Extraterritoriality and Regulation of International Data Transfers in EU Data Protection Law

5 International Data Privacy Law 235-245 (2015)

University of Cambridge Faculty of Law Research Paper No. 49/2015

18 Pages Posted: 16 Aug 2015 Last revised: 13 Apr 2018

See all articles by Christopher Kuner

Christopher Kuner

Centre for Information and Innovation Law, University of Copenhagen; Centre for European Legal Studies; European Centre on Privacy and Cybersecurity, Maastricht University

Date Written: August 30, 2015

Abstract

Use of the term “extraterritorial” to describe the regulation of international transfers of personal data in EU data protection law has led to confusion about the scope of such regulation. Any distinction between extraterritoriality “in scope” and “in effect” has become meaningless. Extraterritoriality in EU regulation of international data transfers is intrinsically neither good nor bad; rather, its appropriateness depends on how it is used and implemented. Regulation of international data transfers in EU data protection law tends to apply in a “black or white” fashion, without the safety valves necessary to prevent jurisdictional overreaching. This leads to increasing conflicts between EU law and the law of third countries. Attention should turn from deciding whether a particular exercise of jurisdiction is extraterritorial, to determining the conditions under which it can be appropriate. The controversy surrounding extraterritoriality illustrates the need to set boundaries to the application of EU data protection law.

Keywords: Privacy, data protection, jurisdiction, extraterritoriality, Internet

Suggested Citation

Kuner, Christopher, Extraterritoriality and Regulation of International Data Transfers in EU Data Protection Law (August 30, 2015). 5 International Data Privacy Law 235-245 (2015), University of Cambridge Faculty of Law Research Paper No. 49/2015, Available at SSRN: https://ssrn.com/abstract=2644237

Christopher Kuner (Contact Author)

Centre for Information and Innovation Law, University of Copenhagen ( email )

Studiestraede 6
Studiestrade 6
Copenhagen, DK-1455
Denmark

Centre for European Legal Studies ( email )

10 West Road
Cambridge, CB3 9DZ
United Kingdom

European Centre on Privacy and Cybersecurity, Maastricht University ( email )

P.O. Box 616
Maastricht, 6200
Netherlands

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
1,524
Abstract Views
6,385
Rank
23,842
PlumX Metrics