We have been covering the 21st Annual Corporate Counsel Conference in New York these last two day’s, this year’s focus being the wide range of legal, economic and business challenges faced by in-house department leaders in today’s economy. The conference is presented by Corporate Counsel magazine, in conjunction with Incisive Media Conferences and Trade Shows.
The topics include the “usual suspects”: the impact of the Obama Administration, the future of antitrust law, IP and the global economy, globalization and the legal function, international e-discovery, new SEC, DOJ, FTC, FDIC initiatives, etc.
One of today’s sessions was led by Mayer Brown and was devoted to managing international e-discovery conflicts and discussed the issues when liberal U.S. discovery rules meet foreign data protection laws.
Mayer Brown posited the followng scenario:
Scenario: A multinational corporation is a defendant in a products liability action in a US federal court. During discovery, the plaintiffs request production of relevant emails from employees of an overseas affiliate of the defendant who are stationed in the Netherlands, France and Germany.
They then gave an overview, and details, on the discovery issues associated with foreign data protection laws and they made the following points:
1. Foreign data protection laws present unique and potentially serious issues for multinational companies involved in government investigations or civil discovery. Whereas the principal e‐discovery challenges within the United States involve how a party can best meet its obligations to preserve, collect, review and produce relevant data, an increasing number of foreign jurisdictions prohibit or restrict these very activities.
2. This presents significant practical hazards as e‐discovery instincts that might seem standard within the United States – such as collecting and reviewing a broader collection of data than might be strictly required – could lead to violations of foreign law. US courts have, to date, been reluctant to relax parties’ obligations to respond to discovery, even where compliance with US discovery obligations might result in a violation of foreign law.
3. At the root of these conflicts between US and foreign law are differing fundamental approaches to two
key questions:
Pretrial Discovery: Whereas US rules of civil procedure permit broad pretrial discovery with minimal
participation by the court, most other countries have much more restrictive views of the proper scope (and
cost) of civil discovery, and often require direct court involvement in discovery.
Employee Privacy: Whereas US employees are generally deemed not to have an “expectation of privacy”
with respect to email and other data created and stored on an employer’s computer system, this view is
not widely shared overseas.
4. In recognition of these differences, and in some cases for the express purpose of protecting citizens from
the burdens of litigation discovery, many foreign countries have enacted strict privacy regulations and
discovery “blocking” statutes.
5. The most prominent such regulation is the European Union’s data protection directive. Adopted in 1995,
the directive, together with the implementing laws of the various EU member states, restricts the
“processing” and overseas transfer of “personal data.”
6. The definitions of “processing” and “personal data” are broadly worded, and might be read to restrict even the preservation of data (as well as any subsequent filtering and review) and to apply to any document that contains so much as an individual’s email address.
7. While a number of exceptions may permit the processing and transfer of data under some circumstances
(e.g., unambiguous consent of the individual in question, or where it is necessary for the purposes of
“legitimate interests” of the employer), the scope of these exceptions is the subject of significant
uncertainty.
There was a discussion of the steps to then be taken by a corporation. We will amend this posting with the actual handout which goes into more detail.