Litigation and trials are handled in the United States in a manner that is significantly different from that which prevails in other countries. While broad discovery is available here, the gathering and use of evidence is much more limited abroad. For years, there have been disputes between US litigants and the foreign parties who were requested to produce information and documents for use in US courts. While the 1970 Hague Convention on the Taking of Evidence in Civil and Commercial Matters has provided rules for the regulated taking of evidence, there are still many barriers to the gathering of evidence from foreign parties. One of them is the data protection laws of many countries, especially those in the European Union and the European Economic Area. (more…)
On September 14, 2010 the European Court of Justice (ECJ) confirmed that there is no attorney-client privilege under EU law for communications with in-house counsel when a company is under investigation by the European Commission.
In its ruling in the case of Akzo Nobel Chemicals Ltd and Akcros Chemicals Ltd v European Commission, the European Court of Justice affirmed a prior decision of the European General Court that had rejected a claim for legal professional privilege over the company’s communications with its in-house lawyer. The court reasoned that in-house lawyers are economically dependent on their employers, and thus cannot be regarded as independent. (more…)
Directive 2002/58/EC (or “e-Privacy Directive”), which defines the restrictions that apply to the protection of personal data in the context of wire or Internet communications, was amended in late 2009. This amendment establishes the first mandatory security breach disclosure regime for the European Union and will soon be reflected in the national laws of the EU and EEA Member States.
While this new security breach disclosure regime affects only providers of a publicly available electronic communication services, it is likely that it will be the foundation for defining a security breach disclosure framework that applies to other personal data holders.
For example, when amending their national laws, some of the EU Member States may opt to apply this security breach disclosure regime to the entire spectrum of data controllers and data processors, rather than limiting it to the smaller subset of electronic communication service providers that are subject to the ePrivacy Directive. Further, when the 1995 EU Data Protection Directive is revised, it should be expected, as well, that the security breach provisions of the ePrivacy Directive (as amended), at a minimum, will serve as a starting point.
The amendments must be implemented in each of the national laws of the Member States of the European Union and the European Economic Area by June 2011.