You are here: Home / Archives for France

EU Data Protection Meets U.S. Discovery

December 18, 2009 By Leave a Comment

As a result of an increase in U.S. lawsuits requiring the transfer of personal data from France to the United States, the French Data Protection Agency CNIL published a recommendation in August 2009, which is designed to offer guidance on data transfers in connection with U.S. civil discovery proceedings.[FOOTNOTE 1] The CNILs recommendation expands on the guidelines adopted by the body of European data protection agencies the Article 29 Data Protection Working Party in February 2009.[FOOTNOTE 2]

EU member states increasingly enforce their data protection laws. For instance, in 2008, the Spanish data protection agency imposed fines amounting in total to €22.6 million. In France and other EU countries, companies are under pressure to comply with U.S. discovery requests, which frequently call for the production of personal data about employees, clients, or customers. The CNILs recommendation reflects a tension between a companys obligation to respond to U.S. discovery requests and its obligation to comply with EU data protection laws. Because data protection laws pursue a legitimate interest and are increasingly enforced in Europe, courts and litigants in the U.S. should take them into account when ordering discovery abroad.

CNIL RECOMMENDATION

The CNIL acknowledges that the parties to a U.S. lawsuit have a legitimate need for documents, and that European and French data protection laws do not prohibit the transfer of personal data to the U.S. for litigation purposes. Such transfers, however, should be subject to certain requirements to comply with data protection laws.

[continued] Law.com – EU Data Protection Meets U.S. Discovery.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: From The News Tagged With: , , , , , , , , , , , , ,

International Cloud Computing Meets U.S. E-Discovery

November 15, 2009 By Leave a Comment

“Software as a Service” (SaaS) providers such as Google, IBM, Cisco and others are offering multinational corporations the opportunity to replace their enormously expensive and ever changing technological infrastructure with SaaS computing facilities. Individual companies would archive and access information in these systems through the internet at a presumably lower unit price (cloud computing). These providers also promise to manage the skyrocketing costs of collecting and disclosing electronically stored information (ESI), especially emails, demanded in U.S. judicial and regulatory proceedings (e-discovery).

Since these repositories are not under the control of the company being sued, they argue that the very strong policy and procedure, audit trails and reliability in the “cloud” are a vast improvement over a company’s internal procedures.  However, international cross-border e-discovery issues threaten to rain on the cloud computing parade. The SaaS provider, the multinational corporation and their attorneys must carefully address and anticipate these e-discovery issues early in their discussions or risk costly sanctions. Moreover, litigation counsel cannot be surprised to learn that all of the company’s ESI is outside of the company’s control.

Civil code countries, such as France and Germany, take dramatically different approaches to cross-border information transfer than does the U.S. The U.S. requires parties in any litigation to exchange information which “may” lead to the discovery of admissible evidence. Issues of confidentiality and privacy are dealt with through various devices such as protective orders and confidentiality agreements. This is not true for many European and Asian countries where U.S. type discovery is rare and broad data protection and privacy rights are enforced by the state and are not negotiable by an employer. For example, “processing,” includes a company’s operations relating to collecting, storing, retrieving, disclosing and transmitting personal data and includes any information relating to an identified or identifiable natural person. Countries have introduced laws (”blocking statutes”) to restrict cross-border disclosure of information to foreign jurisdictions. See generally, “The Sedona Conference Framework for analysis of cross border discovery conflicts-A practical guide to navigating the competing currents of international data privacy and discovery” .

Read more via Project Counsel » Blog Archive » International Cloud Computing Meets U.S. E-Discovery.

LinkedInPinterestEvernoteWordPressBlogger PostEmailShare
Filed Under: From The News Tagged With: , , , , , , , , , , , ,
Newer Posts »