Bingham McCutchen

• HOME

• E-MAIL THIS PAGE

• JAPANESE WEB SITE

• ABOUT US
  • Bingham Now
  • From the Chairman
  • Momentum
    • Charting Our Growth
    • Legacy Firm Partners
  • Who We Are
  • Bingham Consulting
  • Recognition
  • Diversity
  • Offices
    • Boston
    • Frankfurt
    • Hartford
    • Hong Kong
    • London
    • Los Angeles
    • New York - Downtown
    • New York - Midtown
    • Orange County
    • Portland
    • San Francisco
    • Santa Monica
    • Silicon Valley
    • Tokyo
    • Washington
  • Pro Bono
  • Bingham Going Green
  • Senior Staff
  • Community Service and Charitable Giving
• LAWYERS
• PRACTICES
  • Corporate
    • General Corporate
    • Commercial Technology and Trademark
    • Corporate Governance and Compliance
    • Corporate Securities
    • Emerging Growth Companies
    • Employee Benefits and Executive Compensation
    • Mergers and Acquisitions
    • Public Companies
    • Private Equity
    • Venture Capital
  • Finance
    • Financial Services Area
    • Banking and Leveraged Finance
    • Distressed Mergers and Acquisitions
    • Energy and Project Finance
    • Equipment Leasing
    • Film Finance
    • Financial Legislative Reform Resource Center
    • Financial Restructuring
    • Institutional Finance
    • Japanese Practice
    • Structured Transactions
  • Securities
    • Financial Services Area
    • Securities
    • Accountant Defense
    • Broker-Dealer
    • Compliance
    • Investment Management
    • Securities Enforcement and Investigations
    • Securities Litigation
    • Trading & Markets
    • UK Financial Regulatory Practice
  • Litigation
    • Litigation Area
    • Antitrust and Trade Regulation
    • Appellate
    • Construction and Project Finance Litigation
    • Consumer Products Litigation
    • Electronic Document Retention and Discovery
    • Real Estate Litigation
    • Employment and Labor
    • Entertainment, Media and Communications
    • Environmental Litigation
    • Financial Institutions Litigation
    • Intellectual Property
    • Securities Litigation
    • Tax Controversy
    • White Collar Investigations and Enforcement
  • Environmental
    • Climate Change Group
    • Environmental and Natural Resources
    • Land Use and Development
    • Military Base Reuse
  • Legislative and Government Affairs
    • Congressional Oversight Investigations
    • Government Affairs
  • Real Estate
    • Real Estate
    • Distressed Real Estate
    • Commercial Properties
    • Real Estate Finance
    • Residential and Mixed-Use Developments
    • Real Estate Litigation
  • Tax
    • Tax
    • Tax Planning
    • Industry Experience
    • Corporate/M&A/Consolidated Returns
    • International Tax
    • Partnerships and Joint Ventures
    • Transfer Pricing
    • Tax Credits
    • Tax Controversy
  • Telecommunications, Media and Technology
    • Telecommunications, Media and Technology
  • Insurance
    • Insurance Practice
  • Industry Practices
    • Distribution and Franchise Law
    • Clean Technology and Renewable Energy
    • Healthcare
    • Life Sciences
    • Privacy and Security
    • Promotion, Marketing and Advertising
  • Estate and Charitable Planning
    • Charitable Advising
    • Estate Planning
• NEWSROOM
  • Press Contacts
  • Facts & Stats
  • Press Releases
  • In the News
  • Recognition
• RESOURCES
  • Legal Alerts
  • Publications
  • Events
• CAREERS
  • Law Students
  • Judicial Clerks
  • Lateral Associates
  • Staff Attorneys
• ALUMNI

French Data Protection Agency (CNIL) Releases New Guidelines on “Discovery”

In Guidelines published on August 19 in the French Official Journal, the French Data Protection Authority (CNIL) opined on the legal requirements for French/U.S. data transfers in discovery activities related to litigation or for U.S. investigations.

General

The CNIL states in its detailed “Deliberation 2009-474” (in French only) that the volume and scope of document discovery in U.S. proceedings has significantly increased. It reiterates that all data flows out of France for litigation purposes must be in line with the French Data Protection Law of 1978 (as amended): “Obtaining an authorization from a French judge to send documents to the U.S. (through a “letter of request” addressed to the French chancellery) does not release a company from the obligation to respect French [data protection] law, in particular the provisions on data flows out of the EU....”

Is Prior Consent of the CNIL Required?

One key issue for U.S. litigants is when prior consent of the CNIL is required, irrespective of other regulations and treaties (such as the 1970 Hague Convention on Obtaining Evidence Abroad that the U.S. and France have ratified). The CNIL makes the following clarifications:

• The CNIL’s prior consent is NOT required for personal data transfers to the U.S. for litigation or investigation purposes (SEC, FTC, etc.) if: (i) it is a single data transfer, and (ii) the amount of information transferred is “not massive.” The CNIL still must be notified of the data transfer.
• Data transfers that go beyond this threshold (i.e.,“massive and repeated data transfers”), are only allowed if: (i) the receiving party in the U.S. signs the EU/U.S. Safe Harbor Principles, (ii) the parties use the EU contractual clauses for international data transfers, or (iii) the parties adhere to the Binding Corporate Rules (a complicated set of rules for corporate groups developed by the EU that must be individually approved by the national data protection authorities).
• If the data are already located in the U.S., the data processor must ensure that the data are “adequately protected” by the U.S. authorities, e.g., through a “stipulative court order” [probably a Protective Order].

Various Additional Privacy Issues

The CNIL addresses a number of privacy requirements for personal data transferred to the U.S., for instance:

• Prior consent of the individual: Prior consent of the individual can be a legitimate basis for data transfers under the French data protection laws, provided that there is evidence that it is “free, clear, specific” consent, in particular the consent must not be given “under pressure,” or merely to avoid “sanctions.”
• Reducing the amount of data: The CNIL demands that personal data sent from France must be “proportionate” and “adequate” with the discovery purpose. One method to ensure this is to filter the data in France for key words to reduce its volume. The CNIL also recommends anonymizing the data to the maximum extent.
• Data storage: Data sent to the U.S. may only be stored for the “duration of the proceedings.”
• Informing the individuals: Pursuant to French data protection laws, the individuals to whom the personal data in France refer must be informed about the data transfer (exceptions may apply if such disclosure “endangers the proceeding”). These individuals must have the right to know what is sent and to “rectify” false or incomplete information about them.

Preliminary Observations

Many requirements that the CNIL stipulates in the Guidelines are open to interpretation. Given that the European “Article 29 Working Party” of data protection representatives at the EC is also looking into this issue on the European level (see Bingham’s e-discovery alerts of 02/23/09 and 02/11/2008), this is probably not the last word from Europe. It remains to be seen how aggressively the CNIL will enforce the new Guidelines.

To read the full French CNIL Guidelines, click here.

Clients rely on Bingham’s Electronic Document Retention and Discovery Practice as part of Bingham’s focus on high-stakes litigation, where technological savvy offers a competitive advantage. For more information on this alert or other electronic document retention and discovery issues, please contact any of the following attorneys:

Gary Adler, gary.adler@bingham.com, 212.705.7803

Geoff Howard, geoff.howard@bingham.com, 415.393.2485

Maureen A. Young, maureen.young@bingham.com, 415.393.2788

Dr. Axel Spies, Rechtsanwalt, a.spies@bingham.com, 202.373.6145

Circular 230 Disclosure: Internal Revenue Service regulations provide that, for the purpose of avoiding certain penalties under the Internal Revenue Code, taxpayers may rely only on opinions of counsel that meet specific requirements set forth in the regulations, including a requirement that such opinions contain extensive factual and legal discussion and analysis. Any tax advice that may be contained herein does not constitute an opinion that meets the requirements of the regulations. Any such tax advice therefore cannot be used, and was not intended or written to be used, for the purpose of avoiding any federal tax penalties that the Internal Revenue Service may attempt to impose.

© 2009 Bingham McCutchen LLP

To communicate with us regarding protection of your personal information or if you would like to subscribe or unsubscribe to some or all of Bingham McCutchen LLP’s electronic and email notifications, please notify our Privacy Administrator at privacyUS@bingham.com or privacyUK@bingham.com. Our privacy policy is available at www.bingham.com. We can also be reached by mail in the U.S. at One Federal Street, Boston, MA 02110-1726, ATTN: Privacy Administrator, or in the U.K. at 41 Lothbury, London, England EC2R 7HF, ATT: Privacy Administrator.

This communication is being circulated to Bingham McCutchen LLP’s clients and friends and may be considered advertising. It is not intended to provide legal advice addressed to a particular situation.

• Contact Us | 
• Site Map | 
• Terms of Use | 
• Privacy Policy | 
• Disclaimer | 
• Copyright © 2010 Bingham McCutchen LLP
• 
  Attorney Advertising. Prior results do not guarantee a similar outcome.