As our economy and companies become more digital and global, digital information outside the U.S becomes increasingly relevant to resolving civil disputes within our nation.
Digital information will be governed by a set of laws and values many U.S. companies and their lawyers are not familiar with , because the U.S. trades more heavily with nations outside the EU. While most industrialized (e.g., Canada, the United Kingdom and Australia) and newly industrializing (e.g., Singapore and South Africa) nations have developed laws compelling the transfer of relevant electronically stored information (ESI) in civil disputes, none has laws as liberal and far reaching as U.S. civil discovery procedures.
Many nations also impose restrictions on when ESI can be gathered, processed, used and transmitted beyond borders. Indeed, “In many non-U.S. jurisdictions, including the European Union member states, some Asian nations and a few Latin American nations, data privacy is viewed as a fundamental right and ‘personal data’ is afforded greater protections than we are accustomed in the U.S.” (Gibson Dunn, “E-Discovery Basics: Cross-Border E-Discovery,” Vol. 1, No. 11). In addition, certain countries have privacy laws designed to protect information about their state-run companies (e.g., China) or even the identity of their banking clients (e.g., Switzerland).
Data protection hits the BRICS
Recently, the world’s largest emerging economies, collectively known as “BRICS” (Brazil, Russia, India, China and South Africa), have become more protective of electronic data. Most U.S. litigators have some passing familiarity with the somewhat longstanding and oft-discussed EU Data Protection Directive 94/46/EC, which restricts the processing and transferring of “personal data” about EU member-state citizens. However, they are not generally familiar with the restrictions that emerging economies are placing on data transfer. As recently as July 2011, two BRICS members (Russia and China) passed laws strengthening data protection in their countries.
Every BRICS member nation has stricter data privacy laws than those of the U.S. and none officially authorizes the transfer of “private” data to the U.S. On July 25, 2011, Russia amended its data privacy laws to require written consent to transfer any “personal data” and to grant Russian officials the exclusive authority to determine which sovereignties may receive such data. China also strengthened its protection of “personal information” on July 27, 2011, when it amended the “Provisions on the Administration of Internet Information Services,” preventing Internet service providers from collecting and using personal data without individual consent.
Far more important than the particular scope of any of the newly enacted privacy laws is what their enactments say about a growing international consensus on the cross-border transfer of electronic data. In addition to the BRICS and EU nations, Japan, Hong Kong, Argentina, Chile, South Korea, Columbia and Switzerland have data protection laws that are more restrictive than those in the U.S. Some countries have enacted blocking statutes that make it criminal to transfer protected information to the U.S. This, coupled with the fact that China, Russia and Mexico have strengthened their data privacy laws, suggests a trend toward more protection for ESI.
More international e-discovery disputes are likely
Global economic indicators predict that the U.S. will increase trade with emerging economies, including BRICS nations, in the next 10 years. As the U.S. relies more heavily on countries outside the EU to provide raw materials (e.g., Brazil and China), manufactured goods (e.g., China and Singapore), corporate call centers (e.g., India) and energy (e.g., Russia and Brazil), there is a greater potential that data critical to the resolution of a U.S. civil dispute will be housed in a country outside the EU. Because U.S. courts remain resolute in the conviction that they are authorized to compel production of foreign ESI, while much of the world seems to be bent on increased scrutiny of data requests, it’s likely disputes over cross-border production of ESI will become more prevalent in the coming years.
As the U.S. increases trade with countries outside the EU and the United Kingdom, the variety and scope of data protection laws U.S. lawyers and their clients will have to contend to should increase substantially in the next decade. The EU Privacy Directive will not be the only data restriction companies will have to navigate and perhaps not even the most important. To best prepare for cross-border e-discovery disputes in EU and non-EU countries, companies should:
- Determine whether their electronic data is stored in a jurisdiction that restricts their processing or transfer
- Consult or retain counsel in the jurisdiction where their data or the data they would like to obtain is stored for advice on how the data should be handled