Extract from Cassandre Coyer’s article “In the Clash of GDPR and E-Discovery, Will the New Data Privacy Framework Help?”
After years of back-and-forth and twists and turns, the story of transatlantic data transfers reached a new chapter this summer when the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (DPF), which affirms the U.S. has an adequate level of protection that matches EU standards for personal data transfers, on July 10.
But for e-discovery professionals that have been caught between the stringent General Data Protection Regulation (GDPR) requirements that often clash with U.S. discovery obligations, it’s unclear how much relief the DPF will bring to litigation dealing with cross-Atlantic data.
Panelists during the “Cross-Border Discovery, the GDPR, and the New Privacy Framework” Georgetown Pre-Advanced eDiscovery Institute Webinar on Wednesday highlighted some of the ongoing risks that professionals face transferring data, and some of the good practices to follow to stay clear of growing enforcement actions.
“There are some extensive restrictions imposed by the GDPR and U.S. judges are not always completely sympathetic to those and order discovery regardless, which puts companies at risk of GDPR enforcement,” said David Cohen, partner at Reed Smith and chair of the Records & E-Discovery (RED) Group.