News & Updates

Aug 200917
Categories:

The Conflict Between European Privacy Laws and U.S. Discovery Requirements

Recently adopted European data protection laws designed to protect the privacy of European employees can easily conflict with U.S. civil litigation document production requirements.  The dilemma for multinational companies can be whether to comply with U.S. court discovery obligations and risk European civil and criminal penalties or to comply with European law, and risk sanctions or default in U.S. litigation.

Under U.S. law, when a lawsuit is commenced, a company is required to preserve records relating to the issues in the lawsuit, and thereafter to produce for inspection, copies of such documents as are properly requested during the course of the litigation.  These activities may be illegal in Europe.  According to Indiana University Maurer School of Law Professor Fred Cate, the mere retention of European records containing personal data in anticipation of a U.S. discovery request would itself violate European rules.  Moreover, the mere electronic searching of the records themselves may violate the European rules.  A French high court held that an employer had no legal right to read its employees’ e-mails and other documents, even if the employer supplied the computer and expressly provided that employees were not to use their computers for personal use.  A Greek data protection authority held that an employer can not automatically scan an employee’s emails, unless the employee is informed in advance and has been given a technical means to protect the secrecy of his own communications.  The Italian Supreme Court held that an employer can only monitor employee emails if there is an agreement with the local union or approval is obtained from the local labor office.  A Texas court concluded that the Volkswagen’s printed corporate telephone directory was subject to privacy rights in Germany that prevented it from having to be disclosed in U.S. litigation.  Volkswagen, A.G. v. Valdez, 909 S.W.2d 900 (Tex. 1995).   There is no mechanism under European law that permits U.S. companies to obtain information from Europe that contains business records that contain personal information, and as to what constitutes “personal information” is very broadly construed so as to include even a corporate phone directory.

Please contact us if you would like more information on the apparent conflict between European privacy laws and U.S. discovery requirements.