The DC Circuit issued an opinion in late August that could significantly disrupt decades of Congressional investigations practice. In Comm. on the Judiciary of United States House of Representatives v. McGahn, No. 19-5331, 2020 WL 5104869 (D.C. Cir. Aug. 31, 2020), the DC Circuit effectively put an end to the US House Judiciary Committee’s
Federal prosecutors recently brought new indictments against U.S. academics in two separate cases involving alleged unreported ties to China. The Department of Justice moved forward its cases against the Harvard and University of Arkansas-affiliated professors as part of a broader push to combat what Assistant Attorney General for National Security John C. Demers referred to as “China’s targeting of research and academic collaborations within the United States in order to obtain U.S. technology illegally.”
Both professors had ties to the Thousand Talents Program, a Chinese government program started in 2008 with the goal of improving China’s access to talent, research, and technology that the Department of Justice has been particularly focused on.
The following article was originally published in Law360 on July 29.
To address the issues surrounding the incidental seizure of privileged communications within a broader seizure of electronic data, the U.S. Department of Justice recently created a new Special Matters Unit within
the Fraud Section.
The unit will function as a specialized team to address…
Companies that operate in more than one jurisdiction that are either carrying out an internal investigation or are subject to a criminal or regulatory investigation by U.S. law enforcement agencies will almost certainly need to consider the legality of trans-Atlantic data transfers. Under European law, in particular, companies falling short in compliance with data protection laws could face fines of up to the higher of €20 million or 4% of annual global turnover.
With the introduction, in 2018, of the General Data Protection Regulation (“GDPR”) which generally prohibits (with some exceptions) the transfer of EU-based personal data outside of the European Economic Area (“EEA”) and other legislation, the overhaul of the EU data protection framework often leaves companies under investigation by U.S. law enforcement with tough decisions to make between complying with their obligations – or their wish – to meet U.S. prosecutors’ demands and abiding by relevant data protection laws. In particular, some EU-based companies have found themselves at the receiving end of U.S. prosecutors’ requests or subpoenas for documents, in circumstances where compliance with them could potentially risk hefty domestic fines for breaching data protection laws. There may also be other considerations to be borne in mind, such as relevant bank secrecy laws and common law rights to privacy, where a failure to comply with the relevant law could result in criminal sanctions including imprisonment.
Developments in U.S. and U.K. law, however, have introduced a framework for the legal cross-border transfer of data via cooperation between international authorities. In addition to ensuring compliance with the GDPR and other privacy obligations in conducting data transfers, U.S.- and U.K.-based communication service providers (“CSPs”) should familiarize themselves with the recently signed U.K.-U.S. Bilateral Data Access Agreement (the “Agreement”). The Agreement facilitates the objectives of the U.S. Clarifying Lawful Overseas Use of Data Act (the “CLOUD Act”) and the U.K. Crime (Overseas Production Orders) Act 2019 (the “COPOA”). According to a communication by U.S. Attorney General William Barr to Congress earlier this year, the Agreement was scheduled to become effective on July 8, 2020, but there has been no official announcement from either the U.S. or U.K. governments on the status of the Agreement. Indeed, earlier this month, the U.K. government anticipated that the Agreement would “come into use later this year[.]” We discuss the implications of these developments and considerations for U.S.- and U.K.-based companies needing to transfer personal data across the Atlantic to facilitate investigations.
This third post in our parallel proceedings series discusses how to reconcile the conflicting requirements of making voluntary self-disclosures (VSDs) to multiple agencies. We listed the relevant agencies in our first post, all of whom may be interested in a VSD, depending on the potential violations. In our second post, we discussed how to structure an investigation that involves those agencies. While none of these agencies imposes an absolute requirement to voluntarily disclose a violation (with limited exceptions where disclosure is required), they all offer significant benefits for doing so.
Where more than one agency is involved, disclosure of violations to each of the relevant agencies should be done simultaneously, including the Department of Justice (DOJ) if there is or appears to be potential willfulness or intent. When making the decision to disclose, the company should also consider any potential violations in related subject areas (i.e., anti-money laundering, customs, or anti-bribery and corruption laws).
Patrick Linehan, Zoe Osborne, Brittany Prelogar, Katherine Dubyak, and Jefferson Klocke co-authored an article titled “Considerations For Conducting Remote Internal Investigations” for Law360. The article, published April 3, discusses some of the legal and practical considerations in conducting remote investigations as the world grapples with containing the spread of COVID-19.
UK law enforcement is not immune to the unprecedented levels of business disruption caused by COVID-19. While not all agencies have published specific guidance on how they propose to operate and conduct enforcement investigations during this crisis (including, for example, Her Majesty’s Revenue & Customs, the Serious Fraud Office, and the National Crime Agency), a…