New French Data Protection Opinion on US discovery procedures

I bet that headline made your heart skip a beat with excitement, as mine did when I saw that the Proskauer Rose LLP Privacy Law blog has a new entry headed French Data Protection Authority releases new opinion on compliance with US discovery procedures. To find “new”, “data protection”, and “French” in the same country would be quite something, never mind in the same heading.

Disappointingly, there is little new in the Opinion nor (despite my initial excitement) did I really expect there to be. Proskauer Rose supplies a helpful summary and, even more usefully, a link to a translation of the Opinion

If we cannot have something new, at least it is good to have a reasonably clear statement of what the existing position is. Since neither France nor any other EU country is likely to relax its requirements (on the contrary, the general drift is in the other direction) it is as well that US courts and lawyers have the clearest possible statement of what the restrictions are and what can be done within them to meet, as far as possible, the requirements of a US court or authority. Leaving aside the detailed definitions and regulations, which you can read for yourself, the main message is that quite a lot can be achieved by, for example, anonymising data and some serious filtering.

What it comes down to is that a court, authority or litigation party wishing to export data must, in addition  to complying with the formal procedures, be prepared first to do a great deal of work and second to compromise. This section, using Proskauer Rose’s helpful translation, gives you the flavour of it:

A serious check is necessary with regard to proportionality and quality of data and must objectively be done in order to ensure that only the legally authorized elements are communicated to the adverse party and to the foreign Judge in the framework of the trial. This can be done by the creation of a filter, by using key words determined in collaboration with the legal department or by an external counsel. This filter operation must take place in the country where the personal data are located.

The balance of interests must take into account the issues of proportionality, the relevancy of the data in the framework of the trial and the consequences for the data subject.

Moreover, the communication must be done in respect with the legal obligations of secret and confidentiality provided by the law of July 26th, 1968.

It is also recommended that a third party be involved to appreciate the proportionality of the data processed.

In many cases, the communication of information does not require any communication of personal data. The team in charge of the research and the communication of information will have to anonymize the treatment in order to avoid the unnecessary communication of personal data to the trial.

Whilst anonymisation may be a novel concept for those who are trying to get hold of the data, the construction of filters and other means of separating one class of data from another is everyday stuff – I do not mean that it is easy, of course, but the principles are familiar ones. Less familiar, perhaps, in a US court, is the idea of compromising as to the data received. That’s just tough, frankly. You take it in its filtered and anonymised form or you do without. As the Opinion puts it:

The American procedure applies the principle of proportionality. When the American jurisdiction issues ‘stipulative court orders’, it appreciates the quality of the necessary data in the framework of the trial.

This, translated from its original Tact (remember that French was once the language of international diplomacy), means “You had better get this right, mon brave, or your French avocat is for the slammer”.

There are a host of other messages which are not strictly legal in nature, to do with recognising that EU data protection has its roots in recent history, and that there is a cultural chasm which will not be bridged by shouting. The French do bureaucracy better than anyone in the world, and if you are in the position of supplicant for data, you do well to follow their rules. If you do not know your way round the rules, get help from someone who does.


About Chris Dale

I have been an English solicitor since 1980. I run the e-Disclosure Information Project which collects and comments on information about electronic disclosure / eDiscovery and related subjects in the UK, the US, AsiaPac and elsewhere
This entry was posted in Brussels, Data privacy, Data Protection, Discovery, eDisclosure, eDiscovery, Electronic disclosure, EU, EU Safe Harbor. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s