eDiscovery Daily Blog

eDiscovery Case Law: U.S. Court Rules on ECPA Protection of Emails in the Cloud


An October 3 decision by the Ninth Circuit Court of Appeals offers new clarity in defining and protecting the eDiscovery rights of non-U.S. nationals using U.S. services online, by ruling that emails stored on servers located within the U.S. are protected by national laws on ESI.

In Suzlon Energy Ltd v. Microsoft Corporation, the court determined that holders of online accounts whose servers are located in the U.S., regardless of their location or nationality, are protected by the Electronic Communications Privacy Act of 1986, commonly known as the "ECPA." The ECPA ensures that the disclosure of emails by electronic communication service providers is limited and restricted to specific circumstances.

The Suzlon case originated out of an Australian case brought by an Indian company (Suzlon) against an Indian defendant, Rajagopalan Sridhar and put the Ninth Circuit Court's opinion on the reach of the ECPA to the test.

  • The plaintiff's legal counsel sought access to emails in the defendant's Hotmail account, stored on Microsoft servers located in the U.S.
  • The defendant did not provide consent for his emails to be used in discovery, nor did Microsoft consent to release the emails in question.
  • Microsoft's objection brought the case before the U.S. District Court for the Western District of Washington and later before the Ninth Circuit Court of Appeals, both of which agreed that the emails were protected by the ECPA.
  • Despite the plaintiff's and defendant's Indian nationality, and the fact that the suit in question was Australian, the U.S. court ruled in a manner that creates a powerful precedent for future lawsuits related to electronic communication providers whose servers are located in the U.S. As a result of this case, it has become clear that any users with accounts in U.S.-held cloud services will be subject to the same protections under the ECPA as a U.S. citizen.

So, what do you think? Does this ruling offer fair and sensible protect to U.S.-based companies and the users of their cloud services, or does it unnecessarily complicate the field of international eDiscovery? Please share any comments you might have or if you'd like to know more about a particular topic.