In late Spring 2018 US entities will have to consider recent changes to US discovery law while also working to comply with the EU General Data Protection Regulation.
The regulation goes into effect on May 25 2018 and will significantly affect any organisation that collects and processes data relating to offering goods or services to EU citizens. Currently, the uncertainty facing any multinational business is how to comply with both the regulation and its home country's rules and regulations. For US businesses, the new Federal Rules of Civil Procedure for Discovery complicate their compliance with US discovery obligations while maintaining compliant data processing and retention policies for EU citizens.
There has been longstanding tension between EU legislation regarding privacy rights and US e-discovery obligations. However, the EU General Data Protection Regulation and various EU country-specific data privacy laws make it even more challenging to collect, process, review and produce responsive discovery. Data retention policies must satisfy both the regulation and US discovery obligations in order to avoid incurring penalties under either law.
US companies will face penalties for non-compliance with the EU General Data Protection Regulation, as well as penalties for non-compliance with new US discovery rules. To reduce potential conflicts in data retention and discovery, data collection and requests must be carefully planned. US companies may decide to pursue early settlements or risk penalties in the Unites States in order to avoid the steep fines for EU General Data Protection Regulation violations where litigation is not a serious threat to the company.
Data protection is particularly relevant to trademark rights, as rights holders must balance factors for protecting brands and personal data. In infringement proceedings, courts must grant trademark owners access to data that may support claims of infringement. The primary consideration in making this determination seems to be proportionality. The principle of proportionality is particularly useful where highly confidential but questionably relevant documents are sought.
‘Personal data’ is defined as any information relating to an identified or identifiable natural person. In an online context, the definition extends to static internet protocol addresses, which allow users to be identified. Data protection and privacy pose a barrier to IP enforcement when information comprised of personal data is withheld on data protection grounds because the possibility of infringement does not merit interference with the data subject's rights. Brand owners may struggle to obtain relevant information in discovery if personal data is involved. An advertiser has legitimate grounds to reject an application for information on data protection grounds, forcing the brand owner to seek a court order.
Limiting access to information regarding consumer habits can limit a brand owner's ability to prove actual confusion. Moreover, online keyword advertising has become a point of contention as US courts attempt to clarify the ability of trademark owners to restrict potentially infringing advertising activity. However, in this highly regulated space, US companies must abide by both the EU General Data Protection Regulation and US discovery regulations while working to avoid penalties and respecting the data privacy concerns of individuals.
This article first appeared in IAM. For further information please visit www.IAM-media.com.