The Growth Of Norwich Pharmacal Orders: Part I - An Evolving Litigation Tool

• Published date: 12 August 2021
• Subject Matter: Litigation, Mediation & Arbitration, Trials & Appeals & Compensation
• Law Firm: William Fry
• Author: Mr Paul Convery and Adele Hall

A Norwich Pharmacal order (NPO) is generally used to discover the identity of a wrongdoer from a third party. It is an exception to the rule that discovery can only be sought when proceedings are closed. Proceedings are instituted against the third party for the sole purpose of obtaining an order identifying the unknown wrongdoer. An NPO typically directs the third party to disclose information to the applicant about the wrongdoer's identity.

In Ireland, a party seeking an NPO must establish a very clear and unambiguous case of wrongdoing (see Megaleasing UK Ltd v Barrett (No. 2) [1993] 1 I.L.R.M. 49) and proof of wrongdoing in respect of each element of the tort complained of (O'Brien v Red Flag Consulting Limited [2015] IEHC 867).

NPO's and emerging technologies

The NPO arose out of a UK decision in Norwich Pharmacal v Customs and Excise Commissioners [[1974] AC 133. It has developed in recent times to suit our increasingly digital world. With remarkable foresight in 2002, Lord Woolf commented on the use of NPOs in Ashworth Hospital v MGN Limited [2002] UKHL29:

"New situations are inevitably going to arise where it will be appropriate for the jurisdiction to be exercised where it has not been exercised previously. The limits which applied to its use in its infancy should not be allowed to stultify its use now that it has become a valuable and mature remedy."

Earlier this year, the Irish High Court granted an NPO to an American businessperson to assist him trace stolen cryptocurrency, a portion of which had found its way to an account hosted by the Irish based defendant, Coinbase Europe Limited.

Another recent application initiated by the Health Service Execution (HSE) against Chronicle Security Ireland (Chronicle), concerned data and confidential material obtained by "parties unknown" in a cyber-attack on the HSE. The HSE was granted an NPO which required Chronicle to provide subscriber details of persons who uploaded and downloaded the confidential material taken in the cyber-attack to its malware analysis service "VirusTotal".

Further development

There is scope for the use of NPO's to evolve further. In Board of Management of Salesian Secondary College (Limerick) v Facebook Ireland Limited [2021] IEHC 287, the applicant school sought an order to compel Facebook to identify those behind an Instagram account. The account allegedly published objectionable content relating to individuals and events at the school. Unusually, the school sought the NPO for...