Tactical Misuse of the GDPR in Arbitration: Is It an Actual Risk?

Abstract

The data protection landscape has evolved significantly in recent years, particularly following the entry into force of the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679, the ‘GDPR’) in May 2018. The GDPR’s broad applicability has raised significant yet unanswered questions for international arbitration practitioners. Many articles have been written on the general applicability of the GDPR to arbitration proceedings. This chapter will, however, focus on a specific question: tactical misuse of the GDPR in arbitration. The chapter explores potential scenarios involving tactical misuse of data protection regulation in different stages of arbitration proceedings, and ways that the arbitral tribunal or the opposing party and its counsel may have to prevent such misconduct or react to it.
The chapter broadly defines tactical misuse as situations where a party to an arbitration invokes the GDPR with the aim of obtaining tactical benefit in the proceedings without legitimate grounds for doing so. Most often, such situations arise when a party invokes the GDPR to avoid disclosing unfavourable documents in arbitration. This chapter will focus on the GDPR. But that is not to belittle the relevance of any other pieces of data protection legislation, particularly local regulations applicable in each party, counsel, or arbitrator’s home jurisdiction.