One of the more controversial portions of the EU's forthcoming General Data Protection Regulation is a provision restricting the ability of EU businesses to comply with demands from non-EU courts for the production of documents containing personal data. However, following a recent announcement by the UK government, these restrictions will not apply to businesses in the UK.
The EU's forthcoming General Data Protection Regulation ("GDPR") contains many new provisions that are likely to prove problematic for businesses. One provision that is particularly contentious is Article 43a, which applies to any decision of a non-EU court or authority requiring an EU business to produce documents containing personal data. Article 43a states that any such decision is only enforceable if it is based on an international agreement (such as a mutual legal assistance treaty ("MLAT")). While MLATs are fairly common – for example, an MLAT has been in force between the US and the EU since 2010 – Article 43a would likely require courts and authorities in countries such as the US to formally submit a request pursuant to the treaty, rather than requesting the information directly from the business at issue via subpoena, search warrant, or other court order. Article 43a is sometimes called the 'anti-FISA' provision, because it appears designed to restrict the ability of non-EU courts (including the US court responsible for overseeing the Foreign Intelligence Surveillance Act of 1978 ("FISA"), which authorised US mass surveillance programs such as PRISM) to demand the production of documents containing personal data from businesses in the EU. However, the UK government has issued a Written Statement confirming that the restrictions set out in Article 43a will not apply to businesses in the UK.
Click here to download PDF.
This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2016 White & Case LLP