THE INTERPLAY OF THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION AND U.S. E-DISCOVERYâONE YEAR LATER, THE VIEW REMAINS THE SAME
By Lesley E. Weaver and Anne K. Davis1
The European Union’s General Data Protection Regulation2 took effect on May 25, 2018, resulting in significant attention from legal analysts in the lead-up to its effective date. Articles discussing the GDPR’s scope, impact, potential penalties, extraterritorial application, and challenges for U.S. companies with GDPR compliance obligations abound, but little attention, comparatively, has been paid to the impact of the GDPR on U.S. e-discovery. Some have speculated that the GDPR would pose an obstacle to discovery in U.S. courts because of the new substantive rights granted to individuals to control personal data and because of stiff new potential penalties for GDPR violations. Nearly one year after the GDPR’s effective date, what has the GDPR meant for litigants seeking e-discovery in the U.S. courts from entities with European operations? A recent order by a magistrate judge in the Northern District of California suggests that the GDPR has not significantly altered the U.S. discovery landscape.3 Nonetheless, attorneys and litigants in U.S. courts who have electronic and other information that falls within the GDPR’s protections need to undertake careful planning to preserve and produce discoverable information in a manner that complies with both the EU privacy regulations and broad U.S. discovery principles.
This article hopes to provide practical assistance. It provides a brief overview of the GDPR, the legal bases for complying with the GDPR in connection with U.S. e-discovery requests, and the legal landscape with respect to U.S. courts’ deference to non-U.S. privacy regimes. It also proposes steps that can minimize the likelihood that unexpected GDPR-related discovery disputes will arise, avoiding court intervention.