German auto manufacturer Volkswagen (VW) is reportedly using German privacy laws to resist turning over its top executives’ internal corporate emails and other communication materials to United States attorneys general and U.S. Justice Department officials investigating the company’s excess emissions scandal.

VW’s position is not surprising. It is well known that Germany’s data privacy laws are among the world’s most protective, particularly when it comes to any government’s collection and use of an individual’s personal information, which would include information in corporate emails. Germany had a particularly strong reaction to the Edward Snowden’s revelations that U.S. Internet and telecommunications companies were allowing the U.S. National Security Agency to “back door” access to phones, data and online communications of consumers and government officials, including allegedly, the German Chancellor. The reaction included requiring cloud providers doing business with German governmental agencies to basically agree to keep any cloud data from these agencies in Germany, to avoid the potential that government data stored in the cloud could be accessed or shared outside of Germany, in a country with less robust data privacy protections.

However, these VW executives’ communications are likely very significant to the U.S. investigation. The communications being requested are from many of the same executives who for months failed to take U.S. regulators’ inquiries about VW emissions levels seriously. These internal communications might reveal whether the executives were intentionally misleading regulators or if they were truly in the dark about the problems. Additionally, these are the same VW executives who have publicly promised transparency on the emission investigation, and so their failure to permit VW to share their email and communications with U.S. investigators seems suspicious, as German privacy laws would likely permit email and communications to be disclosed if the individuals involved consented.

The data privacy concerns raised by VW are focused on the U.S. investigators who are taking a much stronger position against VW than Germany. We know German regulators investigating the same activities were given access to VW’s headquarters. We also know VW cooperated with German regulators. The result of this was German regulators approving a modest, simple correction to resolve the emissions problem for most of the 11 million cars sold in the European Union.

Courts in the U.S. have previously favored law-enforcement needs over data privacy laws. For example, a major Swiss Bank was forced to disclose the personal information of its American customers. Therefore, many believe the U.S. investigators will eventually succeed in getting these internal communications from VW, notwithstanding data privacy concerns.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kathleen Porter Kathleen Porter

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and…

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and privacy practices to comply with the patchwork of laws and rules applicable to the collection, use, safeguarding, sharing, and transfer of protected or personal data. She regularly structures arrangements with promoters, marketers, website exchanges, and other third parties for the purchase, sale, sharing, and safeguarding of personal data. Kathy prepares and negotiates representations, warranties, and indemnities regarding personal or protected data and privacy and data practices. She also assists clients with privacy audits and works with third-party certification organizations to obtain certification of companies’ privacy practices. She guides clients through internal investigations to assess and address notice and other obligations regarding privacy breaches. Kathy often works closely with our litigation attorneys to manage external investigations such as those by federal or state regulators. Read her rc.com bio here.