U.S. Litigators, Beware the GDPR Issue in Discovery
At a minimum, the lesson to be learned is to raise the issue early in litigation.
November 23, 2018 at 10:00 AM
4 minute read
In federal court, with jurisdiction over the foreign entity, discovery of foreign companies in U.S. litigation may be obtained through federal rules of civil procedure. Societe Nationale Industrielle Aerospatiale v. U.S. Dist. Court for S. Dist. of Iowa, 482 U.S. 522 (1987). However, a foreign company may be placed into conflict where it either complies with U.S. discovery demands and risks criminal liability or other sanctions for violation of its own data privacy laws, or complies with its home law and risk sanctions in the U.S. litigation. In Aerospatiale, the Supreme Court expressly recognized a need for “special vigilance to protect foreign litigants from the danger that unnecessary, or unduly burdensome, discovery may place them in a disadvantageous position,” and that courts recognize “the demands of comity in suits involving foreign states, either as parties or as sovereigns with a coordinate interest in the litigation.”
The European Union's General Data Protection Regulation (GDPR), enforced on May 25, 2018, imposes a set of rules and restrictions on how personal data is handled and transferred. Notably, compliance by American companies with the EU-U.S. Privacy Shield does not ensure full compliance with GDPR, inasmuch as that Privacy Shield was meant to provide a provisional remedy. Companies must still comply with GDPR to the extent the jurisdictional parameters are met.
In perhaps the first case to address the impact of GDPR on American discovery demands since GDPR's enforcement date, an unreported decision shows continued primacy of the obligations of parties to follow discovery demands in U.S. litigation. In Corel Software, LLC v. Microsoft Corp., No. 215CV00528JNPPMW, 2018 WL 4855268 (D. Utah Oct. 5, 2018), the court rejected Microsoft's request for a protective order “barring further retention and production of its telemetry data” in a patent infringement case. Among other arguments, Microsoft argued that retention of such data created “tension with Microsoft's obligations under the European General Data Protection Regulation 2016/679.” The court agreed with plaintiff that Microsoft had failed to show undue burden or expense in compliance. A review of the motion papers on the docket reveals that Microsoft simply raised the issue as noted above, indicated a willingness to submit further briefing, but the court decided the matter on the papers before it.
The enforcement of the GDPR does not change the parameters of the analysis by a court in the United States, whether federal or state. As recognized in Aerospatiale, the Restatement of Foreign Relations Law of the United States notes five factors relevant to the comity analysis: “(1) the importance to the … litigation of the documents or other information requested; (2) the degree of specificity of the request; (3) whether the information originated in the United States; (4) the availability of alternative means of securing the information; and (5) the extent to which noncompliance with the request would undermine important interests of the United States, or compliance with the request would undermine important interests of the state where the information is located.” These would apply whether or not the foreign law is simply a “blocking statute” precluding general transmittal of documents, or a privacy law addressing personal data, or both. American courts require proofs of plausible risk of enforcement of criminal and civil penalties by foreign authorities, not just possibilities; see. e.g., Knight Capital Partners Corp. v. Henkel Ag & Co., KGaA, 290 F. Supp. 3d 681, 691 (E.D. Mich. 2017).
Reasonable minds may differ as to whether the current approach under Aerospatiale and the Restatement, as developed in the case law, is sufficient to handle the issue post-GDPR. Perhaps had Microsoft had the opportunity to further brief and develop its point, it might have tipped the scale. Perhaps not. On the minimal information before it, the Corel court probably got it right.
At a minimum, the lesson to be learned is to raise the issue early. At least in federal court, the forms preceding the initial conference provide an opportunity to raise issues relating to discovery regarding data privacy. We do not believe the local or federal rules, or even the New Jersey state court rules, need to be changed to address this. The rules of discovery currently in place regarding electronic discovery and overly burdensome discovery should be sufficient. However, practitioners need to anticipate and raise such issues early, together with reserving the right to assert the application of foreign law, and be aware of the preventative measures that can be taken by clients in terms of where data is stored and processed, to minimize the potential for significant exposure to their clients.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllAs Trafficking, Hate Crimes Rise in NJ, State's Federal Delegation Must Weigh in On New UN Proposal
4 minute readAppellate Court's Decision on Public Employee Pension Eligibility Helps the Judiciary
5 minute readWhere CFPB Enforcement Stops Short on Curbing School Lunch Fees, Class Action Complaint Steps Up
5 minute read'Confusion Where Previously There Was Clarity': NJ Supreme Court Should Void Referral Fee Ethics Opinion
4 minute readTrending Stories
- 1Federal Judge Named in Lawsuit Over Underage Drinking Party at His California Home
- 2'Almost an Arms Race': California Law Firms Scooped Up Lateral Talent by the Handful in 2024
- 3Pittsburgh Judge Rules Loan Company's Online Arbitration Agreement Unenforceable
- 4As a New Year Dawns, the Value of Florida’s Revised Mediation Laws Comes Into Greater Focus
- 5Managing Partner Vindicated in Disciplinary Proceeding Brought by Former Associate
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250