Conflicts Between GDPR and U.S. Discovery Rules: Navigating the Privacy-Protection Law Catch-22

Strategies for Avoiding and Mitigating Conflicting Obligations Between U.S. and Local Law

Anna Mercado Clark

The EU’s General Data Protection Regulation (GDPR), effective May 2018, is increasingly relevant in U.S. litigation. Parties must determine whether they are entitled to provide records containing EU personal data to U.S. lawyers, investigators, regulators, and courts.

Multiple Federal district courts continue to reject the contention that the GDPR and other international privacy laws limit a party’s discovery obligations. The Court of Justice of the European Union’s “Schrems II” decision further complicated these issues, raising the stakes and solidifying a Catch-22 for entities involved in U.S. discovery.

Navigating the conflict between the GDPR and U.S. discovery requires thoughtful strategies and a thorough understanding of the priorities and obligations each set of rules requires. These issues typically are resolved case-by-case, and counsel must rely on sometimes conflicting precedents.

Anna Mercado Clark joined other panelists to guide litigators in managing high-stakes clashes between U.S. discovery obligations and foreign privacy protection laws, primarily the GDPR. The panel discussed the growing importance of foreign privacy laws in U.S. litigation, current approaches to privacy law objections to U.S. discovery, and strategies for navigating the irreconcilable duties under GDPR and U.S. discovery rules.

Key topics addressed included:

  • Who is governed by GDPR?
  • What other GDPR-like laws create similar concerns abroad and in the United States?
  • Does the location of data or individuals matter?
  • Who is governed by U.S. discovery rules, and who can be compelled to produce data?
  • What are the consequences of transgressing GDPR? U.S. discovery obligations?
  • What can litigants and their counsel do to minimize the risks?