Cross-Border eDiscovery: The Courts May Be More Tech-Savvy Than Believed
Ricci Dipshan at Legaltech News recently posted a fine article regarding what may be described as cross-border subpoenas for discovery of electronic information, specifically emails. The two court decisions are by now pretty familiar to those in the E-Discovery and legal industries: the Microsoft discovery case in Ireland addressed by the Second Circuit Court of Appeals, and the Google subpoena decision by the District Court of the Eastern District of Pennsylvania.
I will not bore everyone by re-stating the particulars of each case that Mr. Dipshan ably describes, other than to re-iterate that in the Microsoft case, the court ruled that Microsoft demonstrated that the emails had a ‘permanent home’ on their servers in Ireland as managed by Microsoft and never left that home, and that the email originators and recipients were in Ireland. Thus, the court ruled that Microsoft was correct in claiming privacy and jurisdictional protection for those emails.
In the Google matter, however, the emails were created and received by individuals wholly within the US; Google freely admitted that it moved, or sometimes “parsed out” data to servers located in various locations, inside of or outside the US, simply as normal data management procedures to best utilize their server space and resources. The court in this matter ruled that the subpoena requesting the specified information was valid, and not subject to cross-border privacy restrictions.
In a sense, the courts were “catching up” to technology; the Eastern District court very capably dived in to understand the technical processes used by Google to manage data, understanding the difference between what I would call “data provenance” as opposed to “information owner provenance“; the court recognized that the information as created by the litigants had a ‘home’ solely in the US, while Google managed that information simply as data in a manner consistent with all other data it manages. However, I feel that, in both instances, the courts displayed admirable willingness to dive deeply into the technical aspects of each matter and understand the actions taken from that technical standpoint as well as legal considerations.
I am certainly not insinuating or stating that a company can establish information management or privacy policy here solely based on these two matters – I am not an attorney and flatly state that what I present is for informational purposes, hopefully to help expand legal hold and E-Discovery knowledge for those who read my posts. Given that, my thoughts on these two decisions are:
- The courts here have demonstrated a willingness and capability to comprehend complex technology processes surrounding information management;
- With these two seemingly disparate, but actually consistent rulings, the courts have provided opportunity to move discussions surrounding cross-border data management and access, and the privacy requirements contingent here, from what appeared to be a stalled starting-gate out into active discussion;
- Law firms and corporate leaders now have at least some pretty well-defined positions from which to analyze their global data risk potential, and to construct thoughtful and ethical policy and procedures to manage and protect that data. They can now at least understand the various perspectives that courts may have regarding cross-border data accessibility and protection.
Each instance for addressing these issues has been shown to be possibly unique; but there is now some basis for continuing the discussion, in court and in attorney offices. I see that as positive movement, not catching up. And again, thank you to Ricci Dipshan for a thoughtful article.