An interesting article by Caitlin Metcalf, Adam Lurie, Doug Davison and Aviva Kushner from Linklaters looking at the recent Telegram case where on 13 January a New York federal judge ordered Telegram Group Inc to disclose bank records containing sensitive data despite the concerns raised that in doing so, could violate the GDPR.  It is fair to say that there is a fundamental conflict between GDPR and U.S. discovery rules and when parties are caught in the middle they must find a way of managing that conflict.

The case makes it clear that a party cannot simply use GDPR or other privacy/data protection legislation to shield itself from U.S. discovery rules, and that cost alone will not be an acceptable excuse for not disclosing documents.  What is essential, as the article sets out, is that these issues are dealt with early on in the process, ensuring that appropriate privacy assessments are performed.

As the article also sets out, there are generally practical solutions that can be applied to resolve some of the issues around this conflict.  This can involve specific processing steps, a more targeted approach to scope and also performing much of the work within the party's infrastructure/premise.  

This is something that we have regularly had to deal with and with our global team of experts and resources we are familiar with the challenges and solutions available to present a clear path forward in these situations.  If you would like to know more about our global capabilities, please let me know.