The second session at the Thomson Reuters Fifth Annual e-Disclosure Forum in London on 13 November was called Parallel and cross-border developments in handling electronically stored information. I was the moderator, although if Air Miles were the qualification for talking about international subjects, Browning Marean of DLA outstrips even me by a wide margin.
The panel comprised Senior Master Whitaker, Mark Surguy of Pinsent Masons in Birmingham, and Josh Ellis, Chief Information Officer at the Serious Fraud Office. I suspect that Master Whitaker has a wider range of knowledge on international case management matters than any other judge in the world; I opened by saying that, in the last six weeks, I have been in Brussels, Washington, Singapore, and in front of the UK Civil Procedure Rule Committee and the only other person present on all these occasions was Master Whitaker. In addition he is, as Senior Master, the channel through which requests under the Hague Convention are made. Mark Surguy was the only practicing commercial lawyer from the UK at LegalTech in New York this year. Josh Ellis, quite apart from his present role at the SFO, was responsible for international collections at PricewaterhouseCoopers for years and was thus able to bring a practical and hands on dimension to the discussion.
Master Whitaker took us on a quick scoot around the world, taking in the new E-Discovery Practice Direction from Singapore, the Australian Practice Note of February this year and Judge Grimm’s Maryland Protocol. There were differences of both general approach and detail, but there were also common themes – the emphasis on preparation, on co-operation and on competence, for example.
Our own pending new practice direction had had regard to all these developments, principally the Australian practice note. The proposed E-Disclosure Questionnaire, however, was without parallel anywhere. It was a logical development to build on the existing obligations to be ready and to cooperate, and required little more of parties than they ought to be doing anyway in order to comply with the existing obligations to discuss the sources of ESI in the Practice Direction to Part 31 CPR.
The overall conclusion from this part of the talk was that all the common law jurisdictions had common problems and a common interest in sharing information as to what works and what does not work. The jurisdictions of the mainland EU lacked the common law discovery tradition but were now having to face up to discovery obligations both because of increasing regulatory demands and because of the discovery obligations of US companies under FRCP.
This led us into the second part of the discussion, the cross-border implications of mainly US demands for data from EU countries. The EU is fiercely restrictive on the subject of data transfer to countries whose laws on data protection and privacy are less rigourous than those obtaining in Europe. The US is simultaneously the country with the greatest demands for discovery and the least protection for private information. Collision was inevitable.
I summarised briefly what the problem is – a very wide definition of private information coupled with a definition of “processing” which goes far beyond the conventional or technical idea of activities embraced by that term – it includes the collection and storage of data, for example. The requirement to get consent from anyone whose private information appeared in, or could be deduced from, a document was an extremely difficult undertaking, not least because the consent must be freely given and rescindable at will.
Mark Surguy explained that the EU was not wholly blind to the difficulties which this caused to US companies with a legitimate interest in the data held, for example, by subsidiaries in Europe. The Article 29 Working Party paper on pre-trial discovery for cross-border civil litigation, although a serious and well-meaning attempt to address the issues, offers little comfort for those hoping for a quick solution. What it says about consent, for example, does not diminish the obligation to get consent nor does it affect the right of an employee to withdraw it. The suggestions made as to the documents themselves, e.g. anonymisation and redaction, reflect the increasing ability of modern technology to achieve these things as a practical matter, but may open the giver of the documents to charges of spoliation or of withholding evidence in the US court.
There are signs that the US courts are more willing now to recognise at least the existence and legitimacy of the conflicting positions. If a party involved the courts at an early stage in facing the difficulties, it was now less likely to be sanctioned than formerly although, of course, the absence of evidence on which it might otherwise have relied might well lose it the case.
The decision in In Re Global Power Equipment Group, Inc. had been published the day before. That determined that discovery issues “should and shall be conducted under the Federal Rules and not under the Hague Evidence Convention”. I was not (and I am still not) clear whether this judgment represents a backward step, since the court’s analysis of the relevant factors was overlaid by questions over the conduct of the party against whom discovery was sought. The fact remains, however, that a blocking statute and a demand under FRCP were almost certain to involve a collision.
Master Whitaker said that the Hague Convention process was a cumbersome one. It was, however, a treaty obligation and it had been approved by US Federal and State courts. Not the least of the issues was that each signatory derogated to some extent from the primary treaty obligations in the convention which meant that there was no single answer to any set of difficulties.
The real problem for the US is that the Convention specifically prohibits general disclosure. The narrow, focused demands for specific categories of documents which the Convention requires do not fit with the right of US litigants to fish for documents and to issue the broad catch-all requests which are routine in the US.
Josh Ellis talked about some of the legal and practical issues which arise when trying to move data around. He echoed the point about the different flavours of the restriction and the varying degrees of stringency in different countries. He pointed specifically to Romania which requires the consent of all the data subjects and a formal sign-off before the data could leave Romania, let alone the EU, although most countries allow free movement within the EU. In some EU countries, the restrictions on the movement of data fall under the criminal law so that more than civil penalties may apply. Josh’s overall message was that you could not have too much knowledge or local help about local requirements.
This is a difficult area with no easy answers. The best general advice was to prepare, both in principle against all the foreseeable eventualities, and specifically once involved in a particular case, by getting stuck into the problem as soon as possible, by establishing the scope of the likely data collection right at the outset, and by involving opponents and the court in the difficulties posed by the law. Almost all of the problems are soluble, given time, a good knowledge of the procedures applicable in all the countries affected by the proposed collection and a willingness to compromise in some respects.
I concluded by reiterating that there was more to all this than the purely negative conclusion that it was all very difficult. There are opportunities here for UK-based lawyers, not least to be ready to react appropriately when instructed and, more positively, to acquire the knowledge needed to go out and win new work.