Litigation Support Tip of the Night

May 10, 2016

Societe Nationale Industrielle Aerospatiale v. U.S. District Court for the Southern District of Iowa,482 US 522 (1987) was a decision by the United States Supreme Court in which it ruled on the extent to which federal courts must apply the Hague Convention when parties file interrogatories, requests for admissions, production requests on foreign parties over which the courts have jurisdiction.   The court rejected the idea that the Convention should be the exclusive vehicle for cross border discovery, and denied the petitioners' argument that the Convention's procedures have to be the first resort whenever discovery is requested from a foreign party.    Furthermore the Court ruled that the Convention did not preclude the jurisdiction that the Court would otherwise have to obtain the production of evidence located in another country.


The Supreme Court's decision noted production can be obtained in violation of foreign blocking statutes designed to prevent the transfer of commercially valuable information.   The court endorsed a test listed in the Restatement of Foreign Relations Law to analyze whether or not international discovery can be conducted in violation of a foreign blocking statute:


"(1) the importance to the . . . litigation of the documents or other information requested;

"(2) the degree of specificity of the request;

"(3) whether the information originated in the United States;

"(4) the availability of alternative means of securing the information; and

"(5) the extent to which noncompliance with the request would undermine important interests of the United States, or compliance with the request would undermine important interests of the state where the information is located."



May 7, 2016

In 2001, the EU implemented a regulation, Council Regulation (EC) No. 1206/2001,  which allows evidence to be taken by litigators in one state from another state in civil matters without using the procedures of the Hague Convention or letters rogatory.    So discovery can be accomplished without going through diplomatic channels.  Denmark is the only member of the EU which  has opted out of the regulation.  Courts of different countries in the EU can contact each other directly about exchanging discovery without involving Foreign Affairs ministries.


As with the Hague Convention, central authorities are involved.  Under 1206/2001 the central authorities supply information to the courts; address difficulties regarding transmission; and in certain cases, forwarding a request to a court.   The requests are subject to the laws of the state from which data is requested, and must be responded to within 90 days.   The requests may be denied if the costs of consulting an expert are not disclosed.


To make a request, party must complete Form A or Form I to the regulation.   The forms are available on this site.  


If you click on the links for the Forms on this site you will be taken to a map of Europe where you can select the state from which you want to collect evidence.



The form can be generated after filling information for the fields on the web site.  '


One of the fields, requires, "Nature and subject matter of the case and a brief statement of the facts" and another a "description of the taking of evidence to be performed". 




April 13, 2016

The EU General Data Protection Regulation may be passed by the European Parliament this week, but if so, it will not take effect until early 2018.  The GDPR provides for single set of rules governing data transfers between European countries and non-European countries.   The current EU Data Protection Directive regime allows different countries to have different rules.   The new regulations do provide varying degrees of protective measures based on the risks posed by different businesses' activities. 


Under this new regime, all businesses operating in the EU will be accountable to only one authority.   The old 'Directive' had to be voted into force by national legislatures, whereas the new 'Regulation' can be implemented in states directly.  The GDPR will replace the European Data Protection Directive, discussed in the Tip of the Night for February 27, 2016,  and provide for uniform data protection regulations throughout the EU.  [Note the EU does not include Switzerland, Norway, Serbia, Bosnia, Serbia, Albania and Montenegro, but does include the rest of Europe west of the Belarus and Ukraine, and does include the Baltic States].  


Note that the GDPR does not apply to the review of data in the interest of national security or for law enforcement activities relating to criminal law.  While each EU state will have its own Supervising Authority, every business will have a single 'lead authority' to monitor all of its processing activity.    The regulations require Data Protection Officers be appointed to assist data controllers and processors in complying with the GDPR.  The DPO has to have knowledge of both the law and information technology processes.    Any data breaches are to be reported by the DPO to the Supervising Authority promptly.  


Violations of the GDPR can lead to sanctions of either the greater of 20 million Euro, or 4 per cent of the global turnover [sales revenue] of a business.  Data subjects will no longer have a Right to Be Forgotten, but will instead have a Right to Erasure which is has a smaller scope. 


The GDPR, unlike the DPD, covers non-EU businesses which process the data of EU citizens. 




March 27, 2016

As discussed in the Litigation Support Tip of the Night for February 27, 2016 Article 26(2) of the EU Data Protection Directive (Directive 95/46/EC) provides that model contracts can be created to transfer personal data outside of the safe harbor or privacy shield framework.    Word versions of the these contracts, or contractual clauses can he found here.  There are two for the transfer of data to controllers outside the European Union and European Economic Area and one for the transfer of data to processors outside the EU/EEC.  


The first contract, Decision 2001/497/EC,  for transfer to data controllers contains some interesting provisions in Appendix 2 which sets forth the mandatory data protection principles:


Special categories of data: where data revealing racial or ehtnic origin, political opinions, religious or philosophical beliefe or trade union memberships and data concerning health or sex life and data relating to offences, criminal convictions or security measures are processed, additional safeguards should be in place within the meaning of Directive 95/46/EC, in particular, appropriate security measures such as strong encryption for transmission or such as keeping a record of access to sensitive data.


I have left spelling mistakes in the original Word documents downloaded from the European Commission's site.  It's very odd to find these in official documents.   Be sure to watch out for them.    This provision puts an onus on the data controllers to either encrypt or log access to data about not only an individual's ethnic background, personal health data, political beliefs, and sexual activity, but also apparently security measures meant to protect this information by the individual it concerns. 


Rights of access, rectification, erasure and blocking of data: as provided for in Article 12 of Directive 95/46/EC, the data subject must have a right of access to all data relating to him that are processed and, as appropriate, the right to the rectification, erasure or blocking of data the processing of which does not comply with the principles set out in this Appendix, in particular because the data are incomplete or inaccurate. He should also be able to object to the processing of the data relating to him on compelling legitimate grounds relating to his particular situation.


An individual can request access to data about herself or himself and correct or erase data that is incomplete or inaccurate.   The Appendix also gives an individual the right to opt out of any programs using her or his data for the purposes of direct marketing.    When the data is transferred to other controllers the data subjects must be notified in detail and give their consent, or the new controllers must assent to the provisions of the contractual clause. 


The second contract for the transfer of data to controllers, Decision 2004/915//EC, is a revision of the first and contains similar provisions but was modified so that the data exporter and the data importer are not jointly liable for breaches to the data subject, but each have their own due diligence responsibilities.   


The third draft contractual clause, for the transfer of data to processors, Decision 2010/87/EU, in addition to provisions guarding against the inadvertent destruction or disclosure of data; notification obligations to the data exporter about access by law enforcement agencies, accidental or unauthorized access, & data requests by subjects; and the right of a supervising authority to conduct an audit of the data importer, the draft contract also provides that the data importer will, "return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so"













Please reload

Please reload

Sean O'Shea has more than 15 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.


All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.


This policy is subject to change at any time.