Tuesday, December 22, 2009

EU Data Protection Meets U.S. Discovery

By DANIEL SCHIMMEL
New York Law Journal
December 18, 2009


AS a result of an increase in U.S. lawsuits requiring the transfer of personal data from France to the United States, the French Data Protection Agency (CNIL) published a recommendation in August 2009, which is designed to offer guidance on data transfers in connection with U.S. civil discovery proceedings. The CNIL's recommendation expands on the guidelines adopted by the body of European data protection agencies (the Article 29 Data Protection Working Party) in February 2009.

EU member states increasingly enforce their data protection laws. For instance, in 2008, the Spanish data protection agency imposed fines amounting in total to €22.6 million. In France and other EU countries, companies are under pressure to comply with U.S. discovery requests, which frequently call for the production of personal data about employees, clients, or customers. The CNIL's recommendation reflects a tension between a company's obligation to respond to U.S. discovery requests and its obligation to comply with EU data protection laws. Because data protection laws pursue a legitimate interest and are increasingly enforced in Europe, courts and litigants in the U.S. should take them into account when ordering discovery abroad.

Read more at Law.com

No comments:

Post a Comment