It is many years since Patrick Burke and I started talking together about cross-border data transfers for eDiscovery. We had an annual slot at Guidance Software’s CEIC (now Enfuse) events and I recall a slide set from about 2009 which showed a picture of a harbour with the annotation “Neither safe nor a harbour”.
Our point was that if Safe Harbour was the only “protection” given to personally identifiable information exported from Europe then that was no protection at all. Even without looking at the detail of the obligations, the whole point of discovery is that documents pass from your control into the hands of another and thence who knows where, including public access if the document is used in court.
We were annually derided for this point of view. The Schrems judgment invalidated Safe Harbour on other grounds (mainly the NSA’s grapeshot approach to privacy violation), but we were right about its deficiencies even without that.
At kCura’s Relativity Fest in Chicago, I caught up with Patrick Burke, who is now Senior Counsel at Seyfarth Shaw – one of the relatively few US firms which actually understands the implications for discovery of EU data protection. I asked Patrick to summarise what the difficulties are and to explain what is the proper course to be adopted by those collecting EU data for US eDiscovery purposes.