A federal magistrate judge in the Northern District of California recently rejected a Chinese company’s attempt to invoke China’s recent Personal Information Protection Law (“PIPL”) to limit discovery obligations in the United States. In Cadence Design Sys., Inc. v. Syntronic AB, No. 21-cv-03610-SI, United States Chief Magistrate Judge Joseph C. Spero refused to limit the PIPL’s legal obligations exception to Chinese laws and China-recognized orders. On June 24, 2022, the Court denied defendants’ motion for reconsideration of the Court’s earlier order compelling Defendant Syntronic (Beijing) Technology R&D Center Co., Ltd. (“Syntronic Beijing”) to produce computers in the possession and custody of defendants in China, for inspection in the United States. While on its face China’s PIPL would seemingly prohibit production of these China-stored computers into the United States without the consent of current and former individual employees (who have refused to consent), the Court ruled that its order in the case created a legal obligation sufficient to invoke the legal obligation exception under PIPL Article 13.
Background
Last year China enacted two data privacy laws, which collectively created a new sweeping system dealing with data security and privacy. These two laws will undoubtedly have a significant impact on multinational companies whose operations relate to or touch China.
China’s Data Security Law (“DSL”), which was passed in June 2021 and went into effect on September 1, 2021, sets up a framework that classifies data collected and stored in China. The key focus of the DSL is the protection and security of critical data relating to national security and the public interest. The most significant element of the law is the data classification system whereby the government will classify different types of data based on its level of importance and then publish a protection standard for each class of data. Similar to recent data privacy laws in California and elsewhere in the United States, the DSL leaves a number of open items for further clarification by more detailed regulations, rules and notices.
China’s PIPL, which was passed in August 2021 and went into effect on November 1, 2021, is China’s first comprehensive legislation regulating the protection of personal information. The PIPL applies to “the activities of handling the personal information of natural persons within the borders of the People’s Republic of China.” And according to PIPL Article 3, the PIPL is intended to have extra-territorial reach. Personal Information is defined broadly under PIPL Article 4 as “all kinds of information, recorded by electronic or other means, related to identified or identifiable natural persons, not including information after anonymization handling.” Additionally, “[p]ersonal information handling includes personal information collection, storage, use, processing, transmission, provision, disclosure, deletion, etc.” Given the breadth of these and other definitions in the PIPL, many questions likewise remain unanswered as to what and how the personal information is to be protected and handled under the PIPL.
Article 13 exceptions and the Cadence Design Court’s interpretation
PIPL Article 13 sets forth several exceptions that permit “Personal information handlers” to seek and obtain protected personal information of individuals in China. The three enumerated exceptions at issue in the Cadence Design case were exceptions 1, 3, and 7, which excuse compliance where (1) the Personal information handlers . . . [o]btain[] individuals’ consent”; (3) “Where necessary to fulfill statutory duties and responsibilities or statutory obligations;” and (7) “Other circumstances provided in laws and administrative regulations.”
In the Cadence Design case, the plaintiff’s discovery triggered PIPL Article 39, which applies “[w]here personal information handlers provide personal information outside of the borders of the People’s Republic of China,” and requires (a) notice to “the individual [whose personal information is sought] about the foreign receiving side’s name or personal name, contact method, handling purpose, handling methods, and personal information categories, as well as ways or procedures for individuals to exercise the rights provided in this Law with the foreign receiving side, and other such matters,” and (b) to “obtain individuals’ separate consent.” There was no dispute that the plaintiff did not comply with PIPL Article 39. Rather, the dispute was whether the discovery and the U.S. Court’s order excused compliance with PIPL Article 39 under exception 3 or 7 in PIPL Article 13. Thus, the questions for the Court were what constitutes “necessary to fulfill statutory duties and responsibilities or statutory obligations” and what is included under the “[o]ther circumstances provided in laws and administrative regulations” under the Article 13 exceptions.
The Court ruled that the PIPL does not require the legal obligation be “statutory” to fall within the third exception of Article 13, but instead “should be translated as referring to ‘obligations provided by law’ rather than ‘statutory duties or obligations.’” The Court also found that the seventh exception of Article 13 refers broadly to “other relevant provisions of this Law,” which does not explicitly limit its reach to provisions of the same chapter or section. Moreover, the Court found that nothing in the PIPL itself indicates the seventh exception of Article 13 is limited to Chinese law only.
The Court further agreed that Syntronic Beijing’s U.S. discovery obligations, including the Court’s previous order to produce the computers for inspection in the United States, is a cognizable legal duty within the meaning of the third exception in Article 13. Thus, the Court ruled that Syntronic Beijing must comply with the Court’s prior discovery order and that doing so was within the scope of the exceptions in Article 13 and, therefore, did not violate the PIPL.
Conclusion
While the Cadence Design court found that Chinese data privacy law does not excuse a China-related party’s court-ordered discovery obligations in the United States, many questions remain unanswered. Indeed, as Judge Spero observed in Cadence Design, “The PIPL is a recently enacted law that does not appear to have yet been subject to significant judicial or otherwise authoritative interpretation.” With additional Chinese regulations still forthcoming for the PIPL and DSL, together with the uncertain implementations of China’s new data privacy laws and their extra-territorial application for U.S. litigants in U.S. courts, we likely have not heard the last word on the effect China’s PIPL and DSL may have on China-related parties’ discovery obligations in litigation venued in the United States.
For China-related parties engaged in litigation in the United States, it is important to have written discovery requests analyzed by counsel with an understanding of the PIPL and DSL. If you have any privacy related questions, please contact the authors or the other attorneys in the Data Security and Privacy team at Atkinson Andelson Loya Ruud & Romo.
This AALRR post is intended for informational purposes only and should not be relied upon in reaching a conclusion in a particular area of law. Applicability of the legal principles discussed may differ substantially in individual situations. Receipt of this or any other AALRR publication does not create an attorney-client relationship. The Firm is not responsible for inadvertent errors that may occur in the publishing process.
© 2022 Atkinson, Andelson, Loya, Ruud & Romo
- Partner
Brian Wheeler is Chair of the firm’s Commercial and Complex Litigation Practice Group. He also leads the firm’s Intellectual Property and Data Privacy practices within the Practice Group, overseeing AALRR’s team of ...
Other AALRR Blogs
Recent Posts
- Alert: FinCEN Announces Limited Extensions to Corporate Transparency Act Reporting Deadlines
- Court of Appeal Sheds Light On The Rights Of Limited Liability Companies And Its Members
- Dueling OpenAI Copyright Cases to Remain Separate, Parallel Actions on Both Coasts
- Section 16600 and the Fate of Trade Secret Exception
- The Contract Is In The Details
- Teaming With Our Clients – California Adopts “Initial Disclosures” in State Court Civil Litigation
- Recent Court of Appeal Decision Shows The Limits Of Exculpatory Clauses In Commercial Leases, Including Limitation of Damages Provisions
- Understanding Deceptive California Statement of Information Scams
- Closing of Pre-Hearing Discovery Loopholes in Arbitration
- International Enforcement of U.S. Trademarks: Simplicity for Complexity’s Sake
Popular Categories
- (26)
- (1)
- (24)
- (15)
- (4)
- (4)
- (2)
- (3)
- (3)
- (2)
- (2)
- (5)
- (2)
- (4)
- (5)
- (1)
- (4)
- (1)
- (3)
- (2)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
Contributors
- Cindy Strom Arellano
- Reece C. Bennett
- Eduardo A. Carvajal
- Michele L. Collender
- Scott K. Dauscher
- Christopher M. Francis
- Evan J. Gautier
- Carol A. Gefis
- Edward C. Ho
- Micah R. Jacobs
- John E. James
- Jonathan Judge
- David Kang
- Jeannie Y. Kang
- Joseph K. Lee
- Shawn M. Ogle
- Kenneth L. Perkins, Jr.
- Jon M. Setoguchi
- Jon Ustundag
- Brian M. Wheeler