For U.S.-based, multinational organizations, privacy statutes in foreign nations have become a minefield that threaten to disrupt the day-to-day operations taken for granted at home. In one case, officers of search engine giant Google were convicted in Italy for criminal privacy violations when a third party uploaded an unauthorized video to the entity’s video-on-demand service, Youtube.com.1 In an unrelated matter, the company was fined €145,000 by an EU-based regulator for one of their information-gathering practices.2
The problem is especially acute for companies performing e-discovery and related operations since they must meet the Federal Rules of Civil Procedure (FRCP) obligations related to the production of electronically stored information (ESI), regardless of the exposure to civil and criminal liability in foreign jurisdictions. This often places companies in a precarious position and can force them to choose between violating the law in the U.S. or abroad. In the now-infamous case of In
re Advocat Christopher X, a French attorney was convicted of violating France’s so-called “blocking statute” and fined €10,000 for privacy violations during cross-border litigation as well. Whether it’s the Data Protection Directive in Europe, the APEC Privacy Framework in Asia or a constellation of privacy regulations in South America, the challenges of obtaining foreign ESI for use in U.S.-based legal actions have never been greater.