Free Expression and EU Privacy Regulation: Can the GDPR Reach U.S. Publishers?

32 Pages Posted: 18 Jun 2018

Date Written: June 1, 2018


The question of whether distant law should apply to online publishers has taken on new immediacy because of a new European Union (EU) privacy law, the General Data Protection Regulation (GDPR). The GDPR is a sea-change in EU privacy law, and companies operating outside of the borders of Europe are grappling with whether this stringent new regulation will apply to them. Under pre-GDPR law, publishers outside of the EU could structure their activities to avoid EU jurisdiction. The GDPR, however, aspires to a broad jurisdictional reach, and it is intended to cover any in the world with an online presence that markets “goods or services” to Europeans or “monitors the behavior” of EU data subjects. Just because the GDPR aspires to this jurisdictional breadth, however, does not mean that it is permissible. Longstanding rules of public international law must be satisfied before regulatory agencies and courts can exercise extraterritorial jurisdiction. This article analyzes those principles and concludes that non-EU publishers will have persuasive arguments against the jurisdiction of EU regulatory authorities and courts to enter orders against them, and a strong argument against the enforcement of such orders or subsequent fines.

Keywords: GDPR, privacy, jurisdiction, public international law, right to be forgotten, FTC

JEL Classification: K20, K23, K30

Suggested Citation

Wimmer, Kurt, Free Expression and EU Privacy Regulation: Can the GDPR Reach U.S. Publishers? (June 1, 2018). Syracuse Law Review, Vol. 68, 2018, Available at SSRN:

Kurt Wimmer (Contact Author)

Covington & Burling LLP ( email )

1201 Pennsylvania Avenue NW
Washington, DC 20004
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics