United States: The Impact On U.S. Discovery Of EU Data Protection And Discovery Blocking Statutes


As we publish this January 2013 edition of our paper, nations throughout the world are grappling with the challenges of protecting personal information in today's fast-moving, global economy. Countries from Argentina to Vietnam have enacted data privacy laws, and many are seeking to strengthen the protections that are already in place. In the past 12 months, the European Commission (the "Commission") proposed sweeping changes to Europe's approach to data protection1 and France's data protection agency, the CNIL,2 declared that it was "ready for combat" to protect French information in an increasingly digital world.3 We expect significant data protection developments in 2013.

This paper continues to focus on Europe, which has long viewed the privacy of personal information and data as a fundamental right. The countries of the European Economic Area ("EEA")4 protect data in accordance with the EU Data Protection Directive (the "EU Directive").5 Each EEA country has implemented the EU Directive in its own way, leading to a complex web of privacy legislation, which, along with foreign discovery "blocking statutes," greatly restrict the transfer of data from Europe to the United States.

Practitioners need to be aware of country-specific privacy and discovery blocking legislation, as well as the potential implications these laws have on obtaining discovery for U.S. litigation. For that reason, we have included links and citations to a wide variety of recent materials published by entities as diverse as the American Bar Association and Europe's Working Party on the Protection of Individuals with regard to Processing of Personal Data ("Working Party").6

This paper is organized in two parts. Part I provides an overview of the EU Directive and discovery-blocking statutes, addresses their impact on U.S. discovery, and proposes guidelines for navigating the choppy waters of international discovery. Part II surveys the data privacy statutes, commonly encountered blocking statutes, and selected case law pertaining to each EEA country. Each country's section is up-to-date as of December 2012.

This paper provides an overview of a complex subject and is a starting point for additional, country-specific research. The Hughes Hubbard eDiscovery Practice Group wishes to thank Yohance Bowden for his help in preparing this paper.



I. The EU Directive

A. Scope, Implementation and Enforcement

The EU Directive was adopted by the European Commission (the "Commission") on October 24, 1995 and took effect three years later on October 25, 1998.7 Its stated purpose is twofold: (i) to harmonize divergent data protection regimes

in the Member States in order to remove obstacles to the free flow of information and (ii) to "protect fundamental rights and freedoms, notably the right to privacy"8 by establishing minimum safeguards for the use of personal data.

The EU Directive covers public and private sector employees9 and, importantly, protects their rights even when electronic data is transferred out of the European Union ("EU"). The EU Directive accomplishes this by restricting both the "processing" and "transfer" of their data. The Directive does not apply to "processing operations concerning public security, defense, State security (including the economic well-being of the State when the processing operation relates to State security matters) and the activities of the State in areas of criminal law."10 Nor does it apply to processing by an individual engaged in a "purely personal or household activity."11

The EU Directive obligates each EEA country to enact data protection laws that are at least as protective of personal privacy as the EU Directive itself. Each EEA country has complied with the Directive by enacting its own data protection laws, reflecting that country's individualized choices with respect to the definition of personal data, the level of protection afforded personal data, and the penalties for privacy violations. Some countries, such as Germany, France, and Italy, enacted data protection laws that are significantly stronger than the minimum required by the EU Directive.

The EU Directive also obligates each EEA country to create an independent data protection authority ("DPA") to oversee compliance with that country's data protection laws. Each DPA must have the power to investigate and intervene in data processing operations.12 The European Commission monitors each country's DPA to ensure that the DPA adheres to the EU Directive. The Commission may bring a legal proceeding against a country whose DPA falls short of these requirements. For example, the Commission referred Austria to the European Court of Justice for allegedly not having a DPA that met EU independence requirements.13 In a high-profile referral, the Commission referred the UK to the European Court of Justice for "not fully implementing EU rules on the confidentiality of electronic communications such as email or internet browsing."14

Data privacy violators may face sanctions from both public and private sources. First, the EU Directive requires each member country, through its DPA or judicial authority, to impose sanctions against violators, such as fines, imprisonment, or both.15 Second, Article 23 of the EU Directive requires each member country to allow EEA citizens to bring private civil actions against violators.16

On January 25, 2012, the European Commission published a draft "General Data Protection Regulation," a proposed reform that would significantly change data protection laws and regulatory schemes across Europe.17 The proposed reform seeks to reduce the confusion caused by the fragmented approach companies currently face when dealing with DPAs across the member states of the EEA. The proposed reform seeks to strengthen data privacy protections. It stiffens penalties for noncompliance and expands the reach of the law to all companies seeking to process data belonging to EU residents, regardless of the company's location. The Commission hopes to obtain the agreement of all member states by June 2014 so that the regulation can take effect by June 2016.18

B. "Personal Data"

The EU Directive restricts access to and the use of "personal data." Personal data in the EEA has a much broader scope than in the United States. The EU Directive defines "personal data" as "any information relating to an identified or identifiable natural person ('data subject')," including workplace information pertaining to employees.19 In implementing the Directive, EEA countries have defined "personal data" in slightly different ways, but "personal data" generally refers to any data that permits the identification of an individual, either directly or indirectly, through means reasonably likely to be used by either the data controller or a third party.20 This includes information that is not considered "personal" in the United States, such as job titles, office locations and email addresses, but which is considered "personal" in EEA countries because it can be linked to a person whom — in the language of the Data Protection Directive — "can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity."21

In the United States, we generally associate the phrase "personal data" with a limited set of data such as medical information and social security numbers. In Europe these types of data are considered "sensitive data," and are even more highly protected than "personal data." Sensitive data includes information of a highly personal nature that reveals an individual's race, ethnicity, political opinion, religious or philosophical beliefs, trade union membership, mental or physical health, sex life, criminal convictions, civil judgments or sanctions.22 Under Article 8 of the EU Directive, Member States and data controllers are prohibited from processing sensitive personal data, subject to some very limited exceptions.23

C. "Data Controller"

Under the EU Directive, a data controller is a "natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data."24 Data controllers can be entities or employees charged with making decisions regarding the processing of personal data. Data controllers must implement measures to protect personal data from accidental or unlawful destruction or loss, alteration or unlawful disclosure or access.25

D. "Processing"

One of the activities to which the EU Directive applies is the "processing" of data. "Processing" is defined broadly as "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction."26 This definition encompasses essentially every action taken in connection with U.S. discovery.27 It is much broader than the concept of "processing" commonly used in the United States. In the United States, "processing" is generally limited to technical actions, such as filtering, indexing, culling, de-duplicating, and converting data from one format to another.

The EU Directive prohibits the processing of personal data except where certain conditions are met. These conditions, which are set out in Articles 6, 7, and 10 of the EU Directive, are designed to ensure that data processing is proportional (Article 6), legitimate (Article 7), and transparent (Article 10).

1. Article 6 Requirements: Under Article 6 of the EU Directive, member states must ensure that the processing of personal data is:

(a) Fair and Lawful – personal data must be processed fairly and lawfully;

(b) Purpose-Limited – personal data must be "collected for a specific, explicit and legitimate purpose and not further processed in a way that is incompatible with those purposes;"

(c) Relevant in Scope – the collected data must be "adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed;"

(d) Accurate and Current – personal data must be accurate and up-to-date, and every reasonable step must be taken to ensure that inaccurate or incomplete data (in terms of the purposes for which they are collected or processed) are erased or rectified; and

(e) Time-Limited – personal data must be "kept in a form that permits data subjects to be identified for no longer than is necessary for the purposes for which the data were collected or for which they are further processed."

2. Article 7 Requirements: Article 7 of the EU Directive requires member states to provide that personal data may be processed only if one or more of the following conditions are met.

(a) Consent – Personal data can be processed if the data subjects "unambiguously" provide "informed" and "voluntary" consent.28 While this sounds good in principle, it can be very difficult in practice to obtain the consent of all the data subjects. For example, in order to process email, a data controller may need to obtain consent not only from the custodian of the email, but also from each and every sender and recipient of each email, including, perhaps, bcc addressees who may only be identified by the email's metadata. Even if the difficult identification hurdle can be overcome, other obstacles remain. For example, in certain countries employees may not be able to provide "unambiguous" consent as a matter of law.29

(b) Performance of a Contract Involving a Data Subject – Personal data may be processed if "necessary to the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering a contract."30 This provision applies to processing that is necessary to achieve the specific purpose of the contract.

(c) Compliance with Legal Obligations – Personal data may be processed when "necessary for compliance with legal obligations to which the controller is subject."31 (As discussed below in section B, EEA countries generally do not recognize discovery obligations imposed by the United States or other non-EEA jurisdictions as "legal obligations" sufficient to allow the processing of personal data.)32

(d) Protection of Data Subject's Vital Interests – Personal data may be processed when "necessary in order to protect the vital interests of the data subject."33

(e) Tasks Carried Out in the Public Interest – Personal data may be processed "when necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the control or in a third party to whom the data are disclosed."34

(f) Controller or Third Party's Legitimate Interests – Personal data may be processed "when necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject which require protection under Article 1(1)."35 (Similar to the situation concerning compliance with legal obligations, EEA countries generally do not recognize discovery obligations imposed by United States or other non-EEA jurisdictions as "legitimate interests" of data controllers that would justify processing personal data.)36

3. Article 10 Requirements: Article 10 of the EU Directive requires employers to notify employees that data about them is being collected and to provide them with (1) the identity of the controller and its representative, if any, (2) the intended purpose of the processing, and (3) any additional information, such as the recipients' identities, the need to respond to questions relating to the processing, notification of the employees' rights to obtain processing progress updates, to make updates to their data being processed, and to require the controller to notify third parties about those updates.37 Importantly, employers must disclose if the data will be transferred outside the EEA.

E. Transfer of Personal Data to Third Countries

Although the EU Directive does not actually define the term "transfer," the European Commission construes that term broadly to include any transmittal of personal data, whether paper or electronic. To ensure that controllers do not circumvent the EU Directive's protections by transferring data outside of the EU for processing, the EU Directive expressly prohibits the transfer of personal data to non-EU countries, except in limited circumstances.38

There are three categories of exceptions to the general prohibition against

transfer of personal data outside of the EU. It is useful to think of these as country-based, corporate-based, and condition-based.

1. Country-Based Exceptions: There are two types of country-based exceptions. The first exception is for countries that the European Commission finds provide adequate data privacy protection. The second exception pertains solely to the United States and is referred to as the "Safe Harbor Program."

a. Third Country Adequacy Findings. The EU Directive permits transfers "where the third country in question ensures an adequate level of protection."39 The European Commission determines whether a particular country provides an adequate level of protection. To date, the Commission has made adequacy findings (to which EEA countries are bound) with respect to eleven non-EEA countries: Switzerland (July 2000), Canada (December 2001 (for data subject to the Canadian Personal Information Protection and Electronic Documentation Act)), Argentina (June 2003), the Bailiwick of Guernsey (November 2003), the Isle of Man (April 2004), the Bailiwick of Jersey (2008), Andorra (2010), the Faroe Islands (2010), Israel (2011) Uruguay (2012) and New Zealand (2012).40 The Commission does not view the United States as having adequate protections in place for the transfer of data. Thus, this exception does not provide a basis for the transfer of personal data to the United States.

b. United States Safe Harbor Program. The European Commission permits transfers of personal data to the United States in accordance with the Safe Harbor Privacy Principles of the United States Department of Commerce (July 2000) (the "Safe Harbor Program"). The Safe Harbor Program was developed by the Commerce Department in consultation with the European Commission to permit the transfer of data to U.S. entities that self-certify that they have implemented internal data practices consistent with the United States EU Safe Harbor framework.41 The Safe Harbor Program is available only to companies that fall within the jurisdiction of the Department of Commerce, a limitation that excludes telecommunication and financial companies.


1. http://ec.europa.eu/news/business/120125_en.htm .

2. Commission nationale de l'informatique et des libertés is an independent French administrative authority whose mission is to ensure that data privacy law is applied to the collection, storage, and use of personal data. The agency was established by French law No. 78-17 in January 1978.

3. http://www.cnil.fr/fileadmin/documents/en/Cnil-RA2011-EN/index.html .

4. The European Economic Area consists of the 27 Member States of the European Union plus Norway, Liechtenstein and Iceland (collectively, the "EEA" or "EEA countries"). The Member States of the EU are: Austria, Belgium, Bulgaria, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, The Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom (U.K.). Seehttp://europa.eu/abc/european_countries/index_en.htm . The non-EU members of the EEA have agreed to enact legislation to implement the EU's data protection policies.

5. Council Directive No. 95/46/EC, O.J. L 281/31 (1995),

http://ec.europa.eu/justice/policies/privacy/docs/95-46-ce/dir1995-46_part1_en.pdf .

6. The Working Party on the Protection of Individuals with regard to Processing of Personal Data is authorized by Article 29 of the EU Directive to oversee implementation of the EU Directive in the EEA, to address data protection issues and to issue recommendations, non-binding opinions and working documents to provide guidance in formulating appropriate and consistent data protection practices. It is comprised of, among others, representatives of the data protection authorities that oversee compliance with privacy legislation in the EEA countries. Council Directive No. 94/46/EC, art. 29, O.J. L 281/47 (1995).

7. Council Directive No. 95/46/EC, art. 32, O.J. L 281/49 (1995).

8. Id., O.J. L 281/38, at ¶ 10 (1995).

9. Id., art. 5-21, O.J. L 281/39 (1995).

10. Id., art. 3, O.J. L 281/39 (1995).

11. Id.

12. Id., art. 31, O.J. L 281/49 (1995). DPAs can order blocking, erasure or destruction of data, impose a ban, admonish a controller, engage in legal proceedings or notify judicial authorities where there have been violations. They may also hear claims lodged by any person who feels his or her rights have been violated.

13. http://www.lexology.com/library/detail.aspx?g=3bd2c02d-0b70-4ea4-90b5-c6a9997072b8 .

14. http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1215 .

15. Council Directive No. 95/46/EC , art. 24, O.J. L 281/45 (1995).

16. Id., art. 23(1), O.J. L 281/45 (1995).

17. Go to, then select "Regulation".

18. "Euro wonks lay SMACKDOWN on draft data protection rules; Little love for proposed privacy regulation", The Register, March 14, 2012; http://www.theregister.co.uk/2012/03/14/eu_data_protection_regulation_divisions_among_member_states_exposed/

19. Council Directive No. 95/46/EC , art. 2(a), O.J. L 281/38 (1995).

20. Article 29 Data Protection Working Party, Opinion 4/2007 on the concept of Personal Data (012480/07/EN WP 136) (June 20, 2007), http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf .

21. Id.

22. Council Directive No. 95/46/EC, art. 8(a) and 9(5)-(6), O.J. L 281/40, (1995).

23. Sensitive personal data may be processed where (i) the data subject has given explicit consent, (ii) the controller cannot meet its employment law obligations without doing so, (iii) it is necessary to the vital interests of a data subject (or another person), and the data subject is physically or legally incapable of giving consent, (iv) it is carried out by a non-profit organization whose aim is to advance an agenda related to one of the categories of sensitive data, (v) the data subject makes the data public, (vi) it is needed to establish or defend a legal claim, or (vii) it is required by a health professional in the course of managing treatment or health care services. Id., art. 8, O.J. L 281/40 (1995).

24. Council Directive No. 95/46/EC, art. 7(b), art. 2(d), O.J. L 281/1 (1995). See also Article 29 Data Protection Working Party, Opinion 1/2010 on the concepts of "controller" and "processor" (00264/10/EN WP 169) (Feb. 16, 2010, http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp169_en.pdf .

25. Barbara Crutchfield George, Patricia Lynch & Susan J. Marsnik, U.S. Multinational Employers: Navigating Through the "Safe Harbor" Principles to Comply with the EU Data Privacy Directive, 38 Am. Bus L.J. 735, n. 81 (2001).

26. Id., art. 7(b), art. 2(b), O.J. L 281/40, 38 (1995).

27. See Working Document 1/2009 on pre-trial discovery for cross-border civil litigation ("WP 158"), at 8.

28. Council Directive No. 95/46/EC, art. 7(a), O.J. L 281/40 (1995).

29. Working Party, Working document on a common interpretation of Article 26(1) of Directive 95/46/EC of

24 October 1995 (2093/05/EN WP 114), at 11 (Nov. 25, 2005), http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2005/wp114_en.pdf .

30. Council Directive No. 95/46/EC, art. 7(b), O.J. L 281/40 (1995).

31. Id., art. 7(c), O.J. L 281/40 (1995).

32. WP 158, at 9.

33. Council Directive No. 95/46/EC, art. 7(d), O.J. L 281/40 (1995).

34. Id., art. 7(e), O.J. L 281/40 (1995).

35. Id., art. 7(f), O.J. L 281/40 (1995).

36. WP 158, at 9.

37. Id., art. 10, art. 11, O.J. L 281/41 (1995); Working Party, Opinion 8/2001 on the processing of personal data in the employment context (5062/01/EN WP 48), at 3 (Sept. 13, 2001),

http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2001/wp48en.pdf .

38 Data Protection Unit of the Directorate-General for Justice, Freedom and Security, Frequently Asked Questions Relating to Transfers of Personal Data From The EU/EEA to Third Countries, http://ec.europa.eu/justice/policies/privacy/docs/international_transfers_faq/international_transfers_faq.pdf , at 18.

39. Council Directive No. 95/46/EC, art. 25, O.J. L 281/45 (1995).

40. http://ec.europa.eu/justice/data-protection/document/internationaltransfers/adequacy/index_en.htm ; http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2012:227:0011:01:EN:HTML and

http://europa.eu/rapid/press-release_IP-12-1403_en.htm .

41. For a list of American companies that have been certified

To read this article in full, please click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
Skadden, Arps, Slate, Meagher & Flom (UK) LLP
In association with
Practice Guides
by Mondaq Advice Centers
Relevancy Powered by MondaqAI
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Skadden, Arps, Slate, Meagher & Flom (UK) LLP
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions