We are happy to share that UniCourt’s Director of Content & Data Acquisition, Jeff Cox, recently had an article published in both Legaltech News and Cybersecurity Law & Strategy, an ALM publication for privacy and security professionals, CISOs, CIOs, CTOs, Corporate Counsel, and Internet and Tech Practitioners. Jeff’s article, Inside the Implications of GDPR & CCPA on Public Records, reviews key differences between the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), noting the diverging balances struck in favor of individual privacy rights and the public’s right to know when it comes to public records.
Within the article, Jeff also details an extreme instance where an EU citizen charged with committing $62 million worth of real estate and securities fraud in the US used GDPR to remove and shroud the court records in his own case from public view. The article also details an important distinction set forth in CCPA between what is considered “personal information” and “publicly available” information, which has important implications for legal technology companies providing access to court records.
Here below is an excerpt from the introduction of Jeff’s article:
In the brave new world of the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), staking out a safe harbor for republishing and retaining publicly available court records is critical for protecting the public’s right to know the law and preventing criminals from hiding their crimes. Contrasted with GDPR, CCPA sets a crucial distinction between personal information and publicly available information obtained from government records, setting a workable balance between consumer privacy protections and the public’s right to know and access public records.
In this article, we’ll discuss the importance of securing a safe harbor for court records through reviewing an illustrative example of how a European Union (EU) citizen was able to force U.S. legal technology companies to remove and alter court records using GDPR. We’ll also look at CCPA in light of US case law, and close on potential paths forward for GDPR on re-using “public sector information.”
The Real-World Impact of the GDPR on Court Records
In September of 2018, Michael Francois Bujaldon, a defendant in a real estate and securities fraud case involving $62 million of allegedly ill-gotten gains, contacted multiple legal technology vendors to demand deletion of his name from all dockets for his case. Using the sword and shield of GDPR’s “right to be forgotten,” Bujaldon appears to have initially compelled PacerMonitor to remove his case (though it’s now available on PacerMonitor) and forced PlainSite to remove his name from the docket within their site.
We largely know about this use of GDPR against legal tech companies because it was reported by PlainSite after receiving Bujaldon’s request to remove his name from their dockets. Although PlainSite appears to have pushed back initially on removing Bujaldon’s name from the $62 million fraud case, it was ultimately forced by its ISP to abbreviate his name, effectively erasing Bujaldon from a search of PlainSite’s dockets.
You can also read the full article here on the Legaltech news.