Two Chinese information security laws, the Data Security Law (“DSL”) and the Personal Information Protection Law (“PIPL”), are creating difficulties for parties involved in litigation in the United States seeking discovery materials stored in China.

Both the DSL and the PIPL require data processors to obtain approval from the Chinese government before transferring any data stored in China to a foreign court or law enforcement authority, or otherwise face significant penalties such as fines in the millions of dollars.

Litigants in the U.S. should be aware that the DSL and PIPL may impose significant costs and delays in the discovery process, and may be used to avoid turning over certain materials.

Key features of the DSL and PIPL

The DSL and PIPL, both of which are still in their infancy, were enacted with the aims of protecting data security and data privacy and safeguarding Chinese national security interests. The DSL took effect in June 2021 and the PIPL shortly thereafter in November 2021. Regulations expanding on the compliance obligations under the law and the definitions of certain key terms remain pending.

The DSL broadly applies to “data processing activities” which include collection, use, processing, transmission, disclosure, and data management, and where “data” includes any record of information in electronic or other form. The DSL applies to extraterritorial data processing activities as well as activities within China that would be detrimental to its national interests. According to the Article 36 of the DSL, Chinese organizations and individuals shall seek government approval prior to providing data stored in China to a foreign court or law enforcement authority. Fines for violation of Article 36 of the DSL range from approximately $15,600 to over $785,800 with additional fines and penalties possible for the employees responsible for such unauthorized transfers.

The PIPL is a comprehensive data privacy law that applies to the processing of personal information about individuals residing in China. Like the DSL, Article 41 of the PIPL requires personal information processors to obtain approval from Chinese government authorities prior to providing personal information to a foreign court or law enforcement authority. The fines for violations of Article 41 of the PIPL are up to approximately $7.8 million or 5% of a company’s annual revenue in addition to civil and administrative penalties.

Difficulties in U.S. Courts

A judge sitting in the United States District Court for the District of New Jersey recently rejected a Chinese-based defendant’s (“ZHP”) year-long bid to shield documents from discovery based on the State Secrets Law, DSL, and PIPL. Judge Robert B. Kugler, in rejecting ZHP’s bid, held that it could not wield the Chinese “blocking statutes” as a shield from unfavorable discovery.

The decision indicates that U.S. courts will be unlikely to grant accommodations to parties citing the DSL and PIPL as an excuse for non-disclosure at this stage. However, as Judge Kugler noted, parties seeking evidence stored in China may still face denials for cross-border transfers of information and delays in the discovery process moving forward.

The “blocking statutes” may remind U.S. judges and law enforcement agencies, to some extent, of the hardships that conflicts of law can create for parties. However, how they will change the discretion of U.S. judges and law enforcement agencies in the future remains uncertain.

Key Takeaways:

  • Parties involved in litigation in the U.S. may face significant difficulties in obtaining information stored in China during the discovery process.
  • The DSL and PIPL standards for data transfer are broad and unclear and may be up to the discretion of the Chinese government on a case-by-case basis.