Published in the Amercian Bar Association Commercial Business Litigation Newsletter (Spring 2019).
The globalization of the General Data Protection Regulation (GDPR), Directive (EU) 2016/279, on May 25, 2018, appeared to be a new legal development, but it is unearthing familiar conflicts between U.S. law and other more restrictive discovery regimes. Article 1 of the GDPR recognizes protection of an individual’s personal data as a fundamental right and seeks to protect this fundamental right by requiring, among other things, that personal data be processed lawfully, fairly, and in a transparent manner. The GDPR not only limits the purpose for which data can be processed by third parties; it also establishes penalties for data processors and data controllers that fail to comply. GDPR arts. 77–84. The GDPR, however, may affect private parties and counsel more than government entities, which can demand access to cross-border discovery through the Clarifying Lawful Overseas Use of Data Act—the CLOUD Act.
Full article available with a subscription, visit https://www.americanbar.org/groups/litigation/committees/commercial-business/articles/2019/spring2019-impact-judicial-discretion-cross-border-discovery/.
The material in this publication was created as of the date set forth above and is based on laws, court decisions, administrative rulings and congressional materials that existed at that time, and should not be construed as legal advice or legal opinions on specific facts. The information in this publication is not intended to create, and the transmission and receipt of it does not constitute, a lawyer-client relationship.