Discovery of personal data held in the European Union (EU) has been an issue that has bedeviled U.S. litigants for some time. On the one hand, the U.S. Supreme Court has held that discovery of foreign documents is not barred by foreign privacy law. On the other hand, EU privacy regulators have threatened enforcement actions against U.S. companies that don’t take proper steps to protect EU personal data in discovery. The result is that U.S. lawyers and litigants are often caught in a Catch 22 with regard to foreign discovery, forced to choose between sanctions by a U.S. court for failure to conduct discovery or sanctions from an EU regulator for conducting such discovery.
Many had hoped that the EU’s new data privacy law, the General Data Protection Regulation (GDPR) would ease the burden of conducting discovery in the EU. Unfortunately, while the GDPR makes it easier in some ways to conduct foreign discovery, it imposes new record-keeping requirements on U.S. litigants. Moreover, fines under the GDPR can be as high as 20 million euro, or 4 percent of worldwide turnover, greatly increasing the compliance risk for U.S. litigants.
Conducting Discovery Under Current Law
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
