14 Oct
2021

New decision analyses GDPR obligations in TTAB discovery proceedings

Co-published

The US Trademark Trial and Appeal Board has issued a precedential decision regarding the applicability of the board’s standard protective order, as well as the applicability of the EU General Data Protection Regulations (GDPR) on board proceedings generally (Intercontinental Exchange Holdings, Inc v New York Mercantile Exchange, Inc and Chicago Mercantile Exchange, Inc v Intercontinental Exchange Holdings, Inc, 2021 USPQ2d 988 (TTAB 2021) [precedential]).

Modification of standard protective order

Pursuant to Section 2.116(g), Chapter 37 of the code of Federal Regulations, the board’s standard protective order applies in all inter partes review proceedings unless the parties stipulate to alterations, which must then be approved by the board. Under the standard order, parties may designate sensitive information and documents as “confidential” or “confidential – for attorneys’ eyes only” (AEO). The latter category requires parties to restrict access to AEO information to outside counsel only, not in-house counsel or individuals within the businesses themselves.

In this consolidated proceeding, opposer Chicago Mercantile Exchange (CME) moved the board to grant access to information and documents marked as AEO to CME’s in-house counsel. In its motion, CME claimed that in-house counsel handled legal issues relating to IP matters only, did not sit in on CME board meetings and did not have any “competitive decision-making authority”. Applicant Intercontinental Exchange Holdings, Inc (ICE) opposed the motion by arguing that CME’s in-house counsel had “decision-making authority” and the attorneys oversaw the drafting and negotiating of trademark licensing agreements. ICE alleged that the disclosure of AEO information could benefit CME’s counsel in its trademark licensing efforts as it is a known competitor of ICE.

In its order, the board reiterated Federal Circuit court precedent that the “inappropriate release of confidential information can never be fully remedied” and applied the three-element test, which balances whether AEO information may be accessed by in-house counsel.

  • Consideration of a party’s need for the confidential information in order to adequately prepare its case.
  • The harm that disclosure would cause the party submitting the confidential Information.
  • The forum’s interest in maintaining the confidentiality of the information

sought. (Akzo NV v US Int’l Trade Comm’n, 808 F.2d 1471, 1483-84, 1 USPQ2d 1241, 1249 (Federal Circuit 1986).)

The board found that:

  •  the opposer did not provide any evidence to support the need for in-house counsel to have access to AEO information;
  • there was a risk of harm to ICE as CME’s in-house counsel could receive a competitive advantage from the disclosure of AEO information; and
  • the board’s standard protective order allows for a narrower scope of discovery than civil proceedings and shows that it has an interest in protecting confidential information.
     

Further, the board found that even if CME could meet the above factors, it did not show good cause to modify the standard protective order as there was no “particular and specific demonstration of fact” to support the claims made in the motion (Flanders v DiMarzio, Inc, 2020 USPQ2d 10671, at *2 (TTAB 2020)). In particular, the respective duties of in-house counsel were not detailed, and the individual attorneys did not sign declarations supporting CME’s claims regarding its in-house counsel. Therefore, the board could not determine whether the opposer’s in-house counsel had “decision-making authority” and it denied the disclosure of AEO information to CME’s in-house counsel.

Applicability of the GDPR in TTAB proceedings

The board also considered whether certain personal information, particularly names and addresses, as well as other sensitive documents and information could be redacted or withheld from discovery produced in a board proceeding when such information allegedly violates the GDPR. The GDPR is a comprehensive policy that protects personal data of EU citizens and limits the transfer of the data among member states, as well as member states and foreign countries, such as the United States.  

CME moved the board to require ICE to produce all discoverable information and documentation without redactions, but it refused by claiming that production would violate the GDPR and result in monetary penalties.

In its order, the board distinguished that limitations under the GDPR do not represent an absolute bar to the transfer of personal information between the European Union and the United States. Instead, transfer may be appropriate when the information sought is “relevant and necessary” to litigation.

The board then considered the following five-factor test from the Supreme Court, which weighs the interests of the US discovery process and the privacy interests of a foreign country:

  • the importance to the litigation of the documents or other information requested;
  • the degree of specificity of the request;
  • whether the information originated in the United States;

the availability of alternative means of securing the information; and the extent to which noncompliance with the request would undermine important interests of the United States, or compliance with the request would undermine important interest of the state where the information is located (Societe Nationale Industrielle Aerospatiale v .S  District Court, 482 US 522, 544 n.28 (1987)).

The board found that:

  •  the production of names and details regarding former employees of ICE were important to the facts and claims in the proceeding and was the type of information generally disclosed under the standard protective order;
  • CME’s requests for representative documents were appropriate and in accordance with the standard requests made in board proceedings;
  • ICE is a US company subject to US discovery law, even if some may be stored on servers located outside of the United States;
  • ICE could not show that providing US information alone would be a sufficient alternative to providing the names for any EU employees who have sent or received communications relevant to this proceeding; and
  • the board has a strong interest in ensuring the US discovery process is maintained, such that parties have equal access to information needed to litigate their claims and the Board has sufficient information to “fully and fairly adjudicate them”.

As the standard protective order provides two-tier confidentiality, the board found that ICE’s interests under the GDPR were sufficiently protected without the need for redactions and ordered it to produce requested information to CME under the appropriate tier of confidentiality.

For further information contact:

Elizabeth Baumhart
Taft Stettinius & Hollister LLP
View website

This is a co-published article whose content has not been commissioned or written by the WTR editorial team, but which has been proofed and edited to run in accordance with the WTR style guide.