DOJ Official Issues Warning Against Relying on Rarely Enforced Foreign Data Privacy Laws by Companies Seeking Cooperation Credit

22 June 2015

Continuing with a spate of recent public statements about the DOJ’s current enforcement outlook, Assistant Attorney General Leslie R. Caldwell, head of the Criminal Division, focused on DOJ’s expectations for companies hoping to receive cooperation credit from the Justice Department in remarks to the New York City Bar at the White Collar Crime Institute.

Caldwell cited the example of BNP Paribas, which was recently subject to an economics sanctions investigation that cost them $9 billion and resulted in five years’ probation and a corporate compliance monitor, as an example of what not to do if an entity is hoping for cooperation credit from the DOJ. Specifically, Caldwell pointed to BNP Paribas’ reliance on “some over-broad assertions of data privacy laws” that hindered the DOJ’s investigation because “[t]hat intransigence prevented us from prosecuting individuals and satellite banks because we were unable to get our hands on documents that would have proven the case.” Caldwell specifically warned attorneys to consider the particular law that they are relying on when claiming data privacy protections. Caldwell indicated that the DOJ may draw a distinction between an argument citing data privacy concerns in a country like France or the U.K. that does have robust data privacy protections and a country like the Czech Republic, which has laws that are rarely, if ever, enforced.

If a Company is seeking cooperation credit from the DOJ, it should carefully consider invoking foreign data privacy laws by balancing the risk of prosecution under those laws in the relevant country with the risk of losing DOJ cooperation credit and facing enhanced civil or criminal penalties in the United States.