Posted on: July 21, 2016in Blog
International eDiscovery: How to Handle Data Transfer Restrictions in China
With investigations and litigation becoming more common in China, there has been a growing need for eDiscovery services to be established inside the Great Chinese Firewall. Frankly, the concept of eDiscovery is new to China, and the procedures surrounding it are still developing.
In a country where discovery simply isn’t practiced unless it is instigated from a court or government regulator external to China, it isn’t surprising there are no “Federal Rules for Civil Procedure” for guiding eDiscovery processes within the country. However, investigations in China are starting to use technology normally reserved for supporting eDiscovery for litigation as a part of their arsenal. Using technology to find key information within datasets is one thing - getting the final results to the appropriate side of the world so it can move things forward is another.
3 Specific Barriers Restricting International Data Transfer
China’s stringent data restrictions prevent transfer of data containing certain content from crossing China’s border, creating a chilling effect for international eDiscovery and litigation projects. The restricted content can generally be classified into three groups:
- PRC (People’s Republic of China) State Secrets
- Archive Data (financial audit information)
- Personally Identifiable Information (PII)
1. PRC State Secrets
The most notable data barrier for international eDiscovery is the PRC State Secret Law. The definition of PRC State Secret remains sufficiently vague and subject to interpretation in line with prevailing political whims. Generally speaking though, the PRC State Secrets include a wide range of topics —from highly sensitive topics such as national defense, foreign relations, state finances, and infrastructure, to much less sensitive topics, such as culture, education, hygiene, and meteorological forecasts.
It also includes broad and vague definitions for catch-all provision covering “all state affairs not yet decided upon” and “all other state affairs that must be kept secret.” How’s that for an overly broad definition!
2. Archive Laws
The second data barrier deals with PRC Archive Laws which pertain to accounting and audit transactions containing financial and related information. Accounting firms based in China have effectively used this as a shield stating that under Chinese law, "accounting firms in China are not permitted to produce documents, including audit work papers, directly to any foreign regulator without Chinese government approval.” This was the shield that the Chinese offices of the Big Four used to combat the SEC in the 2012 Muddy Waters case. Again, this can be a significant cross border data barricade for an investigation or litigation involving accounting ESI.
3. Personally Identifiable Information
On December 28, 2012, the China National People’s Congress, China’s legislative body passed “The Decision on Strengthening Network Information Protection” which contains various principles for protecting, collecting and using electronic personally identifiable information (PII) in China.
According to the Decision, these principles were passed “in order to protect network information security, protect the lawful interests of citizens, legal persons and other organizations, and safeguard China’s security and social order”. The decision provides legal protection for electronic information that is personally identifiable, involves personal privacy or attorney client confidentiality, and imposes various obligations on network service providers and other entities that collect and use the electronic personal information of Chinese citizens. Therefore, before data can cross the China border, it needs to be screened and redacted for PII content or be presented to the individual for them to provide consent to release.
China's Strict Policy on International eDiscovery and Data Transfer
China is often unwilling to cooperate with requests for the transfer of certain documents and information unless certain clearance protocols are followed. It is critical to clear all relevant documents of any state secrets, accounting and PII within China’s borders before it is allowed to leave China, and done correctly in order to reduce risks. Violating Chinese regulations normally results in severe penalty. A recent article in the China Business Law Journal states: “There have been many recent headline-grabbing cases where investigators have crossed the line and created criminal liabilities resulting in prison sentences or other penalties.”
Yet, China’s recent easing of regulatory burdens has resulted in an increased number of cross-border deals, internal and regulatory investigations, along with often hard-to-define, confusing and risky, legal attributes. As digital evidence within China continues to exponentially grow, and as non-China businesses enter the Middle Kingdom while Chinese businesses expand out, the need to support eDiscovery services for litigation and investigations in China is rapidly accelerating.
D4 in China
D4 understands and tackles these specific data protection and privacy issues of conducting eDiscovery training and support services inside China. With our commitment to protect and securely service our customers, D4 has established our repeatable and knowledgeable Best Practice approach—for collecting, processing, and reviewing for international eDiscovery—in our world-class Shanghai data center.
D4 insures proper procedure in preserving data privacy and security issues in investigation and litigation matters by respecting and adhering to Chinese regulations, business practices and cultures. Our ability to engage in-country counsel and review services, and secure data center hosting for client data on servers located within the People’s Republic of China, ensures our customers are in compliance with multinational data protection laws and meeting Chinese requirements.
D4 Shanghai provides a full suite of services including eDiscovery managed services, ESI collection, computer forensics, data processing, review hosting and the use of advanced analytics including Predictive Coding. Along with reducing risk and saving time and money for our customers, we work in harmony with the complex legal system in China and manage the nuances of international eDiscovery.
D4 Weekly eDiscovery Outlook
Power your eDiscovery intellect with our weekly newsletter.
Posted June 21, 2017
Control Litigation Costs by Making the Most of Your Internal Capabilities
Posted June 15, 2017
Shanghai OSAC Quarterly Meeting
Posted June 15, 2017
5 Ways to Reduce eDiscovery Costs Before and During Litigation
Posted June 07, 2017
Defensible Deletion Strategy: Getting Rid of Your Unnecessary Data
Posted May 31, 2017
How Does the EU-US Privacy Shield Affect Cross-Border Discovery?
Posted May 24, 2017
Unique eDiscovery Challenges with Mobile Device Data and How to Solve Them
Posted May 17, 2017
How to Comply with 21 CFR and HIPAA Data Retention Requirements
Posted May 11, 2017
4 Key Advantages of Conducting Remote Depositions
Posted May 03, 2017
eDiscovery in International Dispute Resolution: What Experts Want You to Know
Posted April 27, 2017
China Expands Data Transfer Requirements for its Cybersecurity Law