United States: GDPR, BDSG, & Discovery In U.S. Courts Under Hague Evidence Convention

Multiple U.S. district courts have weighed the needs of U.S. discovery against privacy rights protected by foreign statutes, including the EU General Data Protection Regulation (GDPR) and German Federal Data Protection Act or Bundesdatenschutzgesetz (BDSG). These privacy laws are typically much stricter than their U.S. counterparts, and generally have been interpreted by European companies to require any personal information-e.g., names, addresses, and email addresses-to be redacted from any documents produced in U.S. litigation, absent some exceptions.

Courts have taken different approaches to dealing with these foreign privacy laws. Some ordered disclosure of unredacted versions of documents containing personal information of foreign citizens, despite foreign privacy statutes. In contrast, at least one court has ordered that parties redact all personal information of foreign citizens. This article examines the contrasting cases, with a focus on considerations of international comity.

Finally, this article highlights an international route for discovery through the Hague Evidence Convention that satisfies U.S. discovery demands while providing assurances to the foreign party that the requirements of their privacy statutes are met.

Read the full version of a "GDPR, BDSG, & Discovery in U.S. Courts Under Hague Evidence Convention" here. 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.