Guest article: The eDiscovery Passport
by Philip J Favro, Discovery Counsel, Symantec Corporation
There are many things besides the Atlantic Ocean that separate Europe and the United States. Language, customs and culture stand out as perhaps the predominant distinguishing factors. A less prominent yet equally important issue that differentiates these regions is the way they address legal matters. With its origins in and emphasis on civil code, European legal systems stand in sharp contrast to the common law traditions of the United States. This contrast has become more apparent as globalization has led to an increase in international legal and compliance issues.
The growth in cross-border litigation has exposed a knowledge gap regarding the differences that exist with how nations address legal and regulatory matters. The ability to bridge this gap with an awareness of global discovery processes is essential for organizations that hope to ride the wave of globalization to increased revenues and profits. That is particularly the case in the United States. Even though American companies and their counsel are increasingly called on to address international legal and compliance issues, there still remains little awareness regarding the cultural differences distinguishing European litigation from American proceedings. Perhaps nowhere is this more apparent than in the areas of electronic discovery and data privacy.
European Disclosure vs. American Discovery
Discovery in European legal actions is culturally distinct from American court proceedings. “Discovery,” as it is known in the United States, does not exist in Europe. Interrogatories, categorical document requests and requests for admissions are simply unavailable as European disclosure devices. Instead, European countries generally allow only a limited exchange of documents. Typically referred to as “disclosure,” parties are obligated to disclose only that information that supports their claims. Only in the United Kingdom could a party be required to disclose information adverse to its positions. And such an obligation would not arise until after a court issues a standard disclosure order.
Another key distinction to disclosure in Europe is the lack of rules or case law requiring the preservation of electronically stored information (ESI) or paper documents. This is vastly different from American jurisprudence, which typically requires organizations to preserve information as soon as they reasonably anticipate litigation. See, eg, Micron Technology Inc. v. Rambus Inc, 645 F.3d 1311, 1320 (Fed.Cir. 2011). In Europe, while an implied preservation duty could arise if a European court ordered the disclosure of certain materials, the penalties for European non-compliance are typically not as severe as those issued by American courts. Only in the United Kingdom has it been suggested that parties should take affirmative steps to prepare for litigation. See Earles v Barclays Bank Plc  EWHC 2500 (Mercantile) (08 October 2009), which reasoned that organizations should have “an efficient and effective information management system in place to provide identification, preservation, collection, processing, review analysis and production of its ESI in the disclosure process in litigation and regulation.”
Data Protection and Privacy
Another distinguishing feature between American discovery and European disclosure concerns data protection. An attitude of “anything goes” often characterizes the treatment of personal information in U.S. legal and regulatory proceedings. So long as a “protective order” is in place, social security numbers, financial information and other personal data can be routinely exchanged by parties to U.S. legal proceedings.
The patchwork of European data privacy rules affords significantly greater protection of personal data in disclosure. While personal data could be subject to disclosure, the data subject must generally be notified and may even object before disclosure is permitted. In Germany, the right to object is also vested in the organization’s data protection officer and works council, both of which are tasked with safeguarding employee privacy rights.
Europe extends additional layers of protection for personal data where it is subject to international discovery requests. The administrative agency tasked with enforcing an individual country’s data protection laws could block such a request unless the country’s standards for data protection are satisfied. In France, for example, both the data protection authority and the data subject must be notified before any personal data is transferred in response to an international discovery demand. Personal data must also be redacted before it is disclosed across international boundaries. This includes any elements of the data that could be used to identify the data subject.
International Discovery Requests
The treatment of international discovery requests represents another important regional distinction. Given Europe’s cultural hostility to pre-trial discovery, it should also come as no surprise that European courts frequently deny requests for electronically stored information that originate from the U.S. Such requests, made pursuant to the Hague Convention of March 18, 1970 on the Taking of Evidence Abroad in Civil or Commercial Matters, are often rejected because they are overly broad and violate the principle of proportionality that governs litigation throughout Europe. In addition, some countries such as Italy simply refuse to honor requests for pre-trial discovery from “common law countries” like the U.S. Moreover, other countries like Belgium are not signatories to the Hague Convention and will not accept requests made pursuant to that treaty. To obtain electronically stored information from those countries, litigants must take their chances with the cumbersome and time-consuming process of submitting letters rogatory through the U.S. State Department.
Obtaining an eDiscovery Passport
This backdrop of complexity underscores the need for both lawyers and laymen to understand the basic principles governing disclosure in Europe. Such a task should not be daunting. There are resources that provide straightforward answers to these issues at no cost to the end-user. For example, Symantec has just released a series of eDiscovery Passports that touch on the basic issues underlying disclosure and data privacy in the United Kingdom, France, Germany, Holland, Belgium, Austria, Switzerland, Italy and Spain. Organizations such as The Sedona Conference have also made available materials that provide significant detail on these issues, including its recently released International Principles on Discovery, Disclosure and Data Protection.
These resources can provide valuable information to clients and counsel alike and better prepare litigants for the challenges of pursuing legal rights across international boundaries. By so doing, organizations can moderate the affects of legal risk and more confidently pursue their globalization objectives.