Extraterritoriality and Regulation of International Data Transfers in EU Data Protection Law
Forthcoming in International Data Privacy Law, Volume 5, Issue 4 (2015)
18 Pages Posted: 16 Aug 2015 Last revised: 10 Oct 2015
Date Written: August 30, 2015
Use of the term “extraterritorial” to describe the regulation of international transfers of personal data in EU data protection law has led to confusion about the scope of such regulation. Any distinction between extraterritoriality “in scope” and “in effect” has become meaningless. Extraterritoriality in EU regulation of international data transfers is intrinsically neither good nor bad; rather, its appropriateness depends on how it is used and implemented. Regulation of international data transfers in EU data protection law tends to apply in a “black or white” fashion, without the safety valves necessary to prevent jurisdictional overreaching. This leads to increasing conflicts between EU law and the law of third countries. Attention should turn from deciding whether a particular exercise of jurisdiction is extraterritorial, to determining the conditions under which it can be appropriate. The controversy surrounding extraterritoriality illustrates the need to set boundaries to the application of EU data protection law.
Keywords: Privacy, data protection, jurisdiction, extraterritoriality, Internet
Suggested Citation: Suggested Citation