International e-discovery raises unique and complicated privacy issues for litigants who are forced to address the conflict between varying countries' discovery and privacy laws. Cross-border discovery and privacy issues are particularly salient for U.S. litigants seeking discovery from sources in Europe.
The U.S. litigant's broadly held right to discoverable, electronically stored evidence can be interpreted as a direct conflict with the European approach of recognizing an inalienable right to privacy based on a broad definition of personal data. In particular, the EU Data Protection Directive imposes specific requirements before personal data can be transferred to third parties or outside of the Directive's Member States, including transfers to third parties in the United States.
These requirements prevent unrestricted transfer of information commonly requested by U.S. litigants. In addition, some countries have so-called blocking statutes that prevent cross-border transfers, most of which were designed to impede broad discovery in U.S.- based litigation. These blocking statutes may impose criminal liability on parties releasing data to private litigants located abroad.
This conflict of laws puts litigants in U.S. courts in a difficult bind, one with which U.S. judges are not particularly sympathetic. “It is well-settled that such [foreign] statutes do not deprive an American court of the power to order a party subject to its jurisdiction to produce evidence even though the act of production may violate that statute.” Societe Nationale Industrielle Aerospatiale v. U.S. Dist. Court for S. Dist., 482 U.S. 522, 544 n. 29 (1987).
Instead, U.S. courts consider a number of factors before allowing a foreign statute to excuse non-compliance, including but not limited to the importance of the documents to the proceeding, the degree of specificity of the request, the origin of the information, the availability of alternative means of securing the information, the extent to which noncompliance with the request would undermine important interests of the United States or the state where the information is located, and, perhaps most critically, the extent to which enforcement action by either state is likely. Richmark Corp. v. Timber Falling Consultants, 959 F.2d 1468, 1475 (9th Cir. 1992); United States v. Vetco, Inc., 691 F.2d 1281, 1287 (9th Cir. 1981).
Generally U.S. courts have weighed these factors and ordered compliance, adopting the view that companies and individuals who choose to do business in the United States are subject to U.S. laws. The failure of foreign authorities to enforce the laws barring production in the foreign jurisdiction has proved a significant weakness in a litigant's argument against production.
A recent court decision in France, as well as the upcoming opinion by the Article 29 Working Group on the Directive's applicability in cross-border e-discovery, may force U.S. courts to more carefully weigh the consequences of ordering discovery abroad.
The French court decision, In re Avocat “Christopher X,” Cour de Cassation, Appeal n. 07-83228 (French Supreme Court, Dec. 12, 2007) involved the criminal prosecution of a French lawyer for having sought evidence on his own, outside the scope of specific U.S. discovery order or Hague Convention procedure. The lawyer wrote a letter to an executive of the French insurance company MAAF trying to elicit an answer that might be useful to the California Insurance Commissioner in the Executive Life case. MAAF filed a criminal complaint for violation of the French blocking statute, and the lawyer was fined €10,000.
It is the first and only time to our knowledge that anyone has been prosecuted under the French blocking statute, and the case focused new attention on the blocking statute and on the need to use Hague Convention procedures when collecting evidence abroad.
At roughly the same time, French and European data protection authorities began to consider whether the transfer of evidence to the United States under discovery proceedings might violate European privacy laws. The French CNIL held hearings in 2008, and the subject has now been escalated to the European Union Article 29 Working Party.
Whether the willingness of the jurisdiction to punish an individual complying with U.S. discovery requirements in violation of local privacy rules will become a significant factor in U.S. discovery disputes remains to be seen. A California federal district court considering an objection to production based on Dutch privacy rules only a few months before the Christopher X decision did not deal with the issue of enforcement, but instead focused on whether the information requested was indeed personal data. See Columbia Pictures, Inc. v. Bunnell, 245 F.R.D. 443, 452 (C.D. Cal. 2007).
The court found it was not, and ordered compliance with the magistrate’s discovery order. This focus may suggest that courts could be more willing to consider foreign privacy concerns than has been the case in the past, provided that the information at issue is subject to the foreign privacy laws. It also suggests that the issue of what constitutes personal data, which has been the subject of debate since the implementation of the directive, may become the subject of debate in the United States as well. Confidentiality agreements and protective orders are increasingly being used in the context of U.S. discovery to help mitigate data protection risks.