Privacy & Information Security Law Blog

On November 8, 2017, the United States District Court for the Northern District of California ordered German defendants in an ongoing patent suit, BrightEdge Technologies, Inc. v. Searchmetrics GmbH, to produce a particular database, despite the defendants’ claims that such production would violate German privacy laws.

On October 17, 2017, plaintiff BrightEdge Technologies Inc. (“BrightEdge”) filed a Discovery Dispute Letter asking the court to compel defendants Searchmetrics GmbH and Searchmetrics, Inc., (collectively “Searchmetrics”) to produce its SugarCRM database. Among other things, Searchmetrics argued that transmitting the database and other related documents to a United States company would result in a violation of German privacy laws. In making this argument, “Searchmetrics allege[d] that the database and related documents contain personal data, which German law bars from being transferred ‘to countries lacking the same levels of protection afforded in EU countries [countries such as] the United States.’”

First, the court noted that the information contained in the SugarCRM database is both relevant to BrightEdge’s claims and cannot be obtained elsewhere. The court then rejected Searchmetrics’ defense and ordered the database and related documents be produced because the privacy of the information was already protected by the case’s protective order. Specifically, the court stated that because Searchmetrics “has not explained why the protective order already in place in this case would not be sufficient to protect the private information contained in the database and related documents,” the company has failed to carry its “burden of showing that discovery should not be allowed.”