Party May Not Veil EU Individual’s Information under GDPR at the TTAB
In a rare precedential opinion, the Trademark Trial & Appeal Board (TTAB, Board) ruled that the EU General Data Protection Regulation (GDPR) does not apply in Board proceedings. Chicago Mercantile Exchange, Inc. v. Intercontinental Exchange Holdings, Inc., Opposition Nos. 91235909; 91254514 (T.T.A.B. Sept. 27, 2021) (Faint, Interlocutory Attorney).
This was a consolidated proceeding between Chicago Mercantile Exchange and New York Mercantile Exchange (collectively, CME) and Intercontinental Exchange Holdings (ICE) and brought before the TTAB. CME sought to amend the Board’s standard protective order (SPO) to allow in-house access to information and materials designated by ICE as “Confidential – Attorney’s Eyes Only” and asked the TTAB to find that the EU GDPR does not apply in the proceedings.
The Board’s SPO is automatically imposed in all inter partes proceedings. In order for the Board to disturb their SPO, CME needed to show that protection of ICE’s trade secrets will impair CME’s prosecution of its claims. ICE asserted that CME failed to show good cause for modification of the SPO and the Board agreed. As an initial matter, CME failed to provide information sufficient for the Board to determine in-house counsel’s responsibilities, including whether those responsibilities included competitive decision-making such that disclosure to in-house counsel would competitively harm ICE. Secondly, CME failed to clearly demonstrate that there was a need for access to the highly sensitive competitive information to adequately prepare its case. Accordingly, the Board denied CME’s motion to amend the protective order.
CME next raised the issue of whether ICE may redact names, email addresses and other information from documents and electronically stored information (ESI) originating in the European Union prior to its production on the basis that the GDPR requires such redaction. CME argued that because ICE waited more than 18 months to assert this objection, the objection is waived, that CME will be severely prejudiced if ICE’s objection stands and that the GDPR does not apply in inter partes Board proceedings.
For background, the GDPR is an EU regulation made effective May 25, 2018, in order to protect the privacy and security of EU citizens’ personal data by limiting the transfer of such information among member states of the European Union, as well as between the European Union and other countries, including the United States. The broad definition given to “personal data” in the GDPR encompasses “any information relating to an identified or identifiable person.” However, this class of information (an individual’s name, position, job title and email address) is generally required to be produced in discovery pursuant to the Fed. R. Civ. Pro. 26(b)(1).
In this precedential decision, the Board, citing the 1987 Supreme Court case Societe Nationale Industrielle Aerospatiale v. U.S. Dist. Court, established that a foreign country’s law precluding disclosure of evidence in US courts and tribunals will generally not deprive those courts and tribunals of “the power to order a party subject to its jurisdiction to produce evidence even though the act of production may violate that statute.”. Additionally, the GDPR does not per se bar disclosure of protected data in litigation and even provides for data transfers where “the transfer is necessary for the establishment, exercise or defence of legal claims.”
Assessing the withheld information in accordance with factors established in Societe Nationale, the Board determined that ICE is sufficiently protected under the SPO and rejected the argument that the GDPR requires ICE to redact the relevant business records.