A stricter regime for profiling07 June 2016
New French Case Removes Automatic Privacy Shield From Employee E-Mails, Making Them More Amenable to US Discovery
This blog entry is provided by Hogan & Hartson litigators Trevor Jefferies in our Houston Office and Alvin F. Lindsay in our Miami Office:
A new decision released on 8 January 2010 from the French high labor court (the Cour de Cassation Chambre Sociale) may provide some grounds for arguing that a party in France can review a French employee’s e-mails and electronically stored information to determine whether the data is relevant to a U.S. litigation, without the employee’s knowledge or presence. This is a significant development in the perennial tension between EU privacy law and U.S. discovery principles.
European Union policies protecting personal privacy almost always conflict with United States policies that grant litigants full and complete discovery of documents and electronically stored information in U.S. court actions. The conflict is particularly acute in France, where a French corporation participating in U.S. litigation may easily run afoul of the French Blocking Statute (Law No. 68-678, as amended), data processing laws (e.g. Law No. 78-17, as amended), and the EU Directive 95/46 on Personal Data (“Directive”), among others.
Indeed, after years of goading by U.S. courts, French authorities even prosecuted someone, a French lawyer, under the blocking statute. His crime was attempting to comply with a U.S. court order compelling production of documents. See In re Christopher X, Cour de Cassation, Chambre Criminelle, Paris, December 12, 2007, No. 07-83228 (French Supreme Court upholding conviction and €10,000 fine against French lawyer attempting to facilitate collection of evidence for use as ordered in a U.S. judicial proceeding). Examples of U/S. goading include In re Vivendi Universal S.A. Secs. Litig., No. 02 Civ. 5571, 2006 WL 3378115 at *3 (S.D.N.Y. 2006) (French blocking statute did not subject parties to a “realistic risk of prosecution”) and Minpeco S.A. v. Conticommodity Servs., Inc., 116 F.R.D. 517 at 528 (S.D.N.Y. 1987) (“this is not a situation in which the party resisting discovery has relied on a sham law such as a blocking statute to refuse disclosure").
With French and EU law acting to prevent a litigant engaged in the U.S. litigation discovery process even from collecting a relevant employees' e-mails for litigation purposes, let alone viewing the e-mails to see if they contain relevant information, French parties seem at a distinct disadvantage in a U.S. forum. Failing to produce relevant documents is a direct path to an uncomfortable hearing before the U.S. judge and possibly severe sanctions such as a default judgment being entered against those parties for not complying with discovery orders.
Thus, Bruno B. vs. Giraud et Migot, Cour de Cassation, Chambre Sociale, Paris, 15 Dec. 2009, No. 07-44264 is a significant development. In that case, an accounting firm fired Bruno after the firm discovered files on his work computer addressed to government regulators wherein Bruno disparaged the firm for alleged tax and related fraud as well as working conditions.
The documents held subject lines as “Essay 1”, “Essay 2”, and so on, which the firm discovered without Bruno’s permission or presence. Bruno sued the firm seeking damages for unjustified dismissal, arguing that the firm violated his rights under EU privacy (human rights) conventions, as well as several provisions of the French labor code, claiming the documents were his personal data. On appeal, the Cour de Cassation Chambre Sociale held for the accounting firm, finding that because Bruno failed to mark the documents as “private,” the firm justifiably assumed that the documents were work-related and could open them.
The Bruno B. case clearly refines the general rule set forth in an earlier case from the same court, Nikon France vs. Onof, Cass. Soc., No. 4164 (Oct. 2, 2001), where the French high labor court established that employees have a right to privacy in the workplace and held that an employer cannot search an employee’s files stored on a work computer without breaching the employee’s right to privacy. The Nikon case’s broad ruling has been the subject of private criticism, especially from business interests in France, but now, after Bruno B., there is arguably no right to privacy to an employee’s computer-stored data unless the employee takes affirmative steps to designate the information as personal. Simply labeling the documents as “personal” or “private” may have been enough to compel the Bruno B. court to rule in the employee’s favor, but the holding is still a far cry from the absolute presumption that any data with an employee’s name is private.
The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...06 June 2016
Grounds for processing03 June 2016