As explained in Part I and Part II of this series, U.S.-based commercial litigators should be aware that other countries’ privacy laws may affect their cases in unexpected ways. Perhaps the most likely stage for these issues to surface is during discovery, where materials of interest are located in another country, and that country’s privacy laws effectively prohibit counsel from removing those materials from the jurisdiction. This post provides an overview of some of the issues at the intersection of U.S. discovery practice and international privacy law.
The Second Circuit recently set aside a $147 million verdict against two Chinese companies accused of conspiring to fix the price and supply of vitamin C sold to U.S. buyers. In re Vitamin C Antitrust Litigation. The panel held that the complaint should have been dismissed after the Chinese government submitted an amicus curiae brief confirming that Chinese law required the companies to fix prices and, in effect, violate U.S. antitrust law. The panel found that the companies could not simultaneously comply with U.S. and Chinese law and, drawing on principles of international comity, vacated the district court judgment.
A long-running dispute between Chevron and Ecuador appears to have reached its end after the Supreme Court declined to take up Ecuador’s question of whether United States courts had jurisdiction to confirm a $96 million arbitration award in favor of Chevron.
The case arose out of a decades-long contractual dispute between Ecuador and Texaco Petroleum. In the 1970s, the oil giant and the South American country entered into a contract for Texaco to develop Ecuadorian oil fields in exchange for selling oil to the Ecuadorian government at below-market rates. Texaco brought several lawsuits in the 1990s in Ecuador’s courts, alleging that Ecuador violated the terms of the agreement. Chevron acquired Texaco in 2000. Meanwhile, in 1993, Ecuador and the United States had entered into a Bilateral Investment Treaty (“BIT”) under which Ecuador offered to arbitrate disputes with American investors involving investments that existed on or after the treaty’s effective date.
Although the volume of data that flows between the EU and the U.S. ensures that EU privacy law occupies most of the spotlight on the world stage, other countries have their own privacy laws worth noting as well.
Different Types of Privacy Regimes
As a preliminary matter, it is important to keep in mind that most countries’ privacy regimes can be grouped into two categories: sectoral and comprehensive. As mentioned in the previous post, privacy law in the U.S. is sectoral, meaning that different laws and regulations govern data from one industry to the next. For example, the Health Insurance Portability and Accountability Act (HIPAA) includes a Privacy Rule and a Security Rule meant to protect people’s medical records; the Family Educational Rights and Privacy Act (FERPA) regulates the release of students’ educational records; and the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act applies to the financial industry. Further complicating matters is the fact that both the state and the federal governments may enact privacy laws, which has led to varying privacy-related requirements across the country.
Let’s say an American commercial litigator is working to defend a multinational client that has been sued in the U.S. The litigator may realize that he or she needs to collect emails or other documents from the client’s office in Germany, perhaps for discovery or investigation. However, the export of the data contained in those documents from Germany may, in certain circumstances, be illegal under German or EU privacy laws, and a lawyer unaware of the nature of these laws may find him- or herself in hot water.
Commercial litigators based in the U.S. often are surprised to learn that other countries’ privacy laws can present hurdles in their own domestic cases. However, the mere awareness that different jurisdictions take different approaches to can go a long way toward easing the headaches inflicted by these varying (and often confusing) legal regimes. This post covers the basics of privacy law in the EU, and future posts in this series will delve further into the complexities of international privacy law and how it affects U.S.-based litigators.