GDPR-Based Objections to U.S. Discovery Requests: 2019 Year in Review

Legaltech News
1 minute read | January.09.2020

U.S. civil litigants faced with an obligation to produce "personal data" protected by GDPR, the European Union's General Data Protection Regulation, can find themselves on the horns of a serious dilemma. In 2019, the first full year since GDPR was enacted, not a single court excused compliance with a discovery request because of GDPR-based objections.

Initial rulings addressing the tension between the broad scope of data protected by GDPR and the similarly broad scope of discovery under U.S. Federal Rule of Civil Procedure 26 revealed substantial skepticism that complying with a U.S. discovery request would expose parties to significant enforcement risk in the EU. Nor do courts appear particularly sympathetic to the burdens associated with fulfilling discovery requests in a way that complies with GDPR.

Below, we take a look at what arguments parties put forth in the past year, and make a few suggestions for how litigants can avoid violating one jurisdiction's law to satisfy another's courts.