Extraterritoriality and Regulation of International Data Transfers in EU Data Protection Law
5 International Data Privacy Law 235-245 (2015)
University of Cambridge Faculty of Law Research Paper No. 49/2015
18 Pages Posted: 16 Aug 2015 Last revised: 13 Apr 2018
Date Written: August 30, 2015
Abstract
Use of the term “extraterritorial” to describe the regulation of international transfers of personal data in EU data protection law has led to confusion about the scope of such regulation. Any distinction between extraterritoriality “in scope” and “in effect” has become meaningless. Extraterritoriality in EU regulation of international data transfers is intrinsically neither good nor bad; rather, its appropriateness depends on how it is used and implemented. Regulation of international data transfers in EU data protection law tends to apply in a “black or white” fashion, without the safety valves necessary to prevent jurisdictional overreaching. This leads to increasing conflicts between EU law and the law of third countries. Attention should turn from deciding whether a particular exercise of jurisdiction is extraterritorial, to determining the conditions under which it can be appropriate. The controversy surrounding extraterritoriality illustrates the need to set boundaries to the application of EU data protection law.
Keywords: Privacy, data protection, jurisdiction, extraterritoriality, Internet
Suggested Citation: Suggested Citation