Cross-border discovery disputes arise when documents that reside in one country are subject to production in another country. More often than not, the types of cases involving cross-border disputes are cases in the U.S. in which a party is trying to get documents from a party whose documents reside in Europe. It is often a “Catch-22” situation in which the need to gather relevant information in Europe for production in the U.S. conflicts with data privacy regulations, and sometimes even statutes in Europe that restrict or prohibit such discovery.
Part of the conflict in U.S. and European cross-border discovery disputes is a result of differing notions of what is reasonable and appropriate discovery. U.S. courts tend to have a very broad notion of discovery. The Federal Rules of Civil Procedure and state procedural rules generally provide that documents and data are discoverable if they are reasonably calculated to lead to the discovery of admissible information. European courts, conversely, tend to have a much narrower view of discovery. Countries in continental Europe generally prohibit disclosure of evidence beyond what is obviously needed for trial.
The conflict in U.S. and European cross-border discovery disputes also arises from major differences in how the U.S. and European countries view privacy and data protection.
The European Union considers privacy to be a fundamental right. In 1950, the Council of Europe’s Convention on Human Rights adopted a charter of fundamental rights. Article 8 of that charter codifies a right to privacy. This right to privacy was further solidified in 1995 with the European Commission’s adoption of the Data Protection Directive. The directive provides broad protections for personal data and places restrictions on the processing and transfer of data. “Processing” is broadly defined to include preservation. Moreover, in the EU, personal data includes an individual’s name, a person’s title and the office in which he or she works, among other information. The EU notion of personal data is very broad.
With technology advancements and the recognition that personal data can be moved around the globe almost instantaneously, the EU Commission published a draft of the EU Data Protection Directive regulations in January with proposed new reforms that increase EU citizen privacy protection and give individuals increased control over their data. The draft regulations also seek to harmonize data protection laws across the 27 EU member states. Among other proposed changes, the draft regulations would require multinational companies with more than 250 employees in the EU to appoint a data protection officer. The regulations would also subject those companies to potential sanctions of up to 2 percent of annual worldwide revenue for serious breaches, which could include unlawful data transfers to the U.S.
In the U.S., while the Supreme Court has recognized the need to respect foreign data privacy laws, the Federal Rules of Civil Procedure are not preempted by foreign privacy regulations. Therefore, in practice, U.S. courts often default to allowing broad discovery despite the risk to litigants subject to foreign privacy laws. For example, in Strauss v. Credit Lyonnais, the court ordered the defendant to produce documents in accordance with the Federal Rules of Civil Procedure, over the defendant’s objections that doing so would subject the defendant to penalties under French privacy law. After the defendant complied, French authorities levied criminal penalties and fined counsel €10,000 for conducting discovery for U.S. litigation in violation of the French blocking statutes. In re Advocat “Christopher X.”
Similarly, in Accessdata Corporation v. ALSTE Technologies GmbH, a German company refused to produce documents regarding customer complaints in a breach of contract action on the grounds that disclosure of such information would reveal third parties’ identities and violate the German Data Protection Law and the German Constitution. The court ordered the German company to produce the documents, relying on Societe National Industrielle Aerospatiale v. United States District Court for the principle that blocking statutes, such as the German Data Protection Law, do not deprive U.S. courts of the power to order a party to produce evidence even though the party may violate a foreign statute.
Given the increasing frequency of these legal dilemmas, in February, the American Bar Association issued a resolution and recommendation that U.S. courts “consider and respect the data protection and privacy laws of any foreign sovereign, and the interests of any person who is subject to or benefits from such laws, with regard to data that is subject to preservation, disclosure, or discovery.” The ABA recognized that “permitting broad discovery in disregard or even defiance of foreign protective legislation can ultimately impede global commerce, harm the interests of U.S. parties in foreign courts and provoke retaliatory measures.” Although the resolution is not binding on U.S. courts, if U.S. courts continue to favor broad discovery in violation of EU restrictions, U.S. litigants may face a similar disregard of U.S. laws and regulations to the detriment of U.S. litigants in foreign courts.