I am back from the Ninth Annual Sedona Conference International Programme on Cross-Border Discovery and Data Protection Laws organised by The Sedona Conference Working Group 6 (Sedona Working Groups are explained here). It took place in County Kildare, just outside Dublin on 20 to 21 June, and if I seem slow at writing about it, that is not just because of the principle that “what is said at Sedona stays in Sedona”.
Just as compelling a disincentive to settle down and write about is the mass of useful material, both written and oral, which is made available to WG6 members. How can one start summarising all that? The whole thing is a deep immersion in cross-border discovery and data protection which is unmatched anywhere else. It serves both as a top-up and a stimulus, with a skilled faculty pointing the way forward as well as summarising what has already happened.
Although Sedona’s rule is not a bar to non-attributable summary, I am going to spare myself, and you, any attempt to report on what was said. The agenda is publicly available, and you will see from it that the GDPR, the EU–US Privacy Shield, the extraterritorial reach of (mainly) US authorities, practical approaches for corporate counsel, jurisdictions beyond the EU, and ISO standards were all subjects for discussion.
In addition, there were sessions on Sedona’s own documents – we were guided through the updated International Litigation Principles (Transitional Edition) and the new International Investigations Principles (Public Comment version). The event materials are available to any Sedona Working Group member, and the modest subscription is worth paying just to get access to them.
Why does this matter to you? Even if you have no international business at all, as an organisation or law firm, the GDPR is coming to you, and in less than a year. The UK government has announced its intention of abiding by its terms both before Brexit (as it must anyway) and afterwards – an announcement to this effect was made while we were in Dublin.
Even the dimmest Little Englander Brexiteer will depend, directly or indirectly, on foreign trade. As we watch uselessly incompetent government ministers flailing around trying to shape a post-Brexit trading world, the burden will fall on businesses and law firms to make their own way. Former Environment Minister Andrea Leadsom (“the dimmest bulb in the Cabinet” as a former government aide described her last week) foresees a future based on exports of British tea, jam and biscuits, and worries that New Zealand lamb could destroy Welsh lamb farming.
Those with more brain than Leadsom worry about the wider and deeper implications of cross-border, and specifically transatlantic, data flows. London bankers and financiers eye up premises in Frankfurt and Dublin; English lawyers in droves are acquiring Irish practising certificates. There is a serious possibility that London will simply be by-passed as trade and talent flees to better-organised jurisdictions while third-raters like David Davis (Minister for Exiting the EU) blunder through our negotiations.
Brexiteers, by the way, consider the articulation of this kind of fear to be “talking our country down”. I am not doing that – there are enough lawyers and eDiscovery / eDisclosure providers to fashion a continuing role for London whatever mess we make of Brexit; it’s not a bad idea, though, to hedge your bets by establishing an EU presence.
It is unsurprising that the sponsors of the Dublin programme included NightOwl Discovery, Consilio, Epiq and AlixPartners; FTI Consulting took some of us out for a fine dinner. These are eDiscovery consulting businesses with London eDiscovery experience and skills but with feet in European jurisdictions beyond London. You are going to need them, and the event gave an opportunity to talk to them and find out how they are preparing themselves and their clients for what is to come.
By this time next year, the GDPR will be upon us; US courts and regulators will have had time to set new targets; the apparently conflicting opinions in the Google and the Microsoft cases may have settled down to some level of consistency; the subject will be increasingly raised in newspaper and other easily-accessible sources, not just in the arcane depths of technical sites and publications; there will be a growing awareness that what we are able to do will be influenced to a great extent by the state of our knowledge about our own and our clients’ data, and about the laws and rules which govern its handling and transmission.
There will be a visible distinction between those who can articulate these points to a corporate board, a regulator or a judge, and those who cannot do so. The latter will be left out of what will prove to be a fast growing business area. Sedona WG6 is a good place to find out how to be on the right side of that divide.