Complying with International Data Protection Law

21 Pages Posted: 23 Dec 2015 Last revised: 16 Sep 2017

See all articles by McKay Cunningham

McKay Cunningham

Concordia University School of Law


Complying with data protection law is increasingly complex. In addition to federal, state and local law, international data protection law extends beyond traditional jurisdictional norms. Companies with minimal – even tangential – international connections may fall within the strictures of foreign law or at least be affected by it. As markets flatten in the global economy so do the laws that aim to regulate them, particularly those laws that target inherently borderless actions. It is seemingly inevitable that laws dealing with digital data are extra-jurisdictional. Digital data travels via circuitous and transnational routes from origin to terminus – if an end exists at all. As data flows without regard to territorial borders, so does legislation aimed at regulating it.

Properly presenting the full compliance measures required under international data protection law is a tall task, and one that is beyond the scope of this article. This article instead identifies those companies that must comply with international data protection laws by explicating the extra-jurisdictional provisions of those laws. The article then outlines several legal means of complying with international data privacy law.

Keywords: data privacy, international, data protection

Suggested Citation

Cunningham, McKay, Complying with International Data Protection Law. 84 Univ. Cin. L. Rev. 421 (Fall 2016). Available at SSRN:

McKay Cunningham (Contact Author)

Concordia University School of Law ( email )

501 W. Front St
Boise, ID 83702
United States

Register to save articles to
your library


Paper statistics

Abstract Views
PlumX Metrics