January 29, 2013
The concept of “electronic” evidence is now commonplace in civil litigation. In 1970, the Federal Rules of Civil Procedure were amended to incorporate “data compilations” as discoverable items. The Advisory Committee Notes for the 1970 amendments acknowledge that the intent of the revision was to bring the discovery process more in synch with evolving technology. The United States was not alone in this effort.
Over the past decade, there have been further attempts to keep e-discovery on pace with technological advances, as reflected in such cases as McPeek v. Ashcroft, Rowe Entertainment, Inc. v. The William Morris Agency, Inc., and Zubulake v. UBS Warburg, LLC. On December 1, 2006, the federal courts responded to the growing demands and complexities of e-discovery by amending the Federal Rules of Civil Procedure to address discovery and ESI issues. Courts have applied the amended rules by requiring both corporate and individual parties to preserve, identify, disclose, and produce, on pain of monetary and other sanctions, relevant information on any electronic device.
Other foreign jurisdictions promulgated rules pertaining to ESI. For example, shortly after the advent of the internet, in 1995, the European Union (“EU”) developed its Data Privacy Directive (“EU Directive”). Notably, the EU Directive caused great concern for civil and criminal liability in cross-border disputes, leading the EU to further promulgate regulations amending the EU Directive. As reflected on the EU’s website, the following are aspects of the recently announced amendments which will likely streamline the accessibility and transferability of ESI for international litigants:
- A ‘right to be forgotten’ will help people better manage data-protection risks online. When they no longer want their data to be processed and there are no legitimate grounds for retaining it, the data will be deleted.
- Whenever consent is required for data processing, it will have to be given explicitly, rather than be assumed.
- Easier access to one’s own data and the right of data portability, i.e., easier transfer of personal data from one service provider to another.
- Companies and organizations will have to notify serious data breaches without undue delay, where feasible within 24 hours.
- A single set of rules on data protection, valid across the EU.
- Companies will only have to deal with a single national data protection authority – in the EU country where they have their main establishment.
- Individuals will have the right to refer all cases to their home national data protection authority, even when their personal data is processed outside their home country.
- EU rules will apply to companies not established in the EU, if they offer goods or services in the EU or monitor the online behavior of citizens.
- Increased responsibility and accountability for those processing personal data.
- Unnecessary administrative burdens such as notification requirements for companies processing personal data will be removed.
- National data protection authorities will be strengthened so they can better enforce the EU rules at home.
This distinct difference in requirements between the US and the EU makes cross border litigation even more complex. In the next post I will discuss how this directly impacts litigants and how the US has created limited safe harbors around EU sanctions. However, this is not a catch all safety net. In the coming posts I will look closer at the differences between the US and the EU and suggest solutions for both parties in the future.