International

Subscribe to International via RSS

Litigants navigating the conflict between U.S. discovery obligations and foreign data protection laws have a new ally, the American Bar Association (“the ABA”). The ABA recently passed Resolution 103, which “urges” that:

[W]here possible in the context of the proceedings before them, U.S. federal, state, territorial, tribal and local courts consider and respect, as appropriate, the data protection and privacy laws of any applicable foreign sovereign, and the interests of any person who is subject to or benefits from such laws, with regard to data sought in discovery in civil litigation.

As mentioned in a prior post on this blog, earlier this year the Indian Ministry of Communications and Information Technology issued new privacy and data security rules under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (the “Privacy Rules”). The strict consent requirements relating to the collection and sharing of sensitive personal data or information seemed to threaten the viability of India’s successful outsourcing industry and affect the data collection practices of non-Indian companies who are otherwise in compliance with data security and privacy requirements in their home jurisdictions. On August 24, 2011, the Ministry issued a release clarifying certain aspects of the Privacy Rules which will undoubtedly cause the Indian outsourcing industry and non-Indian companies to breathe a sigh of relief.

While the European Commission is seeking to update its 15-year-old Directive regarding the protection of personal data, several regulations have been passed to strengthen privacy rights in Europe. With all this activity, it’s clear that the United States is not the only country trying to adapt its privacy and information security standards to rapidly evolving technologies and marketplaces. Companies with an international presence need to stay alert to stay compliant. We can help!

India recently adopted a privacy and data security regulatory regime that fills the previous void of any such regulation with requirements that may force companies with operations in India and companies that outsource certain functions to Indian service providers to change the way they operate in order to comply. Visit our blog to see Proskauer attorney Paresh Trivedi’s article on the new Indian privacy rules.

In a September 8, 2010 opinion, Switzerland’s highest court announced that Internet Protocol (IP) addresses are personal information protected by the country’s data protection laws. The Swiss Federal Supreme Court’s ruling in In re Logistep AG, BGer, No. 1C-285/2009, 1C_295/2009, 9/8/10, adds to the longstanding debate over whether such information is personal information despite the fact that a single IP address can be attributed to more than one computer user. While the debate is far from over, the Logistep decision makes clear that businesses collecting information about individuals’ Internet activities, particularly those with operations in Europe, must treat IP addresses with care, as they may be protected by privacy laws in some jurisdictions.

On April 27, 2010, a sweeping new law on data protection was passed by the Mexican Senate, clearing the way for the President to sign the landmark legislation, which provides for penalties up to an astounding $1.5 million for violations under the law.  The new Federal Law for the Protection of Personal data (la Ley Federal de Protección de Datos Personales en posesión de los particulares), prescribes, among other things, the manner with which both private and public entities must treat the collection, use, and disclosure of personal data relating to Mexican citizens.