One of my reasons for going to CEIC 2011 in Orlando was to take part in a panel about international EDiscovery. The panel was called International EDiscovery: Data Protection, Privacy and Cross-Border Issues and was led by Patrick Burke, Assistant General Counsel at Guidance Software. The rest of the panel consisted of Conor Crowley of the Crowley Law Office, Dominic Jaar of KPMG.
One is well used to the idea that different jurisdictions have different discovery rules, and we may sometimes find other peoples’ rules incomprehensible. Someone at CEIC described the UK disclosure obligation to me as “I’ll give you what I feel like giving you”. That is not a description we recognise, but we can see that our rules (which require a lawyer to disclose all documents which are supportive or adverse to the case of his own client and of any other party) appear as treason to those from a jurisdiction where the scope of a Request is a fiercely fought over. For our part we think of the US approach as “Gimme everything you’ve got which might have any bearing on anything which might conceivably be relevant to the issues or I will have you sanctioned”. US lawyers see that as fighting hard for their clients; we see it as a grotesque waste of time and money. Chacun à son goût – we can each play as we like in our own playgrounds.
It is rather different when US courts and lawyers and state organisations want to collect data from Europe, where the different scope of discovery is only the start. The UK would tell US lawyers to put their over-broad requests somewhere the sun doesn’t shine even before considerations of privacy arise – and we are generous with discovery compared with the courts of mainland Europe.
The EU recognises in statutory form the fundamental right of any individual to control information about him or her, with each jurisdiction having its own implementation of EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (see the EU data protection web site for a full set of documents, including WP158 on Pre-Trial Discovery for Cross-Border Civil Litigation.
In the US, data created on a company computer belongs to the company and, apart from certain specific circumstances, there is no presumption of a right to privacy. It is therefore almost literally incomprehensible to US lawyers to find that their own subsidiary in Germany or France cannot comply with document requests made to pursuant to obligations owed to American courts or other authorities.
We decided to approach this as a kind of role play, with Patrick Burke playing US in-house counsel, Conor Crowley as US outside counsel, Dominic Jaar as Canadian outside counsel and me as the in-house counsel at the company’s German subsidiary.
The notional case was an anti-trust class action filed in the Eastern District of New York against US, Canadian and German cargo shipping corporations, alleging price-fixing for shipping cargo by air. The opening scene was the first team discussion, with an agenda which included the identification of potentially relevant custodians, initiating a legal hold and planning the collection, processing etc.
Wearing my EU hat, I put a spanner in the works by explaining briefly the implications of EU privacy restrictions, not least the very wide definition of “processing” which prohibited almost any touching of the data. We ran through the mechanics of seeking consent, the approach to the Works Council and local officials, and other means of reducing the volumes so far as we could by discussions with opponents and transparency with the court. Possibilities included anonymisation of data as recommended in WP 158. As I pointed out, however, one man’s anonymisation is another man’s spoliation.
Amongst the issues which came up was that of privilege – since the Azko Nobel decision, in-house counsel have been treated as too close to the companies which employ them for their communications to be considered privileged (see Allen & Overy’s briefing on Azko Nobel if this subject interests you). That applies in an EU competition context which was not involved here, but who could say that we would not face that in due course?
I have done enough of these to anticipate reactions ranging from disbelief to resignation. This is not just a conflict of laws but a deep divide between the two cultures, one whose history explains its fundamental right to privacy and another which values openness and disclosure above all else. There is no easy answer and our solution – culling down the data in-country and transferring it to Canada (whose data protection regime is considered acceptable by the EU) is at best a compromise.
To some in the audience, this set of implications was entirely new; others had been through the process of country-by-country collection pursuant to legal advice in each jurisdiction. For us, this was an enjoyable way to hand out the medicine and very different from the talking heads approach. The audience seemed to appreciate it as well.