a factor that “well-informed and seasoned operators” in the sector must have been aware of, and that its initiation should have lead them to “take precautions against the loss, due to the passage of time, of evidence that might prove to be useful to them in the context of subsequent administrative procedures or judicial proceedings.”
Companies should consider that if they do not adhere to this duty of care, they risk weakening their ability to defend themselves in subsequent legal proceedings in the EU courts. They may have less documentary evidence to use for support of their defenses in the face of allegations of breaches of the antitrust laws, and they may face judges who are unsympathetic to arguments that records did not legally have to be maintained.
1. Growing Interest in Ephemeral Messaging
As explained above, in June 2024, the EC fined a company 15.9 million Euros after discovering that an employee had deleted WhatsApp messages after the company had been informed about the EC’s inspection of their premises in 2023. Unlike the U.S. agencies, the EC has not yet explicitly included ephemeral messages or messages that can be easily deleted under a definition of “messaging” in its guidance documentation. However, when taken with the legal requirements to provide complete responsive documents to RFIs, and the general duties to properly maintain records once an investigation begins, the IFF case indicates that the EC will likely be unsympathetic to companies which fail to produce responsive materials stored on messaging platforms.
There is also a growing awareness of the issues involving the preservation of ephemeral messages at the national level. In 2019, the Netherlands’ competition regulator, the “ACM,” announced that it had imposed a fine amounting to 1.84 million Euros against a company for obstructing an on-the-spot inspection. ACM indicated that relevant statutes were violated by the employees of the respective company, who deleted WhatsApp chat conversations and left several WhatsApp groups during the on-the-spot inspection. In a press release, the ACM further emphasized that “[a]ll companies are required to co-operate with ACM investigations, and that evidence cannot be destroyed, withheld or disposed of.”
It is anticipated that national regulators of the EU’s member states, and eventually the EC itself, will address the applicability of the duty of care and the duty to preserve evidence in ephemeral messaging, as these concepts continue to raise practical difficulties for regulators in their investigations.
2. Ephemeral Messages in the Context of Leniency
The EC’s leniency policy requires leniency applicants to provide full and sincere cooperation as one of the conditions for obtaining leniency. This includes that the applicant should provide the EC promptly with all relevant information and evidence relating to the alleged cartel conduct that comes into its possession or is available to it, and that the applicant shall not destroy, falsify or conceal relevant information or evidence relating to the alleged cartel. While this obligation applies only from the moment a leniency application is submitted to the EC, the leniency policy also requires companies that are contemplating filing an application ‘not have destroyed, falsified or concealed evidence of the alleged cartel nor disclosed the fact or any of the content of its contemplated application’.
Therefore, from the moment a company starts contemplating filing a leniency application with the EC, it should consider putting in place reasonable measures to preserve all potentially relevant information, including any relevant messages on ephemeral messaging platforms. In practice, companies typically institute document holds and issue document retention orders to relevant employees at the start of an internal investigation and they should consider whether these efforts also appropriately cover any ephemeral communications. It is important, however, to consider taking steps prior to the filing of an application in a way that minimizes the risk of ‘tipping off’ other participants in the cartel.
C. The United Kingdom
The origins of the duty to preserve can be found in the common law of England, in an eighteenth century case which demonstrated the unfairness of a litigant benefiting from the destruction of evidence. After overhauling reform to the British civil litigation system at the end of the twentieth century, a duty to preserve was codified in the UK’s Civil Procedure Rules (CPR), which entered into force in 1999. The principles in the CPR were influential on the subsequently created rules of procedure for competition litigation in the UK’s Competition Appeal Tribunal (CAT), although the CAT does not have a codified duty to preserve.
During the same period, the United Kingdom’s legislative framework for antitrust was updated, with the introduction of the Competition Act 1998 and the Enterprise Act 2002. These statutes, as well as subsequent guidance from the Competition and Markets Authority, introduced sanctions for non-compliance with document production requests by the regulator in its investigations of alleged infringements of competition law. More recently, the United Kingdom’s new Digital Markets, Competition and Consumers Act 2024 (the “DMCCA”) has enhanced document preservation duties in the context of CMA investigations, introducing the concept to the CMA’s digital markets regime.
We review the application of the duty to preserve in each of these arenas below, noting slight differences in application.
1. Civil Courts
In civil courts, the general rule is that lawyers must advise their clients to preserve disclosable documents as soon as litigation is contemplated, including in relation to electronic documents “which would otherwise be deleted” according to a document retention policy or in the ordinary course of business. The types of relevant electronic data include “metadata and other embedded data” and “active or online data,” such as cloud storage (i.e., OneDrive and GoogleDrive).
During standard disclosure, there is a requirement that a party must make a “reasonable” search for the relevant documents. What is “reasonable” depends on the number of documents, the complexity of the proceedings, the significance of any documents likely to be located, and, importantly for electronic documents, the ease and expense of their retrieval. Generally, the parties are encouraged to agree on the disclosure of electronic documents in a “proportionate and cost-effective manner.”
United Kingdom civil courts have already been grappling with ephemeral messaging preservation issues. In 2021, in F&T Terrix Ltd, the judge said that he was “unable to accept [witnesses’] vague assertions that they had been unable to produce [WhatsApp] messages due to having replaced their smartphones.”
In this case, the claimant alleged the defendant failed to deliver nitrile protective gloves. The defendant argued, inter alia, that their supplier had asked them to increase their minimum order “at the last minute,” but stated that their dealings with their supplier had been mostly by WhatsApp messages. Consequently, the WhatsApp messages would have been highly relevant information in support of their defense. The claimant was ultimately awarded judgment, and the lack of disclosure by the defendant was a significant factor in the outcome of the case.
Other risks that may arise from a failure to preserve evidence include satellite litigation (i.e., new court actions, related to a main piece of litigation but focused on compliance with civil procedural requirements rather than the substance of the case), undermining witness credibility, adverse inferences, a requirement from the court to prepare and serve a further disclosure statement, the striking out of all or part of the client’s case, wasted costs orders or even SRA sanctions for the lawyers involved.
2. The Competition Appeal Tribunal (CAT)
The CAT Guide to Proceedings does not contain an explicit “duty to preserve” like the CPR. However, the CAT’s rules “pursue the same philosophy as the CPR” and many of its rules are “modeled on the CPR.” In private actions, where a rule mirrors the CPR, the CAT would generally expect “to interpret that rule in the same way as the High Court or Court of Appeal” and the CPR is viewed as “useful guidance.”
The CAT must “limit disclosure or inspection of evidence to that which is proportionate,” and will determine applications for disclosure or inspection by considering the legitimate interests of the parties and third parties concerned, the extent to which the claim or defense is supported by available facts and evidence justifying the request, the scope and cost, and whether the evidence sought contains confidential information.
3. The Competition and Markets Authority
Until 2024, there was no general duty to preserve documents at the outset of a CMA investigation into an alleged infringement of the United Kingdom’s prohibitions of anti-competitive agreements and abuse of a dominant position. Rather, the CMA could require a person to produce specified documents, and at that point documents would need to be preserved. If a person having received such a request intentionally or recklessly destroys, disposes of, falsifies or conceals the documents, or causes or permits the same, they could be guilty of an offense.
Equivalent powers and offenses exist in the context of the CMA’s criminal investigations into cartel arrangements. However, under amendments introduced by the UK’s new competition legislation, the DMCCA, businesses must now preserve documents relevant to a CMA investigation where they know or suspect that an investigation by the CMA is being, or is likely to be, carried out.
Furthermore, in January 2024 a Court of Appeal judgment affirmed that the CMA can require overseas companies to produce documents in these investigations. Although the latter point remains subject to an appeal to the Supreme Court, taken with the reforms in the DMCCA, these developments mark a significant step in the evolution of the duty to preserve evidence in the realm of competition law in the United Kingdom, by codifying the duty in the context of CMA investigations into anti-competitive agreements and anti-competitive conduct.
The DMCCA has also introduced the duty of preservation into entirely new fields. The Act sets out the core rules of the CMA’s new regime for digital markets. The CMA’s new powers in this area include the ability to designate, after investigation, undertakings with digital activities with substantial market power as having “Strategic Market Status” (SMS). An undertaking’s SMS status enables the CMA to impose tailored conduct requirements on it and ultimately, after investigation, to make orders as to how it should conduct itself if the CMA considers that it is proportionate to remedy, mitigate or prevent an adverse effect on competition (pro-competitive interventions (PCIs)).
The Act has introduced a duty to preserve information for:
- those who know or suspect that a PCI investigation is being or is likely to be carried out in relation to an undertaking;
- a person who is connected to an undertaking that is not designated and knows that it is the subject of an initial SMS investigation;
- a person who is connected to an undertaking that is designated and knows that it is subject to a further SMS investigation; and
- a person who is connected to an undertaking and who knows or suspects that the CMA is assisting, or likely to assist, an overseas regulator in carrying out, in relation to that undertaking, any of its functions similar to the functions of the CMA in the digital markets part of the Act.
The CMA has not recently released guidance on ephemeral messaging preservation duties. However, considering the recognition of the duty of preservation in litigation in both of the United Kingdom’s main forums for competition cases, and its recent expansion into the rules on CMA investigations, it is likely that the CMA will address the applicability of the duty to preserve to ephemeral messaging in the near future.
In the context of leniency, the CMA’s leniency policy contains requirements like those in the EC’s leniency policy discussed above as to the obligation to produce all relevant information and take reasonable steps to secure information at the internal investigation stage. Helpfully, the CMA’s policy provides concrete guidance on internal investigations in Annex C of the leniency policy.
III. Conclusion
Courts in the United States have generally carried on business as usual in applying the current framework for evaluating parties’ preservation duties for communications made using ephemeral messaging platforms. The European Union similarly has well-established duties of preservation. The United Kingdom’s long history with evidence preservation has been more variable, with the codified duty to preserve evidence in civil litigation exerting an influence on regulatory investigations. The United Kingdom has only recently codified the duty to preserve with respect to antitrust investigations.
The duty to preserve ephemeral messages is near or already here, depending on jurisdiction and situation. Yet technical evolution continues apace. Will a duty apply to preserving non-human interconnections such as AI-enabled computers connected with one another without direct human intervention? What will need to be preserved, when, and how?
A further question for businesses is how they should be structuring their employment contracts to address the separation of personal and business messaging, particularly on devices used for dual purposes. Ensuring that companies retain ownership of, or at least the right to require production of, ephemeral messages on such devices is a critical component in future compliance strategies.
It’s worth repeating: While technology changes at a rapid pace, it is a time-tested truism that the law sets its own pace and at times struggles to keep up—but eventually gets there.
