Daniel Miller, a partner of the K&L Gates e-Discovery Analysis & Technology (“e-DAT”) Group and the firm’s Pittsburgh office, will attend this week’s ABA Cross-Border Institute in Paris. Daniel will also participate on a panel discussion at next week’s Master’s Conference in London.Read More
As discussed in a prior post on this blog, electronic discovery that requires the processing and use of records and information that includes the personal data of individuals residing in the and the European Economic Area (“EEA”) must often incorporate measures to allow for compliance with the European Union’s General Data Protection Regulation (“GDPR”), which contains a number of requirements and limitations regarding the processing of such personal data and its transfer to countries outside the EEA.Read More
Electronic discovery for legal matters within the United States often involves preserving, collecting, processing, reviewing, and producing data that concern individuals living outside the United States. In some of these situations, the data privacy laws of jurisdictions outside the United States can complicate electronic discovery to be performed in the United States. Perhaps the most well-known data privacy law is the European Union’s General Data Protection Regulation (“GDPR”), which outlines requirements related to the processing of the personal data of individuals residing in the and the European Economic Area (“EEA”) and addresses the transfer of data outside the EEA.
Article 45 of GDPR forbids the transfer of the personal data of EEA residents (described as “data subjects”) to any country outside of the EEA unless (i) the EU determines that the country’s legal privacy frameworks and practices ensure an adequate level of protection for data subjects’ personal data (termed an “adequacy decision”), or (ii) one or more safeguards deemed appropriate by the EU are imposed on the cross-border data transfer. Accordingly, transfers of personal data of EEA residents to a country outside the EEA that lacks an adequacy decision must rely on such safeguards (or, alternatively, a derogation defined by Article 49 of GDPR). These safeguards can include use of data processing agreements that contain standard contractual clauses, binding corporate rules that address data privacy and protection concerns, and/or binding and enforceable commitments by the data controller or processor located in the country to which the data are being transferred.
Some legal matters requiring cross-border data transfer to the United States may not clearly fit within one of Article 49’s derogations, which may prompt the need to employ such a safeguard to accommodate the data transfer because the United States does not currently have an adequacy decision from the EU. However, such an adequacy decision may soon exist. On December 13, 2022, the European Commission published a draft adequacy decision for the United States, based largely on a new United States executive order that commits to changes to its foreign intelligence agencies’ access to personal data and the creation of a new system through which EU data subjects can seek redress for the infringement of their data privacy rights in the United States. This draft adequacy decision will now receive review and feedback from the European Data Protection Board, the Council of the European Union, and the European Parliament before its possible implementation.
With a GDPR adequacy decision possible for the United States by the summer of 2023, legal practitioners in the United States can consider how data transfer and review workflows in some circumstances could be streamlined in the wake of such an adequacy decision. The European Commission’s draft adequacy decision is available at https://commission.europa.eu/document/download/e5a39b3c-6e7c-4c89-9dc7-016d719e3d12_en?filename=Draft%20adequacy%20decision%20on%20EU-US%20Data%20Privacy%20Framework_0.pdf.
Electronic discovery for US litigation and legal proceedings often implicates data outside the US. As data privacy and protection laws evolved around the globe, it’s critical to understand the limitations obstacles that may arise when collecting, processing, reviewing, and producing such data. China’s Data Security Law (“DSL”) and Personal Information Protection Law (“PIPL”), both enacted in 2021, have received heightened attention following China’s imposition of fines totaling roughly $1.2 billion in light of violations of these laws and its Cybersecurity Law (“CSL,” enacted in 2017) by Didi, China’s largest ride-sharing service provider. China’s DSL and PIPL are particularly noteworthy of their potential application to data processing and transfer actions that may occur both during the ordinary course of business and in response to litigation in other jurisdictions, such as the United States.Read More
Key Insight: Materials stored extraterritoriality could be discoverable, subject to discretion to authorize discovery.
Nature of Case: legality of mandated “fire sale” of bank
Electronic Data Involved: due diligence materials stored in Spain
Keywords: extraterritoriality discovery
Key Insight: Foreign corporation can seek discovery of American party to be used in foreign court if its narrowly tailored
Nature of Case: corporate share agreements, corporate ownership international
Electronic Data Involved: documents (generally)
Keywords: foreign proceedings, corporate ownership, discovery, foreign corporation
Key Insight: The court reversed the suppression of emails due to Leon good faith exception
Nature of Case: Visa fraud, Trade secrets
Electronic Data Involved: e-mails
Keywords: Probable cause, Leon good faith exception
Key Insight: Failure to produce discovery and making misrepresentations about the nature and content of documents so as to not produce them.
Nature of Case: trademark infringement
Electronic Data Involved: business documents, text messages, personal messages of employees.
Keywords: Compel, “chinese privacy law” misrepresentation,
Key Insight: Party could obtain discovery of websites archived by American company for use in a foreign tribunal
Nature of Case: trademark enforcement
Electronic Data Involved: archived websites
Keywords: foreign discovery, archived websites, Section 1782 application, international trademark enforcement
Key Insight: Trial Court had denied request for documents. Third Circuit remanded for further review based off four-factor discretionary test after finding that it met the basic statutory requirements to be considered.
Nature of Case: Trade Secret
Electronic Data Involved: Documents in US, desired for foreign matter
Keywords: foreign proceeding.