crossing the atlantic: navigating the rough litigation waters in the united states and europe

Crossing the Atlantic:

Navigating the Rough Litigation Waters in the United States

and Europe

Panel Introduction• Denise Backhouse• Katia Bloom• Myriam Modrok • David Steiger

3

General Litigation Overview

4

• Where are the majority of cross border disputes happening?

• What are these disputes about?• What challenges do cross-border disputes present?

5

• Companies with global operations increasingly face the prospect that data residing in EU will be sought for discovery in US

• Basic measures required under US law may violate EU data protection and other laws

• Extremely broad discovery of data within a party’s “possession, custody or control”

• Existing laws are increasingly hard to apply– Emerging technologies, collaboration and data storage

practices blur the lines• US courts historically not sympathetic to arguments that foreign

laws bar discovery• High civil and potentially criminal penalties

• US obligation to preserve potentially discoverable information when litigation is reasonably anticipated– Legal hold triggers– Duty to act promptly to identify and preserve data– Sanctions for failing to do so

• Practices likely to violate EU law– Legal hold issuance– Preservation best practices– Data “processing”– Data transfer

6

7

Common vs. Civil Law Common Law Approach• Based on court decisions• Strong reliance on precedent• Inductive legal reasoning• Extremely liberal party discovery• Pre-trial discovery• eDiscovery• Open court• Preservation

– Duty to act promptly– Limited data protection rights

• Spoliation, sanctions

Civil Law Approach• Based on legislation• Weak reliance on precedent• Deductive legal reasoning• Judge-ordered discovery

– Limited scope– No duty to disclose harmful

documents• Closed court proceedings in

special circumstances• Data protection laws• US discovery (especially

eDiscovery) seen as excessive and invasive

Hypothetical

9

B&H UK-based parent

company

B&H USAUS-based subsidiary

Deputy GCCA-licensed

attorney

B&H GermanyGerman-based

subsidiary

Senior CounselGerman attorney working from B&H Germany office

Senior CounselFrench attorney

working remotely from Paris

General CounselUK attorney

10

• Data and documents stored on servers in each location• Servers are fully connected with one another • Data retained in accordance with applicable law in location

where each server is located

11

• Elisa Muller, dual US/German citizen, joins B&H Germany

• After 6 months, Elisa offered position with B&H USA• Terminates workplace romance with superior at B&H

Germany• 3 months after relationship ends, Elisa accused of

stealing trade secrets and terminated• Elisa sues B&H, B&H USA and B&H Germany and

claiming wrongful termination and defamation

12

• Elisa seeks discovery of company documents associated with her termination, including those authored by the B&H’s General Counsel and B&H Germany’s Paris-based senior counsel

• At the same time, Elisa’s whistleblowing causes EU authorities to conduct an anti-trust dawn raid and seize a number of additional internal documents

• In both cases B&H seeks to prevent disclosure of the documents

• What result?

Attorney-Client Privilege

14

• Akzo Nobel Chemicals Ltd. v European Commission (Case-550/07) – 2010 ECJ decision, called into question attorney-client

privilege in the EU unless lawyers involved are:• Outside and independent counsel

• Licensed in EU

15

• Decision highlights several areas of concern:– Privilege risk for US-based in-house counsel– Privilege risk for US-based outside counsel– Privilege risk for confidential information provided to EU

in-house counsel– Potential for inadvertent waivers of US privilege

16

• Subsequent decisions may limit Akzo to its facts – i.e. seizure of documents by or involving European

Commission authorities in anti-trust investigations– On March 5, 2013, Brussel Court of Appeal found that,

under Belgian law, in-house counsel are covered by legal professional privilege

17

• European national laws on privilege differ greatly– Attorney-client privilege is extended to in-house counsel in

the UK, Ireland, the Netherlands and Poland– Not exted to in-house counsel in Italy, Austria or France

18

• Even in places or situations where privilege applies to in-house attorneys, may be limited to those licensed in that country or the EU

• Privilege can still be lost if the documents not deemed related to performance of professional duty as legal advisers, or if dominant purpose of document somehow involves another corporate activity

• “Voluntary” turnover of documents to foreign governmental authorities may waive privilege in US courts for otherwise privileged in-house attorney communications.

Parent Company Role

20

• Individual employees holding dual roles– What if B&H’s General Counsel actually took a role at B&H

USA as Head of Operations?• Difficulty in shielding EU parent company from

liability under EU law

21

Document Production

22

• What do B&H Europe, B&H Germany and B&H US have to do once Elisa files suit?– Litigation Holds

• Aligning policies across affiliates• Pitfalls: communication, execution and sanctions

• Where is data stored• Who owns data• Right to be forgotten• Data retention policies between US and EU

23

Data Retention Policies

24

• US: – Limited affirmative duties to retain specific data under

statutory, regulatory schemes– Data retention/disposition policy suspension upon

anticipation of litigation• EU: – Data protection principles require that data be retained

only for as long as needed specific purpose for which is was lawfully obtained, not be excessive and not be used for other purposes without permission

– Rights of notice, access, correction– Right to be forgotten

• Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González, Court of Justice of the European Union, Case C-131/12, 13 May 2014

25

Data Protection Laws

26

• EU Directive – 95/46/EC of the European Parliament and of the Council of

24 October 1995 – Overarching framework for personal data protection– Enacted differently in national Data Protection Acts (DPAs)– National authorities administer DPAs and participate in the

Article 29 Working Party which issues non-binding interpretive guidelines, e.g. WP 158

27

• Data protection as a fundamental human right• Restricts use of “Personal Data” of “Data Subjects” by

“Data Controllers” and “Data Processors” in two respects:– “Processing” in the EU– Transfer to a third country without an “adequate level of

protection” – e.g., the US– N.B.: deceptively familiar terms have very different meanings

under EU law

28

• Personal Data may include:− Content: author; signature block; meeting attendee list

− IT, email address

− Metadata

• Likely to exist in:− Email and other electronic communications

− Loose eFiles

− Databases e.g. containing customer information

29

• Sensitive Personal Data (Directive, Art. 8)• Heightened protections:– Racial or ethnic origin– Political opinion– Religious or philosophical beliefs– Trade union membership– Health or sex life

• HR record routinely contain sensitive personal data

30

• Practical reality of using EU data protection regulation compliance to withhold documents

• US employees who come back from EU and sue US company– Hypothetical: what happens if B&H USA sends the Deputy

General Counsel to work in the B&H parent company office for six months and he sues B&H USA for discrimination when he returns?

31

Managing Data: an EU friendly approach

32

• Can data be managed in an EU friendly way– We have data stored on EU servers and need to get it. Who

does it belong to. EU employees involved in US transaction.

– Myriam to do overview on how to get employee data? Permission? What if they’re not with company?

33

Data Protection Laws

34

Brief Overview• Transfer to non-member state requires adequacy of

data protection or public interest prevails over interest of data subject – US data protection standards are not “adequate” in it of

themselves– Model contracts/BCR/Safe Harbor– Exceptions exist for passenger name records and financial

messaging data• Difficult road during litigation

35

• US courts regularly issue orders for the production of foreign data protected by respective EU Data Protection laws (and issue sanctions for failing to produce)– Much easier to manage processes pre-litigation

US Court Perspective

36

• Set privacy expectations and encourage employees to only use work email for work purposes)

• Consistent document retention policies• Review the inter-company access to data between

US/EU affiliate • Have a way to “easily” anonymise and/or

pseudonymise personal data of EU data subjects and potentially separate personal from non-personal

• Explain and educate EU management and employees about requirements of US legal system. Rinse and Repeat.

Pre-Litigation Tips

37

• Conduct data protection analysis• In the EU– Lawful grounds for processing– Identify categories of protected data– Notice, consent, custodian involvement– Data minimization techniques, review– Data security measures: technical, organizational– Data transfer mechanisms: model contract, safe harbor,

BCRs, other

Managing data in an EU friendly way

38

• In the US– Raise issue at 26(f) conference– Phase discovery, identify alternative sources– Robust protective order– Data security measures

Managing data in an EU friendly way

39

• Article 29 Working Party WP 158, 187, 217• The Sedona Conference International Principles on

Discovery, Disclosure & Data Protection: Best Practices, Recommendations & Principles for Addressing the Preservation Discovery of Protected Data in US Litigation

• ABA urges (in non-binding manner) to respect data protection laws of foreign jurisdictions (February 2012)

Resources

40

What Does the Future Hold• EC plans to unify data protection throughout the EU via

the new General Data Protection Regulation (GDPR) • Addresses developments such social networks and cloud

computing• As of June 15, 2015, the Council of Ministers has set goal to

reach agreement on GDPR by the end of the year • As it is a Regulation and not a Directive, it will have immediate

effect on all 28 EU Member States after a two-year transition period and does not require any enabling legislation to be passed by governments.

41

Hague Convention

42

• Mechanism for seeking discovery from non-parties located outside of the United States

• May allow obtaining evidence, but far cry from type of evidence US attorneys are used to seeing

• Société Nationale Industrielle Aérospatiale v. U.S. District Court for S.D. of Iowa, 482 U.S. 522 (1987)– Holding that U.S. courts should not, as a first resort, depart

from the Rules of Civil Procedure in favor of the Hague Convention

– Adopting rule of comity

43

Discovery Blocking Statutes

44

• French law 68-678 of 26 July 1968 (the “French Blocking Statute”), is the most widely known legislation aimed at restricting cross-border discovery of information.– prohibits any communication of economic, commercial,

industrial, financial, or technical documents/ information to be used as evidence in legal proceedings outside of France (subject to international agreements – including Hague Convention)

• US Courts have consistently held that interest in discovery outweighs France’s foreign interest (see Aerospatiale v. U.S. District Court)

• France considering reforming statute

45

Enforcing court orders to produce• Depending on EU jurisdiction, court order may be

helpful or harmful – compare:– Switzerland– Germany

• Best practice:– Avoid MTC– Negotiate protocol

46

Collecting Damages and Enforcing Judgments

47

Enforcing Judgment in EU• Recognition of US judgments under foreign local law– cannot be enforced in foreign country without first being

recognized by a court in that foreign country– EU courts will not recognize US judgments if US court

lacked jurisdiction• Proper Service – usually requires service to have been in accordance with

the laws of respective l country, and, in most instances, pursuant to the Hague Convention

• Public policy– European countries will not recognize foreign judgments

where doing so cannot be reconciled with their own laws

48

Enforcing EU Judgment in US• No uniform federal law, but most states have enacted

some version of Uniform Foreign Money-Judgments Recognition Act (similar to full faith and credit clause)

• Problem lies with attaching judgment in a certain jurisdiction if assets located outside US– Koehler v. Bank of Bermuda Ltd., 12 N.Y.3d 533 (2009

49

Questions