The acknowledged power of Continental Europe is Germany. Its steady economy and stable politics offer foreign companies an inviting prospect for investment. And yet, as organizations explore and begin developing business opportunities in Germany, they often become entangled in a web of unfamiliar legal issues. These issues, particularly eDiscovery and data protection laws, can be a costly and time consuming trap for unsuspecting companies. To avoid becoming ensnared by legal minutiae, attorney fees and lost opportunities, companies should consider gaining at least a basic understanding regarding the German eDiscovery and data protection landscape.
Discovery in Germany
By way of introduction, it should be noted that Germany, like most European countries, is a civil code country whose legal traditions are distinct from the common law notions that characterize the United States. According to its legal precepts, civil litigation in Germany is conducted in a vastly different fashion than in the U.S. For example, “discovery,” as it is known in the United States, does not exist in Germany. Interrogatories, categorical document requests and requests for admissions are simply unavailable as discovery devices. Instead, Germany only allows a limited exchange of documents, with the parties typically only disclosing information that supports their claims.
The U.S. Court of Appeals for the Seventh Circuit recently commented on this key distinction when it observed in Heraeus Kulzer v. Biomet that “the German legal system . . . does not authorize discovery in the sense of Rule 26 of the Federal Rules of Civil Procedure.” The court went on to explain that “[a] party to a German lawsuit cannot demand categories of documents from his opponent. All he can demand are documents that he is able to identify specifically—individually, not by category.”
Another key distinction to discovery in Germany is the lack of rules or case law requiring the preservation of ESI or paper documents. This stands in sharp contrast to American jurisprudence, which typically requires organizations to preserve information as soon as they “reasonably anticipate” litigation.
Data Protection in Germany
Another critical, distinguishing characteristic of Germany’s legal traditions are its notions of data protection and individual privacy. Unlike the mostly laissez-faire approach in the U.S. to data protection, Germany has adopted a comprehensive framework to secure personal information from unreasonable government and corporate intrusions. To guard against such intrusions, Germany has strict requirements that govern any “processing” of personal information. In addition, corporate data processing in Germany must satisfy company Works Councils, which represent the interests of employees and protect their privacy rights. Those protections extend to domestic litigation and international data transfers, to which Works Councils and company Data Protection Officers may object.
Another important aspect to German data protection laws are the restrictions they place on transferring personal information across international borders. Companies with offices in Germany must ensure that the country where such data will be transferred has enacted laws that meet EU data protection standards. Transfers of personal data to countries that do not meet those standards are generally forbidden, with substantial fines imposed for non-compliance.
This backdrop of complexity suggests that companies exploring business opportunities in Germany should obtain a better understanding of its discovery and data protection laws. There are various resources that provide straightforward answers to these issues at no cost to the end-user. For example, global legal expert James Daley recently recorded two podcasts that discuss the challenges associated with German discovery and data privacy laws. Think tanks such as The Sedona Conference have also made available materials that provide significant detail on these issues, including its “International Overview of Discovery, Data Privacy, and Disclosure Requirements.”
By obtaining a greater awareness of the legal workings inside Germany, organizations can more capably develop a cooperative, proactive process for how they will address data preservation and production for cross-border litigation. By so doing, organizations can be better prepared to address potential eDiscovery and data protection snares that are inextricably intertwined with globalization.