Protection of Personal Data in Cyberspace: The EU-US E-Market Regime

21 Pages Posted: 6 Dec 2018

See all articles by Tossapon Tassanakunlapan

Tossapon Tassanakunlapan

Faculty of Law, Chiang Mai University

Milagros Álvarez-Verdugo

University of Barcelona

Date Written: December 6, 2018


The goal of this article is studying the provision and implementation of Personal Data Protection in the EU-US Bloc, in order to initiate an International or Universal Regime.

Firstly, it reviews the old regime, which was enacted before the reformation process of EU and US. It shows that the legal consequences of each agreement will be different because their legal nature depends on their launching institution. The different scopes on actors and jurisdiction are critical; IT corporations are multi-national legal persons, under the appliance of the law of specific territory but their activities are trans-border. Moreover, these instruments have been created for decades so there are some out-of date provisions maintained in those legal documents. The implementation of data subjects’ rights is increasingly complicated because data is decentralized and under the control of various organizations, private companies and state authorities. Furthermore, the data controller/processor has relationship with state authorities, or the existences of a conflict of interests. Hence, the individual’s appeal for remedy is complex as well as the monitoring of duty bearer practice. The hard cases are presented in many court cases of the US Courts and Court of Justice of European Union, and in official reports of competent organizations.

Right to personal data protection often deals with the relationship between exercise of rights and state of emergency or prosecution of criminal and terrorism. As state authorities and courts weight up the reasons for accessing certain data and the potential effect on an individual of such state surveillance, a better necessary precondition and proportionate solution must be provided. The EU had launched set of regional instruments in 2016. Nonetheless, the problems come from US entities, intelligence authorities and IT corporations, which are subjects under US national security laws. Accordingly, the rights of global netizens are in the realm of US jurisdiction when their personal data is transferred and it may be compromised by US Government. Thus, US was contracted to agree on bilateral instruments with the EU concerning the harmonization of data protection policies, as trade partner in a single e-market, as well as the earlier responses US took for supporting EU data subjects. These reforms of EU and EU-US regime could be extracted or used, as a model, for initiating a universal regime.

Keywords: Personal data protection, Cyberspace, E-Market, Human rights, Jurisdiction

Suggested Citation

Tassanakunlapan, Tossapon and Álvarez-Verdugo, Milagros, Protection of Personal Data in Cyberspace: The EU-US E-Market Regime (December 6, 2018). ASEAN Journal of Legal Studies, Vol. 1, No. 1, 2018, Available at SSRN:

Tossapon Tassanakunlapan (Contact Author)

Faculty of Law, Chiang Mai University ( email )

Suthep Muang
Muang, Chiangmai 50000

Milagros Álvarez-Verdugo

University of Barcelona ( email )

Gran Via de les Corts Catalanes, 585
Barcelona, 08007

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics