In Finjan, Inc. v. Zscaler, Inc., 2019 U.S. Dist. LEXIS 24570 the USDC for the Northern District of California addressed an objection by Defendant to discovery propounded by Plaintiff seeking emails possessed by one of defendant’s European employees. The objection argued the employee’s emails may not be produced without violating privacy requirements contained in the GDPR, which became effective in May, 2018. The Court approached the dispute methodically and provided what this author predicted may be a model for future analysis of discovery objections under the GDPR by U.S. Courts of such disputes.
The Court first announced the general rule that “…a foreign country’s statute precluding disclosure of evidence does “not deprive an American court of the power to order a party subject to its jurisdiction to produce evidence even though the act of production may violate that statute.” Societe Nationale Industreille Aerospatiale v. United States Dist. Court for Southern Dist., 482 U.S. 522, 544 n. 29, 107 S. Ct. 2542, 96 L Ed. 2d 461 (1987). The Court then identified the considerations pertinent to the question whether or not a foreign statute excuses non-compliance with a U.S. discovery order: 1. The importance of the documents or other information requested to the litigation, 2. The degree of specificity of the request, 3. Whether the information originated in the United States, 4. The availability of alternative means of securing the information, and 5. The extent to which noncompliance would undermine important interests of the United States. Richmark Corp. v. Timber Falling Consultants, 959 F. 2d 1468, 1475 (9th Cir. 1992).
The Court addressed the factors individually.
Consideration No. 1: The importance of the documents or other information requested to the litigation. The court concluded the documents were directly relevant to the infringement issue and the data subject’s knowledge of the patented technology at issue. As such, this consideration weighed in favor of disclosure.
Litigation Participants Subject to GDPR Must Justify their Use of Protected Data
Consideration No. 2: The degree of specificity of the request. The court found the