The globalization of the General Data Protection Regulation (GDPR), Directive (EU) 2016/279, on May 25, 2018, appeared to be a new legal development, but it is unearthing familiar conflicts between U.S. law and other more restrictive discovery regimes. Article 1 of the GDPR recognizes protection of an individual’s personal data as a fundamental right and seeks to protect this fundamental right by requiring, among other things, that personal data be processed lawfully, fairly, and in a transparent manner. The GDPR not only limits the purpose for which data can be processed by third parties; it also establishes penalties for data processors and data controllers that fail to comply. GDPR arts. 77–84. The GDPR, however, may affect private parties and counsel more than government entities, which can demand access to cross-border discovery through the Clarifying Lawful Overseas Use of Data Act—the CLOUD Act.
Premium Content For:
- Litigation Section