Extract from Mike Quartararo’s article “An Update on International and Cross-Border Discovery”
Parties in the US are allowed broad and liberal discovery of electronically stored information (ESI) relevant and proportional to the claims and defenses in a legal action. When a US-based litigant seeks ESI stored in other countries, however, it raises thorny legal and practical issues. An ACEDS webinar on this topic entitled “Now What? Cross-Border and International Discovery Post-Schrems II” highlights some of the issues facing practitioners in this area. A link to the recorded webinar can be found here.
EU Courts Invalidate Privacy Shield
For several years now, practitioners relied on the Privacy Shield to effectively transfer ESI across borders. The Privacy Shield consisted of agreements between the US, the EU and Switzerland to permit cross-border data transfers.
The agreements were administered by the US Federal Trade Commission and required that those using the Privacy Shield adhere to seven primary data protection principles and sixteen self-certification principles. The agreements opened communication channels between US and EU data protection authorities, and they provide for binding arbitration to resolve any disputes.
In 2020, this all changed as the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield, and then about a month later the Swiss data protection authorities did the same. The CJEU ruled in Data Protection Commissioner v. Facebook Ireland and Maximillan Schrems (“Schrems II”) that the Privacy Shield did not adequately protect the privacy citizens in the EU.