eDiscovery Daily Blog

• July 14, 2011

 

US lawsuits are very public, involving discovery and other public disclosures that go against the cultural traditions and laws of many nations in other parts of the world. In the European Union (EU), for instance, many countries have privacy protection laws that forbid the disclosure of "personal information" – and the definition of personal information here can mean anything from addresses and phone numbers to even the names of individuals if they are used in work reports and business documents.

Despite the complications created by these privacy laws, US courts will apply the Federal Rules of Civil Procedure to non US entities if it has jurisdiction over them.  Nonetheless, litigators often find themselves in a bind where they must either impel evidence through means that are potentially illegal in the country of the non US entity, or lose traction in a US-based lawsuit. That means lawyers pursuing discovery in foreign locales often must take pains to familiarize themselves with the laws of the country and province where they are seeking information.

• The EU Data Protection Directive does not forbid the transfer and processing of electronically stored information (ESI), but it does complicate the process considerably where it corroborates other European data protection laws.
• US companies and litigators may legally request and receive documents protected under the Data Protection Directive if the company is a member of the US Department of Commerce Safe Harbor, a group whose mandate is based on seven key principles of data protection.
• Even where the Safe Harbor and Data Protection Directive allows US companies to access information for pre-trial discovery, the laws of specific EU states may not permit businesses to disclose information without being subject to harsh penalties for violating national privacy laws.

Although US courts don’t always recognize the limitations placed on international discovery by these privacy laws, they do appreciate the balance of delicate factors involved in seeking discovery internationally. In assessing the importance of gaining access to specific ESI, the courts will generally consider a combination of factors, including the importance and origin of the information, the availability of access, the effects of non-compliance with international privacy laws on the US and the nation state where the information is located, and the potential hardship that would be imposed on the individuals or businesses who have the power to produce the information. A careful weighing of the privacy needs of individuals versus the needs of the parties involved in litigation must be assessed.

Individuals are capable of providing their consent to allow documents containing their personal information to appear in an international court. However, they can revoke this consent at any time. Even where consent is given, and certainly where it is not, every effort must be taken to protect the security of private information and to destroy such information within a reasonable amount of time. Electronically stored data must be anonymized or protected by pseudonyms, and personal identifiers such as names, addresses and phone numbers must be purged from information presented in eDiscovery.

So, what do you think? Have you ever dealt with privacy protection laws in international jurisdictions? Please share any comments you might have or let us know if you'd like to learn more about a particular topic.