Last month, the People’s Republic of China (PRC) announced plans to consolidate the country’s data protection functions into a single national data bureau tasked with regulating data privacy and data transfers for a nation of over 1.4 billion people. The announcement came almost a year and a half after China’s Personal Information Protection Law (PIPL) and Data Security Law (DSL) came into effect, which regulate the protection of personal information and the transfer of data out of China, respectively.

Given the number of multinational companies operating in China and targeting Chinese consumers, it is no surprise that the bureau’s establishment and the enactment of PIPL and DSL have garnered significant attention from companies seeking to ensure that their day-to-day operations do not run afoul of the new laws. However, these laws are not only affecting companies’ daily business operations—they also add an additional layer of regulations to the already complex process of exporting data from China for use in civil litigation in the United States.

Legal Impediments to Discovery Prior to PIPL and DSL

While PIPL and DSL are the latest PRC laws to present a challenge to the discovery process, they are not the first. Prior to the statutes’ enactment, several Chinese laws and regulations governing data deemed to be “state secrets” already presented significant hurdles to the discovery process in cases where litigants sought the production of information originating from China.

Under the Law of the PRC on Guarding State Secrets (GSSL), the definition of what constitutes a state secret is very broad and vaguely defined as information that could harm China’s national security or national interests. Under the law, any data that contains state secrets is prohibited from being disclosed and therefore cannot be transferred outside of China without the permission of the government authority that regulates the information at issue. Those who are found to have violated the SSPL face potential criminal and civil penalties.

PIPL prohibits accessing or handling the personal information of individuals located in China. Exceptions to this prohibition include obtaining the individual’s consent, as well as certain other limited exceptions outlined in Article 13 of the statute. The law also applies in certain situations where data is located outside of the PRC, such as when data is being handled or processed to track the behavior of persons located in China for marketing purposes.

The DSL regulates the transfer data out of China. The term “data” is very broadly defined under the DSL to include “any information record in electronic or other form.” The question of what types of data require government approval before being exported to the United States continues to be a subject of debate. However, most experts agree that at a minimum, information that is deemed “core” and “important” under the law, such as information that could harm China’s national security, cannot be exported out of the country without prior government approval.

As a result of these new laws, those seeking to produce information originating from China for purposes of civil litigation in the United States must not only review that information for state secrets, but must also be mindful of the restrictions on accessing personal information as well as information deemed “core” or “important” under the DSL. Companies that are found to have violated PIPL and DSL face steep penalties. For example, China’s largest ride-hailing service, Didi, was reportedly fined $1.2 billion last year for violations of these and other cybersecurity laws.

Complying With U.S. Discovery Obligations

Because the GSSL, PIPL and DSL are all foreign laws that block the production of information that would otherwise be discoverable under Rule 26 of the Federal Rules of Civil Procedure, they are treated as foreign blocking statutes under U.S. law. While litigants may object to the production of evidence based on the restrictions imposed by a blocking statute, the Supreme Court’s decision in Societe Nationale Industrielle Aerospatiale v. U.S. District Court for S. District of Iowa permits American courts to order the production of evidence even in circumstances where that production violates foreign law. See 482 U.S. 522, 544 (1987). Accordingly, litigants who are ordered to produce data governed by the GSSL, PIPL and DSL by U.S. courts are often put in the difficult position of weighing the penalties they face in China against potential sanctions from a U.S. court.

Parties seeking to produce information originating from China should consider taking the following steps to attempt to mitigate potential conflicts between GSSL, PIPL and DSL on the one hand and U.S. discovery obligations on the other.

Provide early notice to opposing parties and the court. At the outset of the litigation, educate the opposing party and the court regarding PRC laws and regulations that can often delay production of evidence. To the extent possible, be specific about the categories of data that are likely to be regulated and the steps that are being taken to mitigate the impact of these laws on the discovery process.

Request that the client and their counsel in China consult with relevant PRC authorities. From a legal perspective, information subject to SSL, PIPL and DSL can be produced in U.S. litigation if the relevant government authority in China provides its approval. However, in practice, this can be a very long and difficult process. Accordingly, it is important begin discussions with the governing authorities in China as early as possible and to document the efforts of your client and local counsel to obtain such approvals.

Ensure that all review protocols are thoroughly documented and information withheld is properly logged. As any data subject to GSSL, PIPL and DSL cannot be exported to the United States without first obtaining the approval of the relevant PRC authorities (or, in the case of PIPL, the consent of the individual whose data is sought), data collected in China as part of the discovery process must be reviewed in China for such information before it is transferred. U.S. and local counsel should work closely together to ensure all documents withheld or redacted are logged with sufficient information to provide the opposing party and the court with as much information as possible about the data and the reason it is subject to SSL, PIPL or DSL.

Engage an expert on PRC law who can provide testimony to the court. In addition to engaging local counsel for advice as to what information is governed by GSSL, PIPL and DSL, litigants should also prepare for the possibility that the opposing party will move to compel the production of documents withheld or redacted on the basis of PRC law. Given the evolving nature of these laws and their implementation, it can be helpful to engage an expert to provide the court with the relevant background on the PRC law, any recent guidance the government or PRC courts have provided on these issues, why PRC law is applicable to the specific set of data that was not produced, and the civil or criminal penalties that could be incurred if the information was produced.

While these steps may not resolve the conflict between PRC law and U.S. law, litigants who take these steps will demonstrate to opposing parties and the court that they have taken all possible steps to comply with their discovery obligations in the United States without violating PRC law.

Reprinted with permission from The Legal Intelligencer, © ALM Media Properties LLC. All rights reserved.