News & Publications

A Series By: Michael H. Gladstone, Esq. Mike's Bio

In Finjan, Inc. v. Zscaler, Inc., 2019 U.S. Dist. LEXIS 24570 the USDC for the Northern District of California addressed an objection by Defendant to discovery propounded by Plaintiff seeking emails possessed by one of defendant’s European employees.  The objection argued the employee’s emails may not be produced without violating privacy requirements contained in the GDPR, which became effective in May, 2018.  The Court approached the dispute methodically and provided what this author predicted may be a model for future analysis of discovery objections under the GDPR by U.S. Courts of such disputes. 

[Are You Within the Reach of the GDPR?]

The Court first announced the general rule that “…a foreign country’s statute precluding disclosure of evidence does “not deprive an American court of the power to order a party subject to its jurisdiction to produce evidence even though the act of production may violate that statute.”  Societe Nationale Industreille Aerospatiale v. United States Dist. Court for Southern Dist., 482 U.S. 522, 544 n. 29, 107 S. Ct. 2542, 96 L Ed. 2d 461 (1987).  The Court then identified the considerations pertinent to the question whether or not a foreign statute excuses non-compliance with a U.S. discovery order:  1. The importance of the documents or other information requested to the litigation, 2. The degree of specificity of the request, 3. Whether the information originated in the United States, 4. The availability of alternative means of securing the information, and 5. The extent to which noncompliance would undermine important interests of the United States.  Richmark Corp. v. Timber Falling Consultants, 959 F. 2d 1468, 1475 (9^th Cir. 1992). 

The Court addressed the factors individually. 

Consideration No. 1: The importance of the documents or other information requested to the litigation. The court concluded the documents were directly relevant to the infringement issue and the data subject’s knowledge of the patented technology at issue.  As such, this consideration weighed in favor of disclosure. 

Litigation Participants Subject to GDPR Must Justify their Use of Protected Data

Consideration No. 2: The degree of specificity of the request. The court found the

McCandlish Holton is pleased to announce that twenty-one of our attorneys are named  in the 20th Edition 'Legal Elite' by Virginia Business Magazine. Each year Virginia Business Magazine asks attorneys throughout the Commonwealth to nominate their peers for distinction in 20 categories. The full list of 21 McCandlish Holton attorneys on this year’s Legal Elite list, recognized in 11 categories: 

ADMINISTRATIVE/GOVERNMENT:

Michael R. Ward

ALTERNATIVE DISPUTE RESOLUTION:

Michael H. Gladstone

Joseph M. Moore

Brennan C. Morrissett

BANKRUPTCY/CREDITORS' RIGHTS:

Originally published by International Association of Defense Counsel (IADC), Defense Counsel Journal Volume 86, No. 4

IN JANUARY 2012, the European Commission set out plans for data protection reform across the European Union. One of the key components of the reforms was the introduction of the General Data Protection Regulation (GDPR).¹

The GDPR is a comprehensive set of rules designed to give European Union citizens more control over their personal data. The GDPR applies, generally, to any organization operating within the European Union, as well as organizations outside of the European Union which offer goods or services to customers or businesses in the European Union among others. Almost every major corporation in the world is affected by this legislation. This legislation came into force across the European Union in May 2018.

There has been considerable uncertainty how GDPR will be addressed in litigation commenced in the United States. However, as a year has passed, motions relating to GDPR are beginning to be adjudicated, and trends are starting to occur. This article provides a detailed summary of courts’ treatment of GDPR-related arguments and summarizes the potential impact of GDPR on United States litigation.

I. Impact of GDPR currently

As of July 19, 2019, eleven federal cases reference “GDPR” or the “General Data Protection Regulation.” No state court cases appear. Of the cases returned, four are from the United States District Court for the Southern District of New York,² and two are from California,³ one  from the Central District of California and the Northern District of California. The remaining five cases originate from District Courts in Washington, Maryland, Alabama, Utah, and Florida.⁴

These eleven cases generally involve discovery disputes, often in intellectual property matters. In these scenarios, the responding party has raised GDPR as a bar or impediment to

By: Samantha S. Otero, Business Law Practice Group

By: Brennan C. Morrissett

Arbitration awards are often described as ironclad, with arbitrators’ findings generally not susceptible to challenge.  Historically, and as a matter of public policy, arbitral power is intentionally limited to only those matters the parties have specifically contracted to subject to arbitration.  This means an arbitrator has no power to rule on issues except for those expressly assigned to them by contract by the parties.  Challenges to arbitrators’ failure to observe this fundamental limitation led to several recent United States Supreme Court “exceeded authority” cases – one of four limited bases on which an arbitrator’s finding can be challenged.  These rulings give some much needed

On November 30, 2018, I had the privilege of serving as a panel member on an International Association of Defense Counsel (IADC) presentation addressing GDPR in International Dispute Resolution.   The other panel members were: Robert Bond, of Bristows, in London, England; Alexandra Simotta, of Six-Group, in Vienna, Austria; and Janis Block, of CMS in Cologne, Germany.  The panel’s objective was to explore the issues arising under the GDPR in international dispute resolution, whether in arbitration or court litigation.   My responsibility was to offer a U.S. trial counsel’s response to the subject.   This article shares a few of the ideas raised during the panel, and a few which have occurred to the author in response to hearing from my fellow panel members. 

By. Michael H. Gladstone, Esq. 

Once GDPR applicability is determined, a host of significant responsibilities apply to US Controllers and Processors of EU subject personal data. The duties extend to the data subject, the EU and its supervising authority, and between Controllers and Processors. Significant adjustments may be required on both the security and informational side of Controller and Processor technology to comply with the notice and subject response obligations imposed on Controllers and Processors. The security by design concepts of the regulation will expose many gaps in current processing capacity. GDPR compliance management will become an administrative function in covered businesses whether or not they operate at a level requiring data processing assessments or designation of a DPO. Companies that resist compliance risk not just enforcement but loss of business relationships with customers obliged to comply.

By: Michael H. Gladstone, Esq. 

On May 25, 2018, the European Union (EU)  “General Data Protection Regulation” (GDPR)  becomes effective.  Many U.S. businesses are just waking up to the possibility that this regulation may pertain to them. For U.S. entities with any contact with EU subjects and their personal data, the question whether the GDPR applies to them is a serious one which should be carefully studied. 

The GDPR imposes an extensive set of duties and burdens on “covered entities," and sets out breathtaking penalties for violation of the regulation. Breathtaking here means 4% of worldwide revenue, or 20 million Euros, not counting damages to the violated data subject. The scope of personal data covered by the regulation and utilized by data recipients and users (called “controllers” and “processors” of personal data) coupled with the GDPR’s  expanded territorial reach (compared to the predecessor EU rules concerning protection of personal data) ensures a significant number of U.S. businesses, which might intuitively or superficially conclude otherwise, may be covered by the regulation. The GDPR presents an unprecedented effort by a governmental unit to protect the privacy of its subjects’ personal data.  

McCandlish Holton Director Michael H. Gladstone successfully represented a Virginia business in a corporate dissolution suit involving 50/50 shareholders instituted in the Richmond Circuit Court by the client’s former business partner. Two businesses, a corporation and a LLC, were implicated by the allegations of the complaint but the suit only addressed the corporation.  Counterclaims were filed and competing  purchase elections were made by the parties under Va. Code Section 13.1-749.1, presenting a case of apparent first impression to the trial Court.  Cooperative agreements between the parties and  counsel avoided expensive formal discovery.  Factual development of the case favored the client and the matter resolved through an advantageous sale of the client’s interest in both businesses to the original plaintiff.

McCandlish Holton Director Michael H. Gladstone successfully represented a Virginia business in a claim removed from state court to the U.S. District Court on a life insurance policy covering one of the company’s key executives. The policy death benefit exceeded $1,000,000.  The insurer had denied the claim alleging material misrepresentations by the decedent in answering health-related questions on the insurance application.  After discovery depositions of several of the insurer’s executives, the litigation was resolved at mediation, avoiding the necessity of a trial.