June 26, 2018 Articles

Cross-Border E-Discovery Meets Data Privacy Protection in the European Union

A company's obligation to produce ESI transcends geographical borders, but the privacy restrictions of the GDPR make discovery challenging.

By Mark Austrian and Christopher Loeffler

A company’s obligation to produce extensive electronically stored information (ESI) in civil and criminal litigation and government investigations commenced in the United States transcends geographical borders. However, the European Union and European Economic Area (collectively, EU) severely restrict the transfer of broadly defined personal data (EU personal data) to the United States. This often conflicts with the company’s obligations to produce ESI to opposing counsel in the United States. The U.S. Supreme Court ruled in Société Nationale Industrielle Aérospatiale v. U.S. District Court for the Southern District of Iowa, 482 U.S. 522, 543–44 (1987), that foreign data-protection laws cannot be used to limit the scope of U.S. discovery. Rather, courts would be required to weigh the needs of the requesting party and the impact of U.S. discovery in foreign countries. See David Kessler et al., The Potential Impact of Article 48 of the General Data Protection Regulation on Cross Border Discovery from the United States, 17 Sedona Conf. J. 595–611 (Nov. 2016).

Premium Content For:
  • Litigation Section
Join - Now