Disclosure vs. Privacy – The Global Data Dichotomy

/
01May2011

Disclosure vs. Privacy – The Global Data Dichotomy

  • 1 Tags
  • 0 Comments
By Kroll Ontrack

Rapid advancements in communication and transportation continue to globalize the marketplace like never before. While globalization has certainly brought economic growth and opportunity for some, it has also created conflict for others. No matter where business is conducted, litigation will inevitably follow, and as the economic borders continue to blur, companies must be increasingly aware of their legal obligations.

United States – Disclosure Leads to Justice

In the U.S., the discovery process possesses a broad scope based on the belief that the search for truth generally outweighs individual privacy concerns. Federal Rule of Civil Procedure 26(b)(1) specifically extends discoverability to “any non-privileged matter that is relevant to a party’s claim or defense.” Despite this broad discovery permission, a cursory survey of e-discovery case law clearly reveals that disclosure in the U.S. is nonetheless a highly contentious issue even in purely domestic litigation. Indeed, parties routinely spend a plurality of their litigation budgets battling to compel and protect information long before trial even begins. For this reason, the U.S. discovery process has received wide criticism from its international counterparts. The liberal approach of the U.S. system has little international appeal and stands in direct conflict with many other countries whose privacy laws constrict discovery to a far narrower purview.

European Union and Canada – Privacy is Priority

In the European Union, data privacy regulations such as the Data Protection Directive 95/46/EC (Directive) place significant restraints on the control and transmission of personal electronically stored information (ESI). Among its numerous and relatively stringent requirements, the Directive expressly limits the purposes for which data can be used, requires data subjects to provide informed consent to all those seeking access to their information and prohibits transmission to foreign countries that do not provide “adequate” levels of protection – a category that includes the U.S. The Directive has been adopted by all Member States to the EU, and similar policies, such as the Canadian Personal Information Protection and Electronic Documents Act, have been enacted in non-European countries to achieve a similar effect. However, the Directive often is at odds with discoverability rulings in the U.S. For example, in the recent case Enquip Technologies Group, Inc. v. Tycon Technoglass, S.R.L., the Ohio Court of Appeals affirmed the opinion of the District Court that the Directive did not limit the discoverability of certain ESI.1 Although the court disagreed that, among other factors, the legal necessities exemptions provided in the Directive applied and permitted discovery, it is at odds with the statements of the EU Working Party, which posit that in such a situation the exemption would not apply.2

Personal ESI is not the only type of data subject to greater protection outside of the United States. Other types of information are often protected from foreign transmission by blocking statutes. French Penal Law 80-538 states that “[s]ubject to international treaties or agreements and laws and regulations in force, it is forbidden for any person to request, seek or communicate in writing, orally or in any other form, documents or information of an economic, commercial, industrial, financial or technical nature leading to the constitution of evidence with a view to foreign judicial or administrative procedures, or in the context of such procedures.” By its broad language, this blocking statute seemingly restricts the discoverability of all non-personal information. Despite the existence of the blocking statutes in France and other countries, U.S. courts will weigh the interests of the United States versus the foreign country in making ESI determinations. For example, in a recent case from the Eastern District of New York, the defendant’s fear of criminal prosecution for violating the French Blocking statute was not enough to overcome the court’s belief that “France’s relatively weak national interest in prohibiting disclosure…[was] outweighed by the more substantial United States interests.”3

Navigating International Data Protection Laws

Although the foreign data privacy laws may appear to lack practical force upon application in the U.S. courts, companies should not be quick to discount their importance. Decisions to circumvent foreign data privacy laws and blocking statutes result from a careful analysis under the five-factor “comity test” established by the U.S. Supreme Court and embodied in the Restatement (Third) of Foreign Relations Law of the United States.4 Common to all the cases discussed above is the failure of the party seeking protection to demonstrate the applicability of the laws to the information sought by their opponent. Indeed, the same court that adjudicated In re Air Cargo Shipping Services acquiesced to Israeli privacy laws in Linde v. Arab Bank and denied discovery of protected information.5 Further demonstrating the point that counsel must make the argument regarding the blocking statutes, the Southern District of Indiana recently ordered production of data from a wholly-owned French subsidiary noting that the plaintiff’s counsel was not well-versed in “what the French Blocking Statute even says, nor has it explained the risk it would actually face if it obtained documents possessed by the French corporation and produced them” (emphasis in original).6

In light of these considerations, as well as a generally increasing emphasis on data protection, companies must be cognizant of the laws to which they may be subject and avail themselves of the best methods for achieving compliance. Although the U.S. is not considered to provide adequate data protection under Directive 95/46/EC, the EU has authorized the U.S. Department of Commerce to provide a “safe harbor certification” to U.S. service providers that meet the requisite data privacy protection standards. Because safe harbor certification provides a general grant of authority for international data transmission, counsel involved in international discovery between the U.S. and EU are well-advised to partner with certified service providers to ease their risk of non-compliance.

Counsel should also seek the assistance of service providers who have a strong international presence. Even in the absence of certifications, foreign countries tend to be much more favorable to companies who conduct processing and review within their borders prior to transmission. Partnering with service providers established in the data’s host country can also help U.S. counsel locate and partner with qualified local legal experts to provide further assistance navigating the relevant privacy laws.

Conclusion

For consumers, the world seems to grow smaller every day as globalization brings people and nations closer together than ever before. But for nearly all companies, access to new markets also brings increased legal obligations. As conflict between foreign data privacy laws inevitably increases, companies that embrace the challenge and proactively address the complexities will enjoy less risk and more growth in the emerging global economy.

  1. 2010 WL 53151 (Ohio App. 2 Dist. Jan. 8, 2010)
  2. Working Document 1/2009 on pre-trial discovery for cross-border civil litigation, Article 29 Data Protection Working Party, 9 (adopted on Feb. 11, 2009), available at http://ec.europa.eu/justice_home/fsj/pri­vacy/workinggroup/wpdocs/2009_en.htm (last accessed 7/14/09).
  3. In re Air Cargo Shipping Services, 2010 WL 1189341 (E.D.N.Y. Mar. 29, 2010). (see also Gucci Am., Inc. v. Curveal Fashion, 2010 WL 808639 (S.D. N.Y. Mar. 8, 2010) holding “the United States interest in fully and fairly adjudicating matters before its courts…outweighs Malaysia’s interest in protecting the confidentiality of its banking customers’ records.”)
  4. See Societe Nationale Industrielle Aerospatiale v. United States District Court, 482 U.S. 522 (1987).
  5. 2009 WL 1456573 (E.D.N.Y. May 22, 2009).
  6. Sofaer Global Hedge Fund v. Brightpoint, Inc., 2010 WL 4701419 (S.D. Ind. Nov. 12, 2010).

This article was originally posted on Kroll Ontrack.

COMMENTS
Almanya sohbet anal yapan escort