Along with explosive globalization, including the ease with which parties can conduct business abroad, there has been a concomitant need for international legal systems to consider exchange of information across sovereign borders. How should a U.S. court analyze conflicting interests in a cross-border discovery dispute?
In its 1987 decision in Aerospatiale,1 the Supreme Court of the United States held that the Hague Convention,2 entered into by the United States and numerous foreign countries, was not the exclusive means by which the parties to litigation in a U.S. court could conduct discovery overseas.
The intervening 29 years have not only led to a significant growth in the global economy, but also to the revolutionary ability of digital technology to collect huge amounts of data, often without regard to sovereign borders. Along with the expected increase in international litigation, we have experienced more disputes over cross-border discovery.
Securing discovery from an overseas source is not easy – indeed, it can be painfully difficult.
There are several reasons, and the details can vary significantly depending on the country.
No nation in the world allows pretrial discovery in the same manner as the United States. Indeed, most foreign countries have an innate hostility towards the entire concept of pretrial exchange of documents and taking depositions. Most European countries empower quasi-judicial “data-protection officers” to regulate the production of information out of the host country, with very limited rights of appeal. Sovereign nations in different parts of the world have enacted laws (“blocking statutes”) forbidding production of personal data, considered part of a “natural right of privacy,” to specifically prohibit “exporting” information about one of their citizens, whether an individual or corporation.3
Experience has shown that it is appropriate, indeed necessary, to divide the quest for information from foreign sources into three separate categories:
First, transactional data, such as names, account numbers, and other identifying information, necessarily used by banks and credit card companies, in the cross-border purchase and sale of goods — independent of litigation.
Second, exchange of data in civil litigation. Following Aerospatiale, U.S.-based lawyers have frequently used a variety of litigation techniques when seeking overseas discovery. After many district court opinions, various strategies and techniques to achieve some pretrial factual discovery have allowed parties in U.S.-based litigation to get limited information from an overseas source.
Third, in criminal or national security investigations, different rules may apply, particularly when the basis of the request is related to terrorism, genocide, or some other internationally condemned activity.
A U.S. judge faced with a cross-border discovery dispute need not feel despair. The judge should promptly ascertain the reality of the situation — i.e., the relative simplicity or complexity of the issues, the “landscape” of the foreign country in terms of its own policies, and considerations of relevance, necessity, and proportionality (discussed below) — and enter a procedural order requiring each party to state its goals and contentions, and to promptly initiate any foreign discovery requested.
The Hague Convention remains the most frequently used method of requesting discovery, particularly for third-party discovery. As a treaty, it is well recognized and often applied. Of necessity, it is limited to signatory countries. While most European Union states (plus Russia and China) are signatories to the Hague Convention, a large number of developing countries (with which the United States has large-scale commercial transactions), and even some countries with highly developed economies (like Japan) have not signed the Hague Convention.
Proceedings under the Hague Convention can vary significantly according to the country where the information is located. Although the initiation of a request under the Hague Convention is fairly simple and will be administered promptly with assistance, if needed, by our U.S. Departments of State and Justice, the speed with which the request is treated in the overseas country can vary significantly.
For example, the Hague Convention has a specific provision protecting against privileged information. The scope of the “privilege,” however, may be broader or more limited than in the United States. Collateral proceedings in the overseas country may be necessary for a foreign court to adjudicate a claim of privilege that is recognized in the foreign country, but perhaps not in the United States.
Aerospatiale noted the importance of comity among the factors that a trial judge should consider in determining what orders should realistically be entered in a U.S. court. The touchstone is often determining what respect or obedience those orders will have when considered in a foreign country. The Supreme Court borrowed § 437(1)(c) from the Restatement of Foreign Relations Law of the United States,4 which lists the following factors:
These factors, and particularly the last, form the basis of “comity,” i.e., respect that one tribunal in one country should pay to a tribunal of another country. This has been termed “a balancing of competing interests, taking into account the extent to which the discovery sought serves important interests of the foreign state versus the policies to which providing the discovery would undermine the important interests of the foreign state.”6
Resistance to our discovery rules increased after the recent revelations by Edward Snowden of massive data gathering by the U.S. government, some of which was directed specifically to leaders of foreign countries. In particular, European data administrators and courts sharpened their opposition to providing discovery for use in U.S. courts. Their fear, well deserved in their view, is that private information will not remain private once it reaches U.S. shores.
Judges may find it difficult to ascertain U.S. policy on the topic of international discovery. Our government has split various functions relating to oversight over cross-border transactions in international litigation among several different cabinet-level agencies, including the Departments of State, Justice, and Commerce as well as the Federal Trade Commission. Neither these cabinet-level departments nor the White House has seen fit to issue a policy statement. In January 2017, the new administration should direct one of these agencies to develop and issue a coherent statement of principles that a U.S.-based judge (or overseas judge) could follow as accurately expressing the policies of the United States in this area.
However, one clear indication of comity is the fact that our Congress has enacted statutes that specifically empower a district court judge to assist a foreign party seeking information from within the United States.
28 U.S.C. § 1781 authorizes the use of a letter rogatory, allowed by specific agreement between countries. Such a letter takes the form of interrogatories or document requests sent by one party to a foreign party. Once again, because the concept of reciprocity is essential, the U.S.-based attorney and judge should verify that the practice of letters rogatory is recognized in the host country.7
28 U.S.C. § 1782 authorizes a district court with jurisdiction to provide “assistance to foreign and international tribunals and to the litigants before those tribunals in pending fact discovery.”8
28 U.S.C. § 1783 pertains to the issuance of a U.S. subpoena to a U.S. citizen or resident located in a foreign country.9
Also, Federal Rule of Civil Procedure 28(b) authorizes and specifies certain rules for the taking of depositions in a foreign country.
These important — but seldom used — rules and statutes strongly show that our Congress has expressed a favorable view of pretrial discovery when relevant and necessary in international litigation. Mutuality should follow. U.S. judges should consider citing these provisions when contemplating and ordering overseas discovery. We can hope that other countries will respect comity and adopt these same principles as well.
Research has not found similar legislation in any other country in the world.
A number of steps can be taken when a party seeks information held in a foreign country. It is important to separately approach intraparty and third-party discovery.
First, at the initial Rule 16 conference, require counsel for all parties to be prepared and candid in describing any likelihood of international discovery.
Second, set a prompt deadline for the parties themselves to initiate any foreign discovery and to periodically report to the court on how it is progressing, along with prompt identification of any barriers.
Third, given the wide disparity of foreign laws, require counsel — keeping in mind any language translation requirements — to report on the likelihood of getting the information from the foreign country and the status of their efforts.
Fourth, as to intraparty discovery:
This same principle can be applied by the court’s power over a U.S.-based defendant that refuses to produce discovery within its “control” in overseas operations. The key issue, of course, is what constitutes “control.”
The Sedona Conference, a nonprofit think tank based in Phoenix, Ariz., has contributed greatly to discussions on many litigation topics and is best known for its work on developing principles for electronic discovery. However, Sedona also has taken the leading role in developing principles for cross-border discovery. Although those principles are subject to possible revision because of recent developments summarized below, they deserve repeating and consideration not only by federal judges, but also by data administrators and courts around the world:
Note that the word “necessary,” which connotes a narrower view of information subject to discovery, may require a U.S. judge to ascertain a party’s precise burden of proof and any specific evidence located within a foreign country.
Background: Competing Concepts of the Right to Privacy
For over 20 years, the United States and the European Union have struggled to find a proper framework for protecting data and privacy interests in the face of cross-border commerce. For Europeans, these concerns are fundamental rights on par with free expression and equal treatment under the law as enshrined in Article 8 of the European Convention on Human Rights and Articles 7 and 8 of the E.U. Charter of Fundamental Rights. In Europe, the processing of personal data is prohibited unless authorized by law.14 E.U. member states tend to favor “omnibus” laws for privacy protection.15 Most of these provisions apply to mass transfers of data pursuant to commercial transactions, rather than litigation. However, as a pretrial matter, the E.U. attitudes on transactional data “spill over” to private litigation.
The Safe Harbor (2000-2015)
In 1995, the European Parliament and the Council of the European Union issued a Directive, Article 25 of which permits the transfer of personal data to countries outside the E.U. only if the country in question ensures “an adequate level of [data] protection.”16 Although the E.U. never made an official finding as to the adequacy of U.S. privacy protections, general consensus held that the United States was falling short.
Following negotiations from 1998-2000, the U.S. Commerce Department and the E.U. announced the adoption of the so-called Safe Harbor Privacy Principles in an effort to address concerns about data transfer to the United States. The European Commission approved Safe Harbor in 2000, holding that any U.S. company that complied with Safe Harbor and its related FAQs issued by the U.S. Commerce Department in July 2000 was providing “an adequate level of protection as set out in Directive 95/46/EC.”17
For the ensuing 15 years, Safe Harbor provided a framework for many companies for exchange of information between the U.S. and the E.U. As of 2015, some 4,500 businesses were using it. Safe Harbor allowed companies to self-certify that they were in compliance with seven basic data-privacy principles, such as giving individuals choice over the sharing of their data with third parties and establishing safeguards for protecting information.
Snowden and Schrems — the Demise of Safe Harbor
Several developments impacted the data- privacy landscape after the adoption of Safe Harbor. Most notably, in 2013 Edward Snowden released classified data from the U.S. National Security Agency disclosing the existence of massive, covert U.S. surveillance programs and bulk collection of data. In addition, American-based social media companies such as Myspace, Facebook, Twitter, Instagram, and Snapchat — none of which existed at the time Safe Harbor was adopted — began to collect and share information from users from around the globe on an unprecedented scale. These events raised significant concerns from many citizens in both the U.S. and the E.U. about the importance of privacy protection. Consequently, proposals to revise Safe Harbor began receiving attention.
As those discussions were ongoing, in October 2015 the European Court of Justice struck down Safe Harbor. The court’s ruling in Schrems v. Data Protection Commissioner, Case C-362/14, stemmed from the plaintiff’s use of Snowden’s revelations as a basis to challenge Facebook’s Irish subsidiary’s transfer of data from Ireland to servers in the United States for processing. The court held that the U.S. government’s improper elevation of purported national security concerns over the Safe Harbor protections, coupled with a lack of meaningful remedies for E.U. citizens to challenge U.S. data collection, required finding the Safe Harbor was invalid. The court remanded Schrems to the High Court of Ireland to determine whether that court should suspend transfer of data to the United States for failure to provide sufficient protection.
The Privacy Shield: A New Way Forward?
As a result of Schrems, in February 2016 the U.S. Department of Commerce and E.U. authorities announced a new “E.U.-U.S. Privacy Shield” framework. The Privacy
Shield creates legal remedies for E.U. citizens alleging privacy violations, increases oversight of U.S. companies from the Commerce Department and Federal Trade Commission, and establishes new requirements such as mandatory disclosures and referrals to Privacy Shield-related materials for participating businesses. On July 12, 2016, the European Commission formally adopted the Privacy Shield; however, its success is not guaranteed.
European Data Administrators
An important but little-known group of European officials dealing with data regulations is known as the Article 29 Working Party. These government employees are charged with the duty, sometimes subject to limited judicial review, of determining what discovery to allow in a particular case. Some of these officials are receptive to transfer of data to the United States, and they often use a type of balancing interest similar to that set forth in Aerospatiale. Some are receptive of negotiation and advocacy by lawyers or even the judge in a particular case.
Assuming it is warranted by the merits and importance of the case, retaining local counsel to conduct the negotiation with the data administrator would be essential.
In April 2016, the Article 29 Working Party issued a statement and corresponding opinion on the viability of the proposed Privacy Shield. The group criticized the Privacy Shield for its overall lack of clarity, opined that the proposed redress mechanisms might be too difficult for E.U. residents to use, and raised the specter of continued mass-data collection by the U.S. government. Other privacy advocates similarly believe the Privacy Shield does not go far enough in protecting personal data. Although the adoption of the Privacy Shield by the European Commission should ease the continued flow of data related to transactions, the opposition of powerful data administrators may create problems for continuing transfer of data in private litigation.
General Data Protection Regulation – Effective May 2018
The European Union also has adopted a lengthy and very complex set of regulations for cross-border discovery, which is scheduled to go into effect in May 2018. Titled “General Data Protection Regulation (GDPR),” it will become law in all states of the European Union and includes onerous dictates about transferring data out of a host country. One of the most severe provisions is Article 48, which basically prevents any kind of data transfer unless pursuant to the Hague Convention or any other type of treaty (generically referred to as a mutual legal assistance treaty or MLAT). The recent exit of Great Britain from the E.U. may show that traditional standards apply to requests for discovery from Britain.
Practical Suggestions for Overseas Discovery
The concept of “privacy” is highly valued, particularly in a litigation context. The customary protective order that most U.S. trial judges approve when there is significant proprietary or other confidential information involved in litigation is not as accepted overseas as paving the road to discovery. Data-protection administrators, who may negotiate the terms of any U.S.-based discovery requests, may be willing to allow production of the information if it will be accessed only by the lawyers or clients involved in the U.S. litigation but will not be otherwise available.
Some courts have adopted different rules when national security interests are at stake.22
A recent handbook published in 2015 on these topics by the Federal Judicial Center, available to judges as well as the public, is valuable. Titled “Discovery in International Civil Litigation – a Guide for Judges,” the handbook reviews numerous judicial decisions in the United States, as well as the laws of many commercially important countries, in providing information to be used in U.S.-based litigation.23 This handbook includes detailed case citations of opinions and orders on the topic of overseas discovery. The appendices describe discovery practice in selected jurisdictions, summarize the Hague Convention on taking evidence abroad in civil or commercial matters, provide sample letters rogatory, and contain a sample Rule 16 pretrial order addressing international discovery issues, prepared by the author of this article.
A Case Study – Wultz v. Bank of China
In Tel Aviv, Israel, a suicide bomber killed a Florida teenager and injured the teenager’s father. The bomber belonged to the Palestinian Islamic Jihad (“PIJ”), an organization the U.S. government has labeled as a Foreign Terrorist Organization and a Specially Designated Global Terrorist. The PIJ is therefore subject to stringent economic sanctions. The teenager’s family sued the Bank of China (“BOC”), arguing that BOC aided and abetted terrorism because it failed to observe its statutory duties and facilitated dozens of wire transfers for PIJ, totaling millions of dollars.
Wultz shows how complicated cross-border discovery issues can become and resulted in many detailed opinions and orders resolving cross-border discovery disputes. This summary looks at five of those opinions, highlighting issues that can be raised in international litigation and how a judge’s determined case management can result in a fair resolution of the cross-border issues after sequential discovery requests and motions to compel.
In Wultz’s first discovery dispute, plaintiffs moved to compel production of documents by a Letter of Request pursuant to the Hague Convention. However, over 13 months passed after the Letter of Request was granted, and China’s Ministry of Justice had yet to grant BOC permission to disclose the relevant documents.24 Plaintiffs were seeking imposition of a “unilateral” resolution of the discovery dispute, while BOC’s opposition argued that a “bilateral” resolution, according to the Hague Convention, was proper. Plaintiffs’ motion implicated one of the central concerns in cross-border discovery, namely to what extent a U.S. court can employ its expansive discovery rules in obtaining discovery from a foreign entity.
Judge Shira Scheindlin began her analysis by referencing Aerospatiale’s holding that the Hague Convention did not provide the only means of obtaining foreign discovery. She acknowledged the important role of comity, as the dispute raised concerns of foreign sovereignty. She considered, in turn, the five Aerospatiale factors, and two additional factors dictated by the Second Circuit Court of Appeals. The most important factor requires balancing conflicting national interests. Judge Scheindlin weighed not only the United States’ interest in combatting terrorism by identifying and stopping its funding and China’s national interest in enforcing its bank secrecy laws, but she also weighed the interests of both countries “in the bilateral resolution of cross-border legal enforcement issues.”25 After narrowing certain requests and weighing these factors, Judge Scheindlin compelled BOC’s production of specific documents, but did not order production of “confidential regulatory documents created by the Chinese government whose production is clearly prohibited under Chinese law.”26
A subsequent dispute concerned BOC’s withholding of certain documents identified in a privilege log.27 Judge Scheindlin was again compelled to complete a choice-of-law analysis, except this time with respect to privilege claims involving foreign documents. According to Second Circuit precedent, a district court must use the “touch base” analysis to determine “which country ‘has the predominant or the most direct and compelling interest in whether those communications should remain confidential.’”28 The “touch base” test is met where communications relate to U.S. legal proceedings or advice on U.S. law. Based on this test, the court found that documents created after Jan. 28, 2008 — the date of plaintiffs’ demand letter — were governed by U.S. privilege law, while documents created before that date or afterwards, but not relating to the demand letter, were governed by Chinese privilege law. Accordingly, Judge Scheindlin ordered BOC to produce items on its privilege log governed by Chinese privilege law (which recognizes only a duty of confidentiality), as well as documents governed by U.S. law, as the attorney-client privilege did not apply.
In another dispute that may require judicial resolution in this increasingly globalized economy, Judge Scheindlin considered whether to compel production of investigative files and U.S. regulatory communications from both BOC and the U.S. Office of the Comptroller of the Currency (the “OCC”).29 The court noted that to compel agency compliance with discovery requests, plaintiffs must first exhaust their administrative remedies. The OCC, as with other federal banking regulators, developed administrative regulations governing the release of nonpublic information pursuant to what is known as the “Housekeeping Statute,” 5 U.S.C. § 301. These regulations, upheld by the Supreme Court in United States ex rel. Touhy v. Ragen,30 are colloquially referred to as Touhy regulations. While plaintiffs partially complied with administrative procedures by submitting a request to the OCC for the production of documents, plaintiffs also moved to compel production of documents not described in the request. Accordingly, plaintiffs had not exhausted their administrative remedies with respect to these documents, and Judge Scheindlin denied plaintiffs’ motion to compel production from the OCC.
In yet more installments, nonparties Bank Hapaolim (an Israeli bank),31 and the State of Israel32 moved to quash subpoenas issued to them. BOC served a subpoena on Hapaolim pursuant to Federal Rule of Civil Procedure 30(b)(6) to obtain testimony of a corporate designee. Hapaolim challenged the subpoena as violating Rule 45’s territorial limits on nonparty depositions, and on grounds of international comity. Judge Scheindlin rejected these arguments and denied Hapaolim’s motion to quash. She found that although all individuals with relevant knowledge were at the bank’s branch located in Israel, it would not be unduly burdensome to produce a witness for the U.S. deposition in light of digital communications, including the bank’s ability to prepare New York branch employees via video conference with employees of Hapaolim’s Israel branch. Furthermore, concerns of international comity favored disclosure because the U.S. interest in combating terrorism outweighed Israel’s interest in enforcing its bank secrecy laws.
Similarly, Israel moved to quash a subpoena, served on it by BOC, which sought the deposition of a former Israeli national security officer.33 Israel’s motion implicated the Foreign Sovereign Immunities Act (“FSIA”), 28 U.S.C. § 1602 et seq., which the Supreme Court held governed sovereign immunity for states but not for foreign officials.34 Rather, claims for sovereign immunity by foreign officials are determined by common law. Noting the dearth of case law, Judge Scheindlin nonetheless found that the former officer was immune from being questioned about information regarding acts taken or knowledge obtained in his official capacity.
Wultz remains a valuable resource when a judge must confront and weigh international comity and sovereignty against not only national interest but also personal tragedy.
In facing these difficult issues, trial judges can take comfort in that there are abundant resources to consult, and the judge has wide (and wise) discretion in deciding these disputes. Nonetheless, the ultimate decision will likely be novel and necessarily a venture into unknown territory, legal and perhaps geographic.