Significant problems await attorneys attempting to collect or produce data housed in a foreign country for the sake of a lawsuit or discovery. Due to vastly different interpretations of what constitutes privacy in the U.S. and abroad, and the resulting blocking statutes and regulations surrounding data extraction those nations have established to protect their citizens’ data, American companies often struggle to mine data from most foreign jurisdictions. It essentially becomes a balancing act for businesses, as they have to weigh the effects of potentially breaching U.S. laws or potentially breaching foreign laws. And when the weight shifts too much to one side or another, and collections aren’t done through the proper channels, the penalties can be severe.
In many nations, including China and much of Europe, it’s considered the equivalent of a felony for U.S. companies to improperly collect private data. In the European Union, which has strict privacy regulations compared to the U.S., potential fines for improper collection or procedure vary from country to country—the highest currently being France, where a company can receive a €4.5 million penalty. Fortunately for U.S. companies, however, is that those whopping sums are still somewhat mythical.
