Walking the line: Conflicting US disclosure requirements and European privacy rules

Edward Machin and Thomas Bannatyne of Ropes & Gray consider the challenges faced by European businesses assessing whether to comply with US disclosure rules, particularly when doing so means potentially breaching European privacy and blocking statute requirements.

The competing interests of complying with US discovery rules and European privacy requirements existed before May 2018 and the introduction of the EU’s General Data Protection Regulation (“GDPR”). Indeed, organisations that are party to litigation in American courts or subject to US regulatory investigations have long faced a choice: comply with the demands of document discovery and risk penalties in Europe, or resist disclosure and incur the wrath of an American judge or regulator.

France exemplifies this tension. The French Blocking Statute has been in force since 1968 and prohibits the request, search for or disclosure of French commercial information for use in foreign judicial proceedings. Though a national security measure rather than a privacy-specific requirement, the Blocking Statute shows the problems of conflicting legal obligations across borders. It arises in part from a clash of legal cultures: French law requires the disclosure only of evidence that a party will rely on it to make its case, whereas US discovery has a sweeping reach that can cover persons other than the parties to litigation holding relevant documents. So what are European organisations to do when faced with a US discovery order or ­regulatory request?

Continue reading

UK Report subscribers: please login to access the full article.

If you wish to subscribe, please see our subscription information.