Back
2021 International Arbitration Survey: Adapting arbitration to a changing world
Small bonsai in a remote lake
Insight

Sustainability and information security: Opportunities and challenges

There has been increased focus on the environmental impact of international arbitration in recent years. Reducing the environmental impact of international arbitration is a serious objective but how 'green' are arbitration users willing to go in practice?

SUMMARY

  • Respondents show a willingness to adopt paperless practices, such as production of documents in electronic rather than hard-copy form; providing submissions, evidence and correspondence in electronic format; and the use of electronic hearing bundles. Many respondents would also welcome more 'green' guidance, both from tribunals and in the form of soft law.
  • While the environmental benefits of remote participation rather than in-person participation are recognised, this is not the primary motivation behind the decision as to whether interactions should be remote or in-person.
  • There appears to be increasing awareness of the need to embrace 'greener' practices. However, the overall message from respondents is that the reduction of environmental impact is a welcome side-effect of their choices throughout the arbitral process, rather than a priority in and of itself.
  • Even though users generally acknowledge data protection issues and regulations may have an impact on the conduct of arbitrations, the extent and full implications of that impact are not understood by all. 34% of respondents predicted that data protection issues and regulations have 'limited impact at present but [this is] likely to increase'.
  • Only around a quarter of respondents said they have 'frequently' or 'always' seen cybersecurity measures being put in place in their international arbitrations. The majority (57%) encountered such measures in less than half of their cases.
  • The IT security measures and tools most used or recommended by respondents include 'cloud-based platforms for sharing electronic or electronically submitted data'; 'limiting access to prescribed individuals'; 'data encryption'; and 'access controls, e.g., multi-factor authentication'. Almost half of the respondents recommended the use of 'secure/professional email addresses for arbitrators rather than web-based email providers (i.e., no Gmail, Yahoo, Hotmail, etc.)'.
  • Respondents appreciate being able to rely on specialist IT support and systems to ensure robust cybersecurity protections are in place.
  • Although there are encouraging signs that users are mindful of cybersecurity issues and the need to address them, there is nonetheless ample scope for more engagement on this front.

The increasing use of technology also offers other opportunities and challenges for international arbitration. In particular, there has been increased focus in recent years on the environmental impact of international arbitration, and concerns surrounding cybersecurity and data protection issues and how to address them. We sought to explore how each of these topics are viewed and dealt with in practice by users.

The amount of consideration given to cybersecurity in arbitrations depends in large part on the nature of the dispute, and the interests and identity of the parties

 

34%

of respondents expect that while data protection issues and regulations have limited impact now, they are likely to increase in importance in the future

 

How 'green' are our arbitrations?

Reducing the environmental impact of international arbitration is a serious objective. But how 'green' are arbitration users willing to go in practice? We aimed to shed some light on this by presenting respondents with a list of options that are used, or potentially could be used, to reduce the environmental impact of international arbitration. For each option, respondents were asked to indicate whether they had experience of using that measure. They were also asked whether they thought the measure should be used. Respondents did not have to have experience of using any given option in order to express their view of whether it should be used.

It may seem surprising that, as detailed further below, even for the measures that respondents indicated they had used most, a lesser percentage of respondents in each case suggested that they should be used. A possible explanation for this came to light in the course of the interviews. The majority of interviewees on the topic explained that they had mistakenly understood that if they had used a given measure, they did not then need to specify whether they also thought it should be used. While this was not the case for all respondents, the findings from this enquiry must be assessed in light of this misunderstanding.

The most commonly used measures included 'production of documents in electronic rather than hard-copy form in document production exercises', providing 'submissions, evidence and correspondence in electronic format rather than in hard copy' and 'use of electronic rather than hard-copy hearing bundles'. Each of these options were chosen by around half of the respondents (between 48% and 55% in each case). All three options also ranked highly as measures that respondents felt should be used (between 38% and 40% in each case).

Interviewees favoured a move towards more paperless practices although, while they welcomed the environmental benefit, they often focused more on the cost and efficiency of these measures. They expressed surprise that it should still be considered necessary to print multiple copies of hearing bundles, emphasising that it is important to 'think before you print'. They preferred making the choice themselves on whether or not to print documents, rather than expecting by default to be sent paper copies. Some suggested that going paperless should be an opt-out rule, at least for disputes under a certain monetary threshold.

Environmental sustainability was confirmed as a factor that influenced users' choice of a virtual rather than in-person interaction.45 'Procedural conferences held via telephone conference, videoconference or virtual hearing rooms', 'meetings with clients and witnesses via telephone conference', 'video-conference or virtual hearing rooms rather than in person', 'substantive hearings held via video conference or virtual hearing rooms' and 'witness evidence being given via video conference or virtual hearing rooms' were all measures that significant numbers of respondents both reported having experienced and thought should be used. Indeed, 'procedural conferences held via telephone conference, video-conference or virtual hearing rooms' was one of the most commonly experienced measures, identified by 53% of respondents. However, although the environmental benefits of remote participation were recognised, interviews revealed that this was not the primary motivation behind the decision as to whether interactions should be remote or in person.

There is a general awareness of the potential financial consequences of non-compliance, but the exact implications of existing data protection regulations are far from understood

'Adoption of soft law instruments and guidance, e.g.,The Pledge for Greener Arbitrations' emerged as another measure that a large number of respondents thought should be used (40%). Reflecting that this fell short of a majority view, opinions expressed in interviews diverged. Some interviewees praised the importance of these initiatives. Others were more sceptical, urging the avoidance of over-regulation through soft law. Interestingly, a number of interviewees felt institutions being more proactive in encouraging reduction of environmental impact would be more effective than soft law. Several interviewees agreed that, at least for administered arbitrations, arbitral institutions could take the lead by modifying their rules in order to provide that written submissions and supporting evidence should be submitted in electronic form only, unless otherwise ordered by the tribunal. On that note, while very few respondents have had experience with 'specific directions from arbitral tribunals in relation to reducing environmental impact' (13%), they would welcome more direct guidance from arbitrators (40%).

There appears to be increasing awareness of the need to embrace 'greener' practices. However, the overall message from respondents is that the reduction of environmental impact is a welcome side-effect of their choices throughout the arbitral process rather than being a priority in and of itself.

9%

Only 9% of our respondents felt that data protection regulations have negligible impact on the conduct of arbitrations

27%

of respondents have seen cybersecurity measures used in more than half of their cases over the past three years

 

Data protection: How much do we actually know?

We asked respondents to indicate how much impact they consider data protection issues (e.g., obligations under the EU General Data Protection Regulation (GDPR)) have on the conduct of arbitrations. We sought to identify both when they thought data protection issues would be of relevance to their arbitrations, and the degree to which they have an impact. They were asked to select all options that they deemed applicable from the following: 'depends on who is involved in the arbitration'; 'depends on the nature of the dispute'; 'limited impact'; 'limited impact at present but likely to increase'; 'negligible impact and significant impact'.

Inevitably, options including the word 'depends' were popular. Half of the responses (51%) indicated that it 'depends on who is involved in the arbitration' and just under that threshold (44%) that it 'depends on the nature of the dispute'.

With regard to the extent to which data protection issues were thought to have an impact, 34% of respondents predicted that they have 'limited impact at present but likely to increase'. Only 13% felt that they have 'significant impact', and 9% voted for negligible impact. These results may indicate a lack of familiarity with the reach and applicability to international arbitration of many data protection regimes that are in place around the world.

It is interesting to note that although we only referred to the GDPR as an indicative example in the question, an overwhelming number of interviewees, across all regions and roles, expressly referred to this EU legislation when discussing data protection. Interviewees explained that they felt the GDPR in particular had brought the issue of data protection to the fore. As one observer stated, the GDPR 'put the issue of accountability in data processing operations in the context of arbitration on the table'. The large fines potentially payable for non-compliance was thought to be a major factor in drawing attention to data protection issues.

Most tellingly, the interviews revealed a general awareness of the potential financial consequences of non-compliance, but the exact implications of existing data protection regulations are far from understood. Very few interviewees revealed extensive understanding of the issues and the measures required to address them. The vast majority of interviewees indicated that they delegated all responsibility for data protection to others in their organisations (such as data protection officers) where they had the ability to do so. Most confessed they had no direct experience of grappling with data protection issues in their arbitrations. Others voiced their dissatisfaction with what they saw as an unnecessary new layer of complexity added to proceedings. They felt that arbitration proceedings should be exempted from the scope of data protection regulations.

Ultimately, the prevailing theme that emerged was that users generally acknowledge there is an impact. However, they find it hard to define exactly what that impact is and what it might mean in practical terms both for them and their arbitrations.

 

The cybersecurity conundrum

We asked respondents how often, over the previous three-year period, they had experienced measures being put in place in international arbitrations to protect the confidentiality and security of electronic or electronically submitted data. They were asked to choose from one of four options: 'always', 'frequently (i.e., more than half of the cases)', 'sometimes (i.e., less than half of the cases)' or 'never'.

The responses were mixed: Only around a quarter of respondents said they have 'frequently' (18%) or 'always' (9%) seen cybersecurity measures being put in place in their international arbitrations. The majority said they only encountered such measures in less than half of their cases (57%), while a further 16% of respondents said they have 'never' seen such measures put in place. 

A significant number of interviewees pointed out that the amount of consideration given to cybersecurity in their arbitrations depends in large part on the nature of the dispute, and the interests and identity of the parties. For example, interviewees thought cybersecurity was likely to be a significant concern when a dispute involved a state or public interest issue. 

We then explored which specific cybersecurity measures respondents have experienced being used, or think should be used. Respondents were provided with a list of measures. For each option, respondents were asked to indicate whether they had experience of using that measure. They were also asked whether they thought the measure should be used. Respondents did not have to have experience of using any given option in order to express their view of whether it should be used.46

The measure that respondents reported using most was 'cloud-based platforms for sharing electronic or electronically submitted data' (42%), suggesting that their adoption has become a relatively standard practice for many arbitration users. Around a third of respondents reported seeing the use of various concrete IT security measures and tools: 'limiting access to prescribed individuals' (37%), 'data encryption' (33%) and 'access controls, e.g., multi-factor authentication' (32%). Interviewees acknowledged that it is obviously easier to ensure robust cybersecurity protections are in place when they can rely on dedicated IT support and systems to facilitate this. As numerous interviewees were at pains to point out, they are not themselves IT specialists. In some cases, but not all, this support was available from within an interviewee's organisation. Support from other sources was also mentioned—22% of respondents said they had used 'platforms or technologies provided or controlled by the arbitral institution'. Interviewees confirmed that they welcomed this development. It appears that the provision by non-parties, or even external vendors, of support for cybersecurity measures would help ensure a consistent level of security and risk management for all participants.

Measures involving discussion amongst participants and guidance or input from arbitrators, institutions and other sources were less commonly encountered. Most options of this kind scored between 20% and 28%, with only 10% of respondents having experienced the 'adoption of soft law instruments and guidance'.

When it comes to measures that respondents thought should be used, almost half (47%) advised the use of 'secure/professional email addresses for arbitrators rather than web-based email providers (i.e., no Gmail, Yahoo, Hotmail, etc.)'. This was an area of concern flagged by some counsel in interviews. While they acknowledged this is a declining practice, they voiced their discomfort that some arbitrators continue to use web-based email notwithstanding the associated risks.

Other measures which garnered significant support (each chosen by between 36% and 44% of respondents) as options that should be used included: 'access controls, e.g., multi-factor authentication', 'platforms or technologies provided or controlled by the arbitral institution', 'guidance or protocols from institutions', 'adoption of soft law instruments and guidance, e.g., ICCA-New York City Bar-CPR Protocol on Cybersecurity in International Arbitration', 'cloud-based platforms for sharing electronic or electronically submitted data', 'data encryption', 'limiting access to prescribed individuals', 'specific directions from arbitral tribunals' and 'bespoke agreed protocols between the parties'.  These are encouraging signs that users are mindful of cybersecurity issues and the need to address them. There is nonetheless ample scope for more engagement on this front.

 

Click here to download Sustainability and information security: Opportunities and challenges (PDF)

 

45 'Less environmental impact than in-person hearings' was identified by 34% of respondents as one of the main advantages of virtual hearings (Chart 15); 24% of respondents said 'environmental sustainability' was a factor that would make them more likely to choose a virtual rather than in-person format for hearings (Chart 18).
46 As with a previous question (see pp.28-29 and Chart 19), a significant number of interviewees on the topic explained that they had mistakenly understood that if they had used a given measure, they did not then need to specify whether they also thought it should be used. While this was not the case for all respondents, the findings from this enquiry should be read in light of this misunderstanding.

 

PREVIOUS CHAPTER
Use of technology: The virtual reality

NEXT CHAPTER
Appendices

FULL MAGAZINE
2021 International Arbitration Survey: Adapting arbitration to a changing world

 

This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2021 White & Case LLP