Yes US, there is such a thing as EU Data Privacy

All too many times, it is easy to get the sense that the ediscovery market is a US one. Given the notorious American litigious nature, many people and companies are solely focused on how to react and respond to discovery within the borders of the US. Though much does indeed occur here, those of us that participate in the global arena understand there are greater interests and conflicting rules that can greatly impact one’s ability to respond to discovery. I have to admit that I have been witness to too many instances of “grabbing data” that may otherwise be legally “ungrabable.”   Pardon my parochial verbiage but in these instances it appeared not so much that data was collected as it was indeed “grabbed.” This of course is where the party was aware of international regulations – most often however ignorance of such controlling law was rampant.

Enter the work of the EU Article 29 Working Party and that of Working Group 6 of The Sedona Conference (WG6 & TSC). Both groups have attempted to add some clarity to the obligations of parties involved in cross-border matters which involve the transferring of data from one jurisdiction to the other. I will borrow the words of Chris Dale here for a proper description, including his intro as I believe it sums of the lacks of awareness quite well:

I will interpose only the briefest of introductions for the benefit of those bewildered by the whole subject, a group which, alarmingly, includes many for whom it all matters very much, if only they knew it.

The Article 29 Working Party is an independent European advisory body on data protection and privacy, established under Article 29 of EU Directive 95/46/EC. Its tasks include consideration of the conflicts which arise between EU data protection and privacy laws and the requirements of foreign courts and other bodies for documents which may contain private information covered by the Directive. The Working Party issued a document on 11 February 2009 called Working Document 1/2009 on pre-trial discovery for cross border civil litigation (“WP158”). The Sedona Conference responded on 30 October 2009 with a formal Comment of The Sedona Conference® Working Group 6 to Article 29 Data Protection Working Party Working Document 1/2009.

Read Chris’s entire post HERE

Recently, Jim Daley the Co-Chair of WG6 provided an update on the conversation with the EU and TSC. You can read more in Chris’s post above but I wanted to highlight the discussion that best illustrates where the current thinking is with this group and where they want it to go. Needless to say that there is some distance still on how the EU and the US see data privacy, specifically the transferring of personal data. To quote Mr. Daley:

"We received very spirited questions from the several Working Party members regarding why anonymization was such a burden for companies responding to cross border discovery, and why recourse to the Hague convention posed practical issues. We were also asked whether we believed there is really any hope that the U.S. federal judiciary will consider data protection and privacy and blocking statutes in balancing the privacy interests of Data Subjects with the disclosure obligations of multinational corporations. The questions led to an expansion of our time to 45 minutes. We all were able to participate in the discussions.

"The Chairman, Jacob Kohnstamm [Dutch Data Protection Commissioner], concluded by observing that he felt this might provide a 'win--win' situation if we can work toward complimentary goals of minimization of transfer of personal data, and overall reduction in e-discovery costs as a result.

While I do not believe that the US will embrace a more EU-type view on privacy the fact that this dialogue is occurring and continuing does provide hope that each party will find better ways to reconcile the different views each has. In the meantime there is every reason for companies to acquaint themselves with these issues so that they can better manage data transfer issues. If nothing else, understanding that there are even such things as “blocking statutes” and specific rules prohibiting personal data usage as well as what is defined as personal data – would be a valuable exercise.

The next step for this effort is the TSC Solutions paper that is currently being drafted and that will be discussed and used to frame the future discussions. WG6’s next meeting is slated for Washington DC later this year (tentatively September) and is by invitation only. If you are interested in attending you can send an email to Jessica Buffenstein at jdb@sedonaconference.org.

A note on participation: my direct involvement with Working Group 6 was only for a short time having participated in a Bermuda meeting prior to the dialogue with the EU. I would like to be of more value to the group to be honest but in all candor the state of work and dialogue currently transpiring between TSC and the EU is of such a high caliber that only those “neck-deep” in these issues are truly valuable. I do await in anticipation the end result as these folks work to clear the path for the rest of us and provide guidance on how best to navigate the international terrain of data transfers.