H. Christopher Boehning & Daniel J. ToalConfidentiality Order Sufficiently Protects EU Data in U.S. Discovery
In their Federal E-Discovery column, Christopher Boehning and Daniel J. Toal discuss a recent case in which the court conducted a comity analysis and issued a decision that confirmed the value of a protective order when producing names and positions in response to a discovery request—information considered benign by U.S. discovery standards, but protected under international data privacy laws.
April 06, 2020 at 12:15 PM
8 minute read
In 1987, the U.S. Supreme Court addressed a dispute highlighting the tension between the broad discovery allowable in U.S. civil litigation and the fundamental protection of personal data abroad and adopted a five factor comity analysis to balance these competing needs. U.S. courts applying this test have generally found the balance tilted in favor of disclosure of discovery materials.
The 33 years since, however, have brought significant change both to U.S. discovery and to data privacy. Discovery is no longer boxes from office filing cabinets; it is terabytes of electronic materials that can contain both business and personal information. And, data privacy is not a treaty of the Council of Europe; it is binding, long-arm laws around the world, led by the European Union's General Data Protection Regulation (GDPR) and followed by similar laws worldwide—including in U.S. states.
In a recent case, a court was faced with these modern realities as it weighed the competing interests of discovery and international data privacy. Conducting a comity analysis, it issued a decision that confirmed the value of a protective order when producing names and positions in response to a discovery request—information considered benign by U.S. discovery standards, but protected under international data privacy laws.
|'In re Mercedes-Benz'
In the class action In re Mercedes-Benz Emissions Litig., 2020 WL 487288 (D.N.J. Jan. 30, 2020), the parties were involved in a discovery dispute over the production of certain personal information of German citizens held by defendants Daimler AG and Mercedes Benz USA (the Mercedes defendants). The court described it as "an ongoing and overarching dispute over the balancing of plaintiffs' discovery needs pursuant to Federal Rule of Civil Procedure 26 and the Mercedes defendants' compliance with privacy regulations pursuant to the GDPR." Id. at *1. The plaintiffs had requested information commonly provided as part of civil discovery and, as the court noted, "generally considered benign"—the names and positions of the Mercedes defendants' employees who may have information relevant to the dispute. Id. The Mercedes defendants argued that, as personal data protected by the GDPR, name and position information must be redacted; otherwise, such a production would violate the GDPR's restrictions on the onward transfer of personal data. See id.
Over the course of several meet and confers, the parties agreed to a Discovery Confidentiality Order covering confidentiality and privacy for U.S. discovery data, but were at an impasse regarding "a Discovery Privacy Order governing the confidentiality and disclosure of foreign private data that may otherwise be subject to certain protections under the GDPR." Id. at *2. In short, the plaintiffs wanted the employee information produced in full, while the Mercedes defendants wanted to produce such information in redacted form.
After a number of applications, rulings, and appeals involving the parties and a Special Master, the Special Master ordered the information produced without redactions. In a "GDPR Ruling," he determined that the "Discovery Confidentiality Order provision allowing a producing party to designate and protect as 'Highly Confidential' information that the producing party claims to be Foreign Private Data[,] such as employee names, sufficiently balances the EU's interest in protecting its citizens['] private data and the U.S. legal system's interest in preserving and maintaining the integrity of the broad discovery provisions set forth in the Federal Rules of Civil Procedure." Id. at *3 (citation omitted). Thus, the Special Master "ruled that considerations of international comity do not relieve the Mercedes defendants of [their] obligations under U.S. law and that the Discovery Confidentiality Order provision sufficiently protects unredacted personal data of EU Citizens." Id. at *5. The Mercedes defendants appealed the GDPR Ruling, arguing that full disclosure, even under the Discovery Confidentiality Order, still violated the GDPR. See id. at *4.
|Comity Analysis Review
On appeal, Magistrate Judge Joseph Dickson reviewed the Special Master's GDPR Ruling, specifically "whether the names of certain current and former Daimler AG employees who are European Union citizens should be produced subject to the Discovery Confidentiality Order or redacted." Id. at *3. In the GDPR Ruling, the Special Master had weighed the competing interests of U.S. discovery and EU privacy laws using the five factor international comity analysis adopted by the Supreme Court in Société Nationale Industrielle Aérospatiale v. U.S. Dist. Court for S. Dist. of Iowa, 482 U.S. 522 (1987): "(1) the importance to the litigation of the documents or other information requested; (2) the degree of specificity of the request; (3) whether the information originated in the United States; (4) the availability of alternative means of securing the information; and (5) the extent to which noncompliance with the request would undermine important interests of the United States, or compliance with the request would undermine important interest of the state where the information is located." Id. at *6 (citation omitted).
Here, the court reviewed the Special Master's comity analysis, factor-by-factor, under an abuse of discretion standard. The court agreed that the first factor weighed in favor of unredacted disclosure because "the names, positions, titles, and professional contact information of relevant current or former employees of any defendant or third party identified in relevant documents, data or information produced by discovery is by its very nature directly relevant to plaintiffs' claims." Id. (citation omitted). The second factor bore similar weight because the request sought "the production of unredacted documents commonly produced in U.S. litigation." Id. at *7 (citation omitted). However, the third factor weighed in the defendants' favor as the court found it "logical to assume, as the Special Master did, that the majority of documents to be produced from Daimler, a German company, originated in the EU." Id. (citation omitted). The court found that the fourth factor favored full disclosure, reasoning that the "Special Master correctly concluded that there is not an alternative means for plaintiffs to obtain the relevant current or former employees' names, positions, titles, or professional contact information." Id. (citation omitted).
As for the fifth and most important factor, the extent to which noncompliance with the request would undermine important interests of the United States, or compliance with the request would undermine important interest of the state where the information is located, the Special Master had flagged that the "weight of the foreign privacy interest to be considered is 'diminished where the court has entered a protective order preventing disclosure of the secret information.'" Id. at *8 (citations omitted). Moreover, in light of the automobile emissions-related issues in the case, the Special Master had "found that, on balance, the U.S. had a stronger interest in protecting its consumers than the EU did in protecting its citizens' private data, particularly with a Discovery Confidentiality Order provision allowing producing parties to designate and protect foreign private data as 'Highly Confidential' information." Id. (citations omitted). The court agreed and found the fifth factor favored full disclosure.
Concluding that the Special Master's GDPR Ruling was not an abuse of his discretion, the court affirmed the decision and ordered the defendants to produce the requested documents, including the personal information from European Union citizens, in unredacted form. See id.
|Takeaways
The decision in In re Mercedes-Benz is a helpful reminder that it is critical for courts to conduct a thoughtful comity analysis when considering the impact of international data privacy laws. Parties looking to this decision as a broader statement about the importance of U.S. discovery relative to considerations of data privacy, however, should be sensitive to the limitations of the ruling given its facts. In situations where less "benign" personal data is involved, or where rights and freedoms of individuals might be more heavily impacted due to the production of protected data, courts could easily strike a different balance. Additionally, other factors such as the involvement of works councils, the impact of blocking statutes, and the applicability of data secrecy laws could all be significant considerations both in courts' comity analyses by courts and companies' risk assessments.
When U.S. discovery involves protected personal data, parties and their counsel should be mindful of the impact and related risks of any applicable data privacy or other laws and strongly consider entering into a protective order governing the handling, designation, and protection of such information. In some situations, especially where limited, relevant information is at issue, thoughtfully crafted protective orders may be considered sufficient to ensure protection of such personal data. Though parties should be aware that, as the In re Mercedes-Benz court noted, "whether an EU authority aggressively polices this type of data production in the context of pre-trial discovery in U.S. litigation remains to be seen."
Christopher Boehning and Daniel J. Toal are litigation partners at Paul, Weiss, Rifkind, Wharton & Garrison. Ross M. Gotler, e-discovery counsel, and Lidia M. Kekis, e-discovery attorney, assisted in the preparation of this article.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Attorney Sanctioned for Not Exercising Ordinary Care: This Week in Scott Mollen’s Realty Law Digest
Law Firms Mentioned
Trending Stories
- 1Judge Denies Sean Combs Third Bail Bid, Citing Community Safety
- 2Republican FTC Commissioner: 'The Time for Rulemaking by the Biden-Harris FTC Is Over'
- 3NY Appellate Panel Cites Student's Disciplinary History While Sending Negligence Claim Against School District to Trial
- 4A Meta DIG and Its Nvidia Implications
- 5Deception or Coercion? California Supreme Court Grants Review in Jailhouse Confession Case
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
