Let’s face it: technology has made the world smaller. It’s no longer extraordinary for what was once termed a “mid-sized” or “regional” company to trade and outsource in foreign markets. Indeed, the Internet has made it possible—even probable—that the storied “mom and pop” shops of Americana reach millions of potential customers across the globe, rendering them active participants in international commerce.
International trade means international litigation. Not surprisingly, then, studies have suggested “double digit growth” in the global e-discovery market over the next few years. Put another away, experts expect the international e-discovery market to expand by approximately 15% annually—from $1.7 billion in 2013 to $2.9 billion by 2017.
Of the many issues that that global litigants will grapple with in the coming years, international privacy laws will no doubt be at the forefront. For example, what was virtually buried under the debris of Judge Peck’s groundbreaking TAR decision in Da Silva Moore was the fact that plaintiffs sought the ESI of the defendants’ CEO—who was based in France. Citing the Sedona Conference International Principles on Discovery, & Data Protection – which provide that “[w]ith regard to data that is subject to preservation, disclosure, or discovery, courts and parties should demonstrate due respect to the Data Protection Laws of any foreign sovereign and the interests of any person who is subject to or benefits from such laws” - the court concluded that because Monsieur Fleuriot’s emails were stored in France, they were likely covered by the French privacy laws and blocking statutes, thus making him an unsuitable candidate for a “first-phase custodian.”
Data privacy laws and blocking statutes would have been only a couple of the major hurdles that litigants like the Da Silva plaintiffs would have to overcome in order to get their hands on emails residing in members of the European Union. While the Hague Evidence Convention appears to cover conflicts on discovery laws, there exists a fundamental disconnect between how the treaty is interpreted and applied. On the one hand, the EU considers privacy (or data protection) to be a human right. Full stop. Courts in the United States, however, seem to view the issues more pragmatically—favoring a “balancing of the interests test” in the name of international comity.
Given the discrepancy in how data protection is treated between the United States and its counterparts overseas, EU member states have evinced a certain level of distrust of US courts in permitting the transfer of protected data, even for discovery purposes. Specifically, one of the legal bases that a litigant must demonstrate in order to compel the production of “private” data is “adequate protection”—i.e., that the processing country will provide adequate protection of the individual’s fundamental privacy rights. Needless to say, the EU has not traditionally viewed the United States as an “adequate country.”
Of course, the EU is not the only global citizen to enter into the fray. While China continues to make its mark on the global economy, US courts are struggling to make heads or tails of the country’s relatively impenetrable legal system. For example, China’s Accounting Archives Management Measures, which prohibit the export of a company’s “accounting archives,” can make it troublesome for U.S. litigants to obtain financial data residing in China. Moreover, due to the fairly ubiquitous role of the Chinese government in the nation’s commerce, state-owned companies are far more prevalent than one might think, giving rise to issues of state secrecy under the China State Secrets Law (which provides that the Chinese government shall be the final arbiter on what constitutes a “state secret” that is protected from disclosure).
What does this mean for the proactive? For those companies with operations all over the world, there are certain measures they can take in order to be prepared—both offensively and, in some cases, more importantly, defensively: