E-discovery rules vary quite dramatically from country to country, but across the board, the most common rules relate to how electronically stored information must be surrendered to an opposing party and the conditions under which that surrender must take place. In the United States, e-discovery rules are generally liberal. The law requires the disclosure of anything deemed “relevant,” unless it is protected by a defined privilege. Things are much more restrictive in the European Union, where directives prohibit the sharing of any personally identifiable information from one entity to another in the absence of consent or some defined legal obligation.
The most common e-discovery rules relate to the specifics of how electronic discovery should take place. Discovery is a legal procedure that happens before a trial and is basically a chance for both parties to a lawsuit take a look at the documents of the other in an effort to search for evidence and build a case. In the Internet age, much of the material that falls under the discovery umbrella is stored electronically. Governments enacted electronic discovery rules to streamline the process.
In the United States, e-discovery rules are codified in the Federal Rules of Civil Procedure. Among other things, the rules set out the appropriate scope of any e-discovery search, including what sorts of information must be provided and how discovery should be requested between parties. Rules on how electronic information must be preserved and compelled are also included.
United States law also sets out fixed time lines dictating when e-discovery materials must be surrendered and when parties must meet to agree to discovery terms. The materials’ format is important as well. All information surrendered in discovery must be readable and stored its original form without omissions or additions. The rules set out privileges, or exceptions, to what documents must be surrendered and outline penalties and sanctions for non-compliance.
Countries in the European Union take a more restrictive approach. The EU’s privacy directive (95/46/EC), which has been adopted by each member country, sets forth the broad privacy requirements of the EU. These rules are not direct e-discovery rules the way that the US’s rules are, but they nonetheless relate to e-discovery because they place restrictions on how personal data can be shared. In short, they prevent most disclosures of any personally identifying information, whether for lawsuits or otherwise.
Exceptions exist when the person identified consents, or when the information is necessary to comply with a legal obligation. E-discovery might count as a legal obligation in some circumstances, but not always, and not usually when originating abroad. A great many of any given company's electronic documents are likely to contain personally identifying information in some form. What exactly qualifies as personally identifying information varies by country, but in places it is as simple as full name or telephone number. The privacy directive sets out rules for how information is to be removed or redacted.
European rules also generally prohibit the export of any electronic data to countries with less restrictive privacy frameworks. The US is such a country. EU rules permit limited data exchanges with the US in the course of litigation, but only if certain requirements and self-certification standards are met.