The most recent report into the UK legal Services industry by the lobby group TheCityUK (UK LEGAL SERVICES 2015 LEGAL EXCELLENCE, INTERNATIONALLY RENOWNED, published in February 2015) which represents the interests of UK-based financial and related professional services industries makes encouraging reading for UK lawyers, the reports opening paragraphs include the following statement;
“The impartiality, integrity, quality and depth of experience of legal services and the judiciary found in the UK are particularly well-regarded, both domestically and internationally.
The UK also has an envied reputation for the fair, effective and transparent resolution of international commercial disputes.”
When this reputation is coupled with statistics such as 27% of the world’s 320 jurisdictions using English common law as their basis it should come as no surprise to learn that the UK is a thriving hub of international dispute resolution.
This success does however mean that UK lawyers need to have heightened sensitivity towards the potential for conflict between the jurisdiction of choice for dispute resolution (England and Wales) and foreign jurisdictions local laws, particularly on the movement of personal data, which has the potential to cause unusual complexities when conducting cross border litigation.
Disclosure in the UK is governed, specifically, by the CPR Part 31 and it’s practice directions. In addition the CPR’s overriding objective of “enabling the court to deal with cases justly and at proportionate cost” governs the overall conduct of disclosure. Recent experience of presenting on this subject in the US demonstrated, at the very least, raised eyebrows at the “proportionate cost” element of the overriding objective. My experience was that there is far greater adhesion to the academic “quest for justice” within US legal circles than in the UK where the focus, at least to me, seems to be far more on the practical resolution of disputes and the almost inevitable compromise that all parties involved will have to make.
Conversely European jurisdictions raise their eyebrows at the thought of our disclosure exercises that are far more intrusive and expensive than civil law jurisdictions disclosure exercises are used to and so the UK sits as a half way point between the US and the EU with some understanding of both perspectives. However just understanding of the mind set of different jurisdictions does not solve the problems associated with obtaining disclosure which is both in line with the requirements of the CPR and also in line with the differing requirements of foreign jurisdictions.
Not only are there differing cultures when it comes to disclosure / discovery obligations in the UK, EU and US but there are also differing attitudes towards data privacy.
Currently European Directive 95/46/EC regulates the processing of personal data within the European Union. As a directive it is open to individual countries to interpret it into domestic law and then enforce their own law within their own country (although there are ongoing disputes about whether or not compliance with the laws of one EU state does or does not affect compliance in other states).
However all of this will change at some point in the near future (probably) as an EU wide data protection regulation was approved by the European Parliament in 2012. The delay in getting this regulation passed into law sits with the European Council who are having extended discussions about how such a regulation would be implemented in practice, so until such time as that regulation is passed there remain differing rules for differing EU states. Rather than rehash every differing rule here I think it prudent to direct those who need specific details to the very useful guide produced by DLA Piper and found at (www.edrm.net/resources/data-privacy-protection/data-protection-laws) this guide gives a broad overview of the data privacy laws in 58 different jurisdictions and should at least give readers a flavour of the likely complications when requesting disclosure from those jurisdictions.
The Hague Convention
The Hague Convention for the Taking of Evidence Abroad in Civil and Commercial matters establishes a framework whereby the court of one country can ask for the assistance from the court of another country to facilitate the collection of relevant evidence located within that courts jurisdiction.
The procedure for requesting evidence using the Hague convention is one where a Letter of Request must be sent from the requesting court which includes very specific information such as the authority requesting, names and addresses of the relevant representatives and the evidence required, and it must be in the language used by the body requested to execute it or with a translation into that language.
The Hague convention process is unlikely to work for practical reasons. Receiving states are unlikely to deal with the request with the urgency required by court timetables and the Court of Appeal has held in Secretary of State for Health & others v Servier Laboratories Ltd & others  EWCA Civ 1234 that English courts had jurisdiction to make the orders as part of the process of disclosure in civil proceedings.
Furthermore The Hague convention procedure is unlikely to work because some states (Italy, The Netherlands, Sweden France and Switzerland) have explicitly banned the use of the convention for discovery / disclosure requests using what have become know as blocking statutes. These blocking statues impose fines and in some cases criminal sanctions for allowing data to be disclosed in the course of discovery / disclosure requests from foreign jurisdictions.
It is true to say that whilst blocking statues are in place they are regularly not enforced (there is a well know case in France referred to as Christopher X where criminal sanctions were imposed at first instance but in fact were overturned on appeal) as it is regularly in the commercial interest of parties to complete a discovery / disclosure exercise in order to demonstrate that they in fact were not at fault in the dispute. Notwithstanding the regular lack of enforcement these statutes remain in place and there is very real and understandable reluctance from parties located in foreign jurisdictions to breach domestic law.
Global IT systems
It is also worth remembering that IT systems in global enterprises are rarely based in a single jurisdiction. Email servers can be located anywhere in the world and back up systems may well be stored in totally different locations. The prevalence of centralised database systems and data storage using the “cloud” also mean that data that users may assume is stored locally is in fact stored in other parts of the world.
It is not prudent to assume that data that is likely to be collected and processed in what would appear to be a domestic dispute is actually located solely within the jurisdiction of England and Wales and questions must be asked of clients in every case to ensure that privacy laws are in fact no being inadvertently breached.
There are no straightforward easy options in conducting disclosure exercises especially where data is stored in alternate jurisdictions. Parties should always appoint an individual who has overview of the disclosure exercise as a whole. A central point of management is essential to avoid duplication of effort and confusion at every level.
Once the person in overall charge of disclosure has identified data that is likely to be stored in foreign jurisdictions the first action to take should be to investigate whether in fact that data is also stored locally. The nature of modern IT systems means that there are high levels of duplication and data which at first instance looks as though it is going to be complicated to obtain may well in fact be relatively simple to collect and process.
If it is in fact the case that the data is only located in a foreign jurisdiction then the first step should be to broadly investigate the likely difficulties that are involved in locating the data, a good first step to doing this would be to refer to the DLA guide mentioned earlier on in this article but it must always be only a broad guide and it will always be prudent to obtain local advice from the jurisdiction involved about the best way to obtain that data. If, once that advice is obtained, it is apparent that the costs involved in obtaining the documentation is going to disproportionate or unreasonable in the circumstances of the case then it may be possible to exclude that documentation from your disclosure exercise by relying on CPR 31.7 (2) that states;
31.7 (1) When giving standard disclosure, a party is required to make a reasonable search for documents falling within rule 31.6(b) or (c).
(2) The factors relevant in deciding the reasonableness of a search include the following –
(a) the number of documents involved;
(b) the nature and complexity of the proceedings;
(c) the ease and expense of retrieval of any particular document; and
(d) the significance of any document which is likely to be located during the search.
The reasons for excluding documents from the disclosure exercise must be outlined in the disclosure statement and so unsubstantiated assertions that the costs are likely to be too high or the documents are not likely to be significant are more likely to be challenged by your opponents and less likely to carry the weight that a well researched and evidenced statement would do.
If parties are unable to legitimately exclude the collection of documents located abroad in this manner then it will be necessary to complete the disclosure exercise in the usual manner. This will would best be achieved by showing understanding of the difficulties that the parties in the foreign jurisdiction may experience in completing the exercise and so to that end if time allows use the Hague Convention. This would have the effect of giving the party giving disclosure domestic court orders with which they would have to comply. As outlined above UK courts may well see this as an unnecessary step as jurisdiction is already established but if done properly it does make the exercise significantly simpler if more time consuming.
In the absence of available time then parties would be well advised to seek to agree a very tight criteria under which the search should take place, it should be explained to opponents that these tight criteria are not there to unnecessarily restrict disclosure but are in fact there to enable any disclosure at all to take place. The criteria can be restricted by;
- Suggesting very tight filters (custodian, keyword and date)
- Trying to obtain consent from the individuals involved in the disclosure exercise (if possible)
- Suggest conducting a redaction review in country to remove the risk of the inadvertent transfer of personal data.
Of course all of this must be done using local resources in order to further limit the risk of the transfer of personal data.
The procedures and difficulties outlined in the article will change at some point in the future with the eventual implementation of the new EU Data Privacy Regulation. However the changes are unlikely to significantly reduce the level of complication as companies involved in litigation will be subject to very large fines for breaches of data privacy (2% of global turnover or a maximum of 1 million Euros are the likely levels of fine) and so if anything reluctance to comply with disclosure is likely to increase.
By Mike Taylor, barrister and E-Disclosure specialist, i-Lit Paralegals
Director I-Lit Parlegals