An interesting article by Katalina Bateman and Karen Lee Lust from Reed Smith looking into two recent U.S. cases where the conflict between U.S. discovery and the GDPR comes into focus.  There is nothing new in the conflict between U.S. discovery and European privacy rules, and it certainly predates the GDPR, but it is interesting to see that these two forces still come into conflict with each other.

Most of the conflict appears to come from a macro level difference in how privacy is considered and regulated in the different jurisdictions.  In Europe it is considered a human right and therefore warrants the protection provided to it under the GDPR and other legislation, whereas in the U.S., it tends to be regulated at an industry level - with different industries (e.g. healthcare and finance) having higher levels of protection than others.  This leads to inevitable tension and conflict.

From a technology perspective, it is always interesting to consider these challenges and look at how a solution can be developed to bridge the gap between the two.  Generally through intelligent use of processes and technology, most of the challenges can be overcome to allow for all parties to get comfort with the solution.  There are many different ways in which that these can play out - but inevitably there tends to be a focus on in-country work and enhanced precautions to segregate and target specific data sets.

With the number of jurisdictions implementing legislation that has a GDPR look and feel, this is something that people need to get more familiar with and understand both the challenges and how they may be overcome.