Download this Paper Open PDF in Browser

Data Extraterritoriality

16 Pages Posted: 31 Jul 2017 Last revised: 12 Sep 2017

Kristen Eichensehr

University of California, Los Angeles (UCLA) - School of Law

Date Written: July 27, 2017

Abstract

Data’s intangibility poses significant difficulties for determining where data is located. The problem is not that data is located nowhere, but that it may be located anywhere, and at least parts of it may be located nearly everywhere. And access to data does not depend on physical proximity.

These implications of data’s intangibility challenge traditional international law on jurisdiction. International jurisdictional rules rest in large part on States’ sovereignty over a particular territory and authority over people and things within it, and they presuppose that the location of people and things are finite and knowable. The era of cloud computing — where data crosses borders seamlessly, parts of a single file may exist in multiple jurisdictions, and data’s storage location often depends on choices by private companies — raises new and difficult questions for States exercising enforcement authority, companies receiving requests from law enforcement agencies, and individuals seeking to protect their privacy.

As a part of the Texas Law Review’s symposium on the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, this Essay critiques Tallinn 2.0’s rules and commentary on the international law governing jurisdiction, especially its treatment of extraterritorial jurisdiction. The Essay first describes the Manual’s rules and commentary on extraterritorial jurisdiction, and then raises a procedural objection to the Manual’s approach, namely that ongoing debates about how to determine data’s location make the law too unsettled for a restatement project. The Essay then highlights several substantive concerns with and questions raised by the Manual’s approach. In light of these critiques, the Essay concludes with some suggestions on how to make progress in resolving conflicting international claims to jurisdiction over data going forward.

Keywords: cyber, cyberspace, jurisdiction, extraterritoriality, extraterritorial jurisdiction, Tallinn Manual, Microsoft, Ireland, cross-border data access, law enforcement, jurisdiction, treaty, Budapest Convention

Suggested Citation

Eichensehr, Kristen, Data Extraterritoriality (July 27, 2017). 95 Tex. L. Rev. See Also 145 (2017); UCLA School of Law, Public Law Research Paper No. 17-24. Available at SSRN: https://ssrn.com/abstract=3009774

Kristen Eichensehr (Contact Author)

University of California, Los Angeles (UCLA) - School of Law ( email )

385 Charles E. Young Dr. East
Room 1242
Los Angeles, CA 90095-1476
United States

Paper statistics

Downloads
115
Rank
203,245
Abstract Views
558