Precedent Set for GDPR Applicability in TTAB Proceedings

Written By Hosch & Morris

Privacy Plus+

Privacy, Technology and Perspective

Precedent Set for GDPR Applicability in TTAB Proceedings. Recently, the US Trademark Trial and Appeal Board (TTAB) issued a precedential decision regarding the applicability of the EU General Data Protection Regulation (GDPR) in TTAB proceedings.

Here is a link to the TTAB’s decision in Intercontinental Exchange Holdings, Inc v New York Mercantile Exchange, Inc and Chicago Mercantile Exchange, Inc v Intercontinental Exchange Holdings, Inc, 2021 USPQ2d 988 (TTAB 2021) [precedential]):

https://ttabvue.uspto.gov/ttabvue/ttabvue-91235909-OPP-45.pdf

During discovery, Intercontinental Exchange Holdings (ICE) faced requests for documents containing “personal data” covered by the GDPR. The TTAB has a standard protective order for use in proceedings before it, but ICE argued that the TTAB’s standard protective order is insufficient to protect “personal data” covered by the GDPR, and that the GDPR requires ICE to redact such data, including names, email addresses, and other information regarding certain of its employees, executives and officers in the EU.

The TTAB rejected that argument, noting that:

  1.  information such as an individual’s name, position, job title and email address generally must be produced in discovery pursuant to Federal Rule of Civil Procedure 26(b)(1);

  2. a foreign country’s law precluding disclosure of evidence in a U.S. court or tribunal will generally not deprive the U.S. court or tribunal of “the power to order a party subject to its jurisdiction to produce evidence even though the act of production may violate the [foreign law].” Societe Nationale Industrielle Aerospatiale v. U.S. Dist. Court, 482 U.S. 522, 544 n.29 (1987); and

  3. by its own terms, the GDPR does not preclude disclosure of personal data in litigation. See GDPR Article 49(1)(e) (providing for data transfers where “the transfer is necessary for the establishment, exercise or defense of legal claims”).

The TTAB then analyzed ICE’s arguments using the test articulated in Societe Nationale, 482 U.S. at 544 n.28, balancing these competing interests:

  1. the importance to the litigation of the documents or other information requested;

  2. the degree of specificity of the request;

  3. whether the information originated in the United States;

  4. the availability of alternative means of securing the information; and 

  5. the extent to which noncompliance with the request would undermine important interests of the United States, or compliance with the request would undermine important interest of the state where the information is located.

Applying the test established in Societe Nationale, the TTAB determined that its standard protective order would sufficiently protect the personal information at issue, and rejected the argument that the GDPR requires such information to be redacted from relevant business records.

---

Hosch & Morris, PLLC is a boutique law firm dedicated to data privacy and protection, cybersecurity, the Internet and technology. Open the Future℠

Hosch & Morris https://hoschmorris.com
Previous

A Biometric Database run by a Cryptocurrency Corporation?

Next

Connecticut’s New “Privacy Breach” and “Cybersecurity Standards” Acts Following Ohio And Utah