Excerpts from this interview were originally published by Legaltech News. With more insights than could fit in one article, the full interview is republished here in two parts.
Both the world’s biggest economies after the United States, China and Japan, have not traditionally been big players in the e-discovery market. But with an increasingly global economy, the advent of national cybersecurity and data localization laws, and growing international M&A activity, these two economic titans are steadily growing their e-discovery operations and expertise.
To understand what is driving this trend and how e-discovery is unique to each country, ALM spoke with legal professionals with e-discovery experience in the Far East.
Given China’s cybersecurity law and the amendments to Japan’s Act on the Protection of Personal Information (APPI), what are some of the common region-wide aspects of Asian data privacy laws? Which aspects of data laws, and other laws, most impact or inhibit e-discovery operations?
Jared Nelson, partner at MWE China Law Offices in Shanghai:
One of the clearest trends is a balkanization or “de-globalization” of the internet and network systems. China was a notable early mover in these efforts with the setup of its ”Great Firewall” years ago, and the series of new laws and regulations coming from the PRC government in recent years has significantly contributed to the buildup of a separate Chinese internet through requirements on data localization and limitations or clearance procedures for cross-border transfers.
These developments tie into a larger, and much more important geopolitical trend that is also probably best exemplified in the region by China, which is the assertion of “cyber sovereignty” and the construction of digital borders over physical ones, leading to clearer jurisdictional lines and bolder regulations on internet and network activities.
If we consider the scope of the term “e-discovery operations” to focus on litigation production into US courts, the impact is already starting to be seen in the localization and cross-border transfer rules. The localization trend will mean that US companies will more frequently need to store data outside of the US and use a decentralized network architecture instead of the old method of having global data consolidated to be stored and managed all in the US. This decentralization means added complexity to data systems, more challenges in identifying potentially relevant data abroad during a US litigation, and a necessity for additional steps in collecting data outside of the US, all of which means added costs and time during litigation.
On top of that, cross-border transfer rules add a procedural layer, which is again more costs and time and will require US attorneys to become much more proficient in foreign data transfer rules. There is also the looming possibility of blocking statutes, similar to those in France, or other measures that may explicitly prohibit companies or individuals from producing documents into US courts; we haven’t seen any explicit or specifically designed examples of this yet, but it is the next step in the logical progression of the current trends.
James O’Donoghue, founder and president at In-House Advisory Group, focused on advising Japanese corporations and institutions on US legal matters:
The recent changes in both China and Japan’s privacy laws reflect a longstanding need for updated regulations in the region, though the two nations have taken radically different approaches to addressing privacy and data security concerns.
China’s policy, ostensibly, reflects an interest in governing the systems of data management, whereas Japan’s approach focuses on the disposition of the data itself. Companies operating within China are being forced to comply with a series of industry-specific protocols while facing increased exposure to Chinese regulators.
Japan’s updated APPI primarily consists of extensions to the original language of the APPI, coupled with stiffer penalties, and the creation of a commission to oversee the law’s enforcement. The new provisions add teeth to a law that has often been regarded as little more than set of guidelines for the disposition of personal information.
Given the disparate approaches, it is difficult to identify common themes between both laws. China’s law places a greater burden on institutions operating in the region, while Japan’s law places the onus on any party attempting to bring data out of Japan. Japan’s new provisions are undoubtedly more consequential for the e-discovery industry.
Abigail Cooke, Asia Pacific account manager at kCura:
Each major market for e-discovery in Northern Asia Pacific region (China, South Korea, Japan) has a data privacy law in place that requires that personal identifiable information of its citizens be kept in country or is reviewed and redacted before being exported. In this way, Northern Asia is somewhat similar to the federation of data privacy laws found across Europe.
In contrast with Asia, however, there has been some unification of European data privacy laws set forth under the General Data Protection Regulation (GDPR) and applicable to all EEA nations. Asia does not have a similar political structure in place; therefore, it remains necessary for companies to understand and adhere to each country’s law when operating across several countries in Asia.
What is driving the e-discovery markets in China and Japan?
Currently for our clients, M&A- and IP-related matters are not the driving force, but for China specifically with the growing concerns of non-domestic companies as it relates to IP enforcement, it inevitably will play an increasing role.
We are primarily dealing with matters that are investigative in nature, corporate audits, internal audits, and regulatory compliance. However, litigation is on the rise in China as state owned entities defend their business against non-domestic enterprises, which we support, and Chinese corporations continue to expand in the US, and international companies expand in China. Litigation is nowhere near the level of that in the US and is a few years behind in maturity, but we continue to see more of it.
In my home jurisdiction of China we have seen a series of new laws and regulations over the last couple of years that target both data localization and data transfer restrictions. In China, this is sure to strengthen an already mature market for local e-discovery and data forensic services, which were already in place largely due to the combinations of local licensing requirements and long-standing concerns over one of the [restrictions] on [transferring data deemed to be] state secrets, beyond an approved scope of access, outside of China.
[In Japan,] the recent changes in the APPI have undoubtedly spurred the need for attorneys and e-discovery specialists with experience exporting data from [the country]. The APPI requirements of consent and waivers for the transfer of personal information combines an aspect of institutional compliance with e-discovery. Specialists familiar with Japanese business culture and prevailing practices will need to work closely with in-house counsel and corporate law departments to ensure they are in conformity with the law.
Experience with implementing efficient and affordable protocols for the protection and masking of personal information is equally valuable. Given the relative lack of experience in cross-border litigation among many Japanese law firms, e-discovery companies often serve as informal counselors for data privacy concerns, making local e-discovery specialists and Japanese vendors indispensable.
In China, two things are happening that are building the e-discovery market and creating challenges to conducting e-discovery.
Multinational corporations have been opening offices in China over the last several years. Those operating in China are still subject to the laws in which they are headquartered or publicly traded. As such, regulators have the authority to ask for documentation from a company’s operations in China when under investigation.
At the same time, China has and still is passing some of the most restrictive data privacy and export laws in the region. Multinational corporations operating in China are then in a challenging position where they need to comply with an overseas request from the government of one jurisdiction but risk criminal and civil penalties for transporting or storing that data outside of China.
e-Discovery providers and lawyers in markets like China have had to carefully balance the risks of operating between governments that are seemingly in conflict over data requests and data transfer.
What country in this region would you say is the leader in e-discovery or the most advanced in terms of the scope and technological ability of their e-discovery operations? Why do you think this is?
I’m sure that I’m biased in my answer because of where I work and live, but to me it seems very clear that, among Asian countries, China is leading the way in terms of technological progress, market size, and rapid development. There seems to be a simple reason for this: significant and widespread client demand.
It’s hard to find a Fortune 500 company, or any manufacturing company of any size, that doesn’t have a presence here, and nearly all of them will run into situations where they need e-discovery services. That’s not to say that they all will be sued in US courts and need the litigation production side of e-discovery, but nearly all of these companies will be using the e-discovery approach, with similar technology, processes, and methodologies, for investigations.
The growing use of the e-discovery approach for finding electronic evidence during investigations has been the largest driver of the e-discovery market in China, and significantly overshadows, at least for now, the usage for litigation production. In addition, investigations have unique characteristics that spur rapid advancements in the methodology and technology, such as a much stronger focus on speed, an emphasis on results and finding key evidence over fulfilling procedural requirements, and a deep need for creative ideas to solve increasingly complex and ever-changing problems that exist in the whack-a-mole game of uncovering corruption and other white-collar crime.
Advancements in the e-discovery industry in Japan have been somewhat uneven because there is no domestic catalyst driving demand. The vast majority of services are provided for extraterritorial matters with the result that a small number of vendors and multinational clients have become sophisticated providers and users of e-discovery services, while the majority of Japanese corporations have never availed themselves of e-discovery services. While the Japan-based e-discovery industry has undoubtedly matured, there is simply not enough volume nor market potential to justify the technological investment typified by the US market.
This is a tough one because each market in Northern Asia has developed differently and for different reasons, which makes each of them experts within their field but not necessarily in the same category. We’ve seen a huge need for e-discovery in China, but it’s still a really challenging market to operate in for providers. The ones that grow and are doing it well are world-class in their understanding of e-discovery processes, procedures, and tools. Both Korea and Japan, however, are also in their biggest growth year from a Relativity standpoint. Through courses and trainings, customers across both countries have dedicated themselves to learning and growing in their experience, and their e-discovery businesses have flourished as a result.
Visit The Relativity Blog tomorrow for the second part of this article. We’ll learn how mergers and acquisitions, as well as intellectual property protection, are influencing the need for e-discovery operations in Asia. We’ll also find out what e-discovery technology adoption currently looks like in the region.
Rhys Dipshan is a journalist who covers in-house tech issues from early disruption to ghosts in the machine for Legaltech News, The National Law Journal, the New York Law Journal, and Corporate Counsel.