International Data Transmission – An Overview of International Discovery Laws
In a globalized world where oceans and national boundaries no longer create barriers in communication and business, clashes between seemingly incompatible discovery and privacy laws are inevitable. Tumultuous legal conflicts often arise when United States discovery rules necessitate the production of data stored in nations with laws that restrict the preservation, processing and production of certain information. In these cross-border discovery disputes, the discovery of data located outside the borders of the U.S. is often subject to strict foreign data protection and privacy regulations.
United States Discovery Laws – Broad Discovery Leads to the Truth
The U.S. discovery system is based on the premise that broad discovery leads to the exposure of truth. The general scope of U.S. discovery, defined by Federal Rule of Civil Procedure 26(b)(1), allows parties to obtain materials regarding any non-privileged matter that is relevant to any party's claim or defense. Furthermore, the rule also provides that information requested for production need not be admissible at trial if it appears reasonably calculated to lead to the discovery of admissible evidence. This liberal system of discovery in the U.S., in contrast to many other nations, has developed to allow for extensive requests and productions.
As a result of this liberal approach, U.S., courts frequently employ long-arm jurisdiction to compel pretrial discovery of data located abroad. According to the Restatement (Third) of Foreign Relations Law of the United States, the rationale of the judicial system behind this practice is that persons and companies that conduct business in the U.S., or otherwise bring themselves within the jurisdiction of the U.S., receive benefits and legal protections through their connections and are correspondingly subject to the burden of U.S. law, including discovery laws. This approach is often used despite the fact that production of information abroad can result in a violation of the foreign statutes.
Foreign Discovery Laws – Restrictions on Liberal Discovery
Many other countries, including member states of the European Union, Canada and Asia, have a complex network of data protection, data privacy and state secrecy laws, which prohibit or restrict the liberal discovery approach utilized in the U.S. In addition, many civil code countries lack formal discovery processes in general and only provide access to evidence admissible at trial.
Europe particularly has a long history of fiercely preserving individuals' right to privacy. The European Union Data Directive 95/46/EC (Directive), adopted by the European Commission in 1995, established principles restricting the handling and production of electronically stored personal data. One such principle prohibits the onward transfer of data to countries that do not afford "adequate" levels of protection for personal information. According to the European Union, the U.S. has not been deemed to provide the necessary levels of protection. However, the EU and the U.S. have negotiated a "Safe Harbor" agreement, through which companies may sign up to the Safe Harbor regime and will thus be considered to offer adequate protection of personal data based on European requirements.
While the EU Directive establishes a basis of minimum protections, individual EU member states are free to and often have created more stringent protections. Elsewhere in the world, increasing numbers of nations have enacted laws and guidelines to protect data created or stored within their borders. These laws include:
- State-Specific Data Protection Laws: Specific laws and regulations that provide for the protection of personal data.
- State Secrecy Laws: Laws designed to protect information deemed to be a national secret. Violations of state secrecy laws are often punishable by criminal prosecution.
- Banking Laws: Nation-specific laws affecting the transfer of data internationally, with heightened protection for financial information.
- Blocking Statutes: Statutes specifically designed to block international data transmission, even if the collection processing or other use of information is permissible within the nation's borders.
Although the existence of foreign data protection statutes does create significant challenges for parties seeking the discovery of data located outside the U.S., these statutes do not operate as an absolute bar on recovery. For instance, in relation to blocking statutes, the U.S. Supreme Court stated in Societale Nationale Industrielle Aerospatiale v. U.S. District Court for the Southern District of Iowa, "[i]t is well settled that such statutes do not deprive an American court of the power to order a party subject to its jurisdiction to produce evidence even though the act of production may violate that statute."
Working Within the Constraints of Foreign Data Protection Laws
The Hague Convention on the Taking of Evidence Abroad in Civil or Commercial Matters, a multilateral treaty originally signed in 1970 and currently subscribed to by the U.S., the European Union and 67 other countries, developed a method for overcoming international data transmission hurdles involving a uniform procedure for letters of request, when seeking data outside party borders. However, many nations are not signatories to the Hague Convention, and even those who are may declare that it will not approve letters of request for the purpose of obtaining pretrial discovery.
The conflicts between sovereign laws are not insurmountable, although they may seem daunting at first. The key is to anticipate the conflicts, recognize them when they arise, and choose an appropriate resolution based on the facts and circumstances of each individual case. Familiarity with the EU Directive and nation-specific laws is a necessity, and counsel should be fully aware of foreign laws and restrictions to ensure compliance when approaching a cross-border discovery dispute.