When Worlds Collide: Suggested Best Practices for Navigating European Data Protection Laws in U.S. Litigation

With the rise of globalization, the multinational corporation is now a well-established fixture on the corporate landscape. Whether the corporation is based in the United States, with operations abroad, or headquartered overseas with a presence in the United States, there is an ever-growing likelihood that counsel and their corporate clients will have to respond to an action that, although arising in the United States, will require the collection, review, and possible production of materials located abroad.

For example, an internal investigation triggered by the Sarbanes-Oxley Act or Foreign Corrupt Practices Act might require cross-border information gathering. Similarly, a company might need to review information maintained abroad in an effort to respond to an antitrust investigation or grand jury proceeding. Or a company might need to access and produce materials kept in a foreign location to respond to discovery in a U.S.-based action. Managing the complexities associated with these types of matters can always pose a challenge, but grappling with these kinds of challenges can be especially problematic if the information needed is kept in Europe, where various rules and regulations can greatly restrict access to and the use of employee and company data.

To address these issues, this White Paper examines in detail the European Union Data Protection Directive and in the process provides an overview of related national enabling legislation. In addition, this paper broadly outlines other potentially relevant sources of law, including nationally enacted blocking statutes and other rules and regulations that should be considered by U.S. counsel when seeking to obtain information housed in a company’s European facilities. As part of that examination, this paper addresses the issues raised when in-house or outside counsel seeks to obtain and use data that resides in Europe so that he or she can (1) respond to U.S. discovery or governmental investigatory demands; (2) manage an internal company investigation; or (3) have access to records for use in the ordinary course of business or to meet business needs.

Little published case law or official guidance exists directly addressing these issues, especially with respect to accessing data located overseas in the context of an adversarial proceeding in the United States. Moreover, the relevant laws of foreign nations, and official interpretations of those laws by either courts or state-sanctioned bodies known as Data Protection Authorities, remain works in progress. As a result, there are few definitive, bright-line rules that can be applied.

For the full story, please view the PDF.