Data privacy laws and blocking statutes can seriously impact investigations and litigation that reach outside of U.S. borders. In this article, we discuss the effect of data privacy laws and blocking statutes on U.S.-based corporations, and offer some practical strategies for counsel when dealing with international investigations and litigation.
Data Privacy Laws
Data privacy laws prohibit misuse or disclosure of private individuals’ data. At least 89 countries have enacted them, and more countries are expected to enact their own data privacy laws in coming years. The European Union (EU) has some of the most stringent data privacy laws in the world. In January 2012, the EU proposed comprehensive reforms of data protection rules in the form of a draft European General Data Protection Regulation (GDPR) that is intended to harmonize the various data protection laws currently in place in the EU member states. The GDPR will also serve to replace the existing 1995 Data Protection Directive, 95/46/EC. The reforms are intended to “make Europe fit for the digital age,” and stem from the reported desire of more than 90% of Europeans to harmonize data protection rights across the EU. See, GDRP. In December 2015, the European Parliament and other law makers reached agreement on the new data protection rules. The Rules will become applicable two years after formal adoption and publication.