IN JANUARY 2012, the European Commission set out plans for data protection reform across the European Union. One of the key components of the reforms was the introduction of the General Data Protection Regulation (GDPR).1
The GDPR is a comprehensive set of rules designed to give European Union citizens more control over their personal data. The GDPR applies, generally, to any organization operating within the European Union, as well as organizations outside of the European Union which offer goods or services to customers or businesses in the European Union among others. Almost every major corporation in the world is affected by this legislation. This legislation came into force across the European Union in May 2018.
There has been considerable uncertainty how GDPR will be addressed in litigation commenced in the United States. However, as a year has passed, motions relating to GDPR are beginning to be adjudicated, and trends are starting to occur. This article provides a detailed summary of courts’ treatment of GDPR-related arguments and summarizes the potential impact of GDPR on United States litigation.
I. Impact of GDPR currently
As of July 19, 2019, eleven federal cases reference “GDPR” or the “General Data Protection Regulation.” No state court cases appear. Of the cases returned, four are from the United States District Court for the Southern District of New York,2 and two are from California,3 one from the Central District of California and the Northern District of California. The remaining five cases originate from District Courts in Washington, Maryland, Alabama, Utah, and Florida.4
These eleven cases generally involve discovery disputes, often in intellectual property matters. In these scenarios, the responding party has raised GDPR as a bar or impediment to