Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


International privacy laws still pose challenges for the discovery process

Legal departments need to be aware of their obligations

The discovery process can be cumbersome and expensive regardless of where it takes place, but international laws protecting sensitive information can make the process even more complicated. Especially in the European Union, where a cultural mindset that has protected the private affairs of citizens have been stringently enforced for the better part of a century, collecting information for litigation presents unique challenges that legal departments should be aware of.

Alvin F. Lindsay of Hogan Lovells LLP and an expert in technology and litigation says that within the EU, “Data privacy is usually taken very, very seriously. In fact, after World War II, the European Commission found that the right to privacy in one’s correspondence is a ‘fundamental human right.’”

By 2012 the EU’s Data Protection Directive had strengthened the already high standards of EU citizen’s information, requiring all nation states to enact protection. The directive prevents personal data from being “processed” without the express approval of the individual involved.  Processing includes storing, sorting, and many of the other practices associated with discovery.

“It doesn’t matter it’s a corporate employee on a corporate email, it’s still private. Searching is one act of processing that is not legal, though there are some exceptions,” Lindsay says.

These rules were set up to prevent the type of unauthorized categorization of people that lead to atrocities like the Holocaust in Europe, so their importance is undeniable.  In the United States, on the other hand, the Federal Rules of Civil Procedure that were enacted during the great depression made all pieces of evidence transparent and available.

What’s interesting is, as opposite as these approaches may seem—preventing the collection of information completely or making all of it available—both rules were enacted to meet similar goals.

“The FRCP were enacted in 1938, and at the time people distrusted corporations, the whole goal was to level the playing field.” Lindsay says. “The thing to keep in mind is that both the totally liberal full discovery concepts in the U.S. and the protections of information in Europe were done to protect the little guy.”

Regardless of how the two separate approaches to personal data information evolved, it’s essential for attorneys and legal departments working with clients or opponents internationally to comply with the discovery restrictions regardless in a given country. While this further complicates the discovery process, violation of terms can result in sanctions and penalties that no legal team would welcome. And according to Lindsay, similar data protection stipulations are likely to pop up in other areas around the world.

“We’ve got this standoff, what I find interesting is, we are the only country that has the style of litigations that we have, what’s interesting is many countries around the world that have adopted code provisions that are in many cases identical to the EU privacy stipulations,” Lindsay says. “I think it will be years before any elegant solution shakes out.”

In the meantime Lindsay points out several things that legal departments should be doing to remain compliant and respectful to different privacy standards when it comes to the discovery process.

  • Educate both the U.S. court and opposing counsel early on regarding the legal hurdles involved
  • Secure a protective order prohibiting the disclosure of any private materials outside the litigation context
  • Minimize the amount of data that the company must process and transfer
  • Enlist so-called (and perhaps incorrectly called) “safe harbor” vendors to help with the process
  • Allow the affected employees to assist with and agree to (to the extent possible) the production and,
  • Show that the company, in general, has done everything possible to respect at least the spirit of the foreign privacy laws

For other stories on the discovery process, check out these stories:

Bracing for the e-discovery dangers of employee status changes

Overcoming IT limitations with a cloud-based e-discovery solution

Producing a blockbuster IP litigation hit with small-budget funding: Assembling the cast


Executive Editor

author image

Chris DiMarco

Chris DiMarco, Executive Editor of InsideCounsel magazine, has a background in multimedia production with previous involvement in projects in which he developed and created content...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.