Court Holds that China’s Data Privacy Law Does Not Bar U.S. Discovery

Photo by Beijing Patrol on Flickr (CC BY 2.0)

A recent decision held that China’s new data privacy law does not bar compliance with U.S. discovery orders. In Cadence Design Systems, Inc. v. Syntronic AB, Chief Magistrate Judge Joseph Spero reasoned that there was no conflict between his discovery order and China’s Personal Information Protection Law (PIPL) because of an exception in the PIPL for transfers necessary to fulfill statutory obligations.

Cadence Design Systems sued Syntronic for using its software without a license. Judge Spero ordered the defendant to send 24 computers from China to the United States for inspection. On a motion for reconsideration, Syntronic argued the computers contain protected personal information of its employees and that Article 39 of the PIPL requires the employees’ individual consent before their information could be transferred outside China.

Judge Spero held that the PIPL did not bar compliance with the court’s discovery order because of an exception in Article 13, permitting transfers of personal information “[w]here necessary to fulfill statutory duties and responsibilities or statutory obligations.” Relying on the plaintiff’s expert, the judge interpreted the exception as applying to all “obligations provided by law,” not just statutory obligations. Critically, he also interpreted the exception as applying to foreign legal obligations, not just Chinese ones.

Although the PIPL went into effect on November 1, 2021, two prior U.S. decisions have already considered its impact on U.S. discovery orders. The decision in Cadence Design Systems, however, appears to be the first to interpret and apply the PIPL’s exception for statutory obligations. This exception in the PIPL is comparable to an exception in the EU’s General Data Protection Regulation (GDPR) Article 49(1)(e) for transfers “necessary for the establishment, exercise or defence of legal claims.” Parties have sometimes argued that this “litigation exemption” similarly permits compliance with U.S. discovery orders.

But other Chinese laws limiting transfers of information do not have similar exceptions. Article 25 of China’s Guarding State Secret’s Law prohibits transfers of state secrets abroad without government approval. Article 36 of China’s Data Security Law prohibits transfers of “data stored within the mainland territory of the PRC to the justice or law enforcement institutions of foreign countries without the approval of the competent authorities of the PRC.” It seems likely that parties will increasingly raise these laws, in addition to the PIPL, to resist U.S. discovery.

Typically, U.S. courts order discovery irrespective of whether it conflicts with foreign laws. This approach traces back to Société Nationale Industrielle Aérospatiale v. U.S. District Court (1987), in which the U.S. Supreme Court held that first resort to the Hague Evidence Convention was not required despite a French statute prohibiting the production of evidence for use in foreign courts except pursuant to a treaty. As Maggie Gardner has shown, U.S. courts have consistently refused to limit discovery requests in deference to foreign blocking statutes. Chinese statutes have been raised in relatively few cases so far, but they seem unlikely to carry any more weight in the Aérospatiale analysis than the French blocking statute and the GDPR.