Document Actions

Citation and metadata

Recommended citation

Adèle Azzi, The Challenges Faced by the Extraterritorial Scope of the General Data Protection Regulation, 9 (2018) JIPITEC 126 para 1.

Download Citation

Endnote

%0 Journal Article
%T The Challenges Faced by the Extraterritorial Scope of the General Data Protection Regulation
%A Azzi, Adèle
%J JIPITEC
%D 2018
%V 9
%N 2
%@ 2190-3387
%F azzi2018
%X The General Data Protection Regulation (GDPR) imposes a significant burden of compliance on overseas businesses which process personal data of EU individuals. An impressive number of articles warns about the new risks incurred by data processors around the world; be they one of the Internet giants, or a non-EU company which dared to offer goods to EU consumers, or that had the idea to use cookies on its website to track EU consumers. However, does the EU actually have the necessary means to ensure that the rules are followed by all? And if not, is the EU equipped to enforce compliance? Those are legitimate questions in the light of the context in which the EU has extended its jurisdiction. Not only has it been decided unilaterally, but such rules are to be enforced in cyberspace, in an international context, and on operators, which may not have any physical presence in the EU. One may think that processors have no reason to panic, there is little chance that the GDPR enforcers will find them and force them to comply under the threat of fines. Yet, internet users witness an undeniable wave of change in the terms of the use and processing of data on a majority of websites. Does this phenomenon reveal a real power of enforcement on the EU side? This work attempts to answer this question by analysing two factors which greatly impact the efficiency of extraterritorial claims. First, the legitimacy of the extraterritorial claim. Through the application of international law principles, it will be seen that the extraterritorial claim of the EU, despite its broadness, is rather legitimate and even part of a shared tendency among jurisdictions around the world to extend the reach of data protection laws. Second, the enforcement tools of the regulation. This work reveals that the EU may benefit from some direct enforcement tools such as representatives and international cooperation, but also, and more importantly, through indirect means. In particular, the EU may rely on the risk of reputational damage, the incentives to self-compliance, and the rules on data transfers to third countries.
%L 340
%K Data protection
%K GDPR
%K compliance
%K enforcement
%K extraterritorial scope
%K international cooperation
%K international law
%K overseas data processing
%U http://nbn-resolving.de/urn:nbn:de:0009-29-47231
%P 126-137

Download

Bibtex

@Article{azzi2018,
  author = 	"Azzi, Ad{\`e}le",
  title = 	"The Challenges Faced by the Extraterritorial Scope of the General Data Protection Regulation",
  journal = 	"JIPITEC",
  year = 	"2018",
  volume = 	"9",
  number = 	"2",
  pages = 	"126--137",
  keywords = 	"Data protection; GDPR; compliance; enforcement; extraterritorial scope; international cooperation; international law; overseas data processing",
  abstract = 	"The General Data Protection Regulation (GDPR) imposes a significant burden of compliance on overseas businesses which process personal data of EU individuals. An impressive number of articles warns about the new risks incurred by data processors around the world; be they one of the Internet giants, or a non-EU company which dared to offer goods to EU consumers, or that had the idea to use cookies on its website to track EU consumers. However, does the EU actually have the necessary means to ensure that the rules are followed by all? And if not, is the EU equipped to enforce compliance? Those are legitimate questions in the light of the context in which the EU has extended its jurisdiction. Not only has it been decided unilaterally, but such rules are to be enforced in cyberspace, in an international context, and on operators, which may not have any physical presence in the EU. One may think that processors have no reason to panic, there is little chance that the GDPR enforcers will find them and force them to comply under the threat of fines. Yet, internet users witness an undeniable wave of change in the terms of the use and processing of data on a majority of websites. Does this phenomenon reveal a real power of enforcement on the EU side? This work attempts to answer this question by analysing two factors which greatly impact the efficiency of extraterritorial claims. First, the legitimacy of the extraterritorial claim. Through the application of international law principles, it will be seen that the extraterritorial claim of the EU, despite its broadness, is rather legitimate and even part of a shared tendency among jurisdictions around the world to extend the reach of data protection laws. Second, the enforcement tools of the regulation. This work reveals that the EU may benefit from some direct enforcement tools such as representatives and international cooperation, but also, and more importantly, through indirect means. In particular, the EU may rely on the risk of reputational damage, the incentives to self-compliance, and the rules on data transfers to third countries.",
  issn = 	"2190-3387",
  url = 	"http://nbn-resolving.de/urn:nbn:de:0009-29-47231"
}

Download

RIS

TY  - JOUR
AU  - Azzi, Adèle
PY  - 2018
DA  - 2018//
TI  - The Challenges Faced by the Extraterritorial Scope of the General Data Protection Regulation
JO  - JIPITEC
SP  - 126
EP  - 137
VL  - 9
IS  - 2
KW  - Data protection
KW  - GDPR
KW  - compliance
KW  - enforcement
KW  - extraterritorial scope
KW  - international cooperation
KW  - international law
KW  - overseas data processing
AB  - The General Data Protection Regulation (GDPR) imposes a significant burden of compliance on overseas businesses which process personal data of EU individuals. An impressive number of articles warns about the new risks incurred by data processors around the world; be they one of the Internet giants, or a non-EU company which dared to offer goods to EU consumers, or that had the idea to use cookies on its website to track EU consumers. However, does the EU actually have the necessary means to ensure that the rules are followed by all? And if not, is the EU equipped to enforce compliance? Those are legitimate questions in the light of the context in which the EU has extended its jurisdiction. Not only has it been decided unilaterally, but such rules are to be enforced in cyberspace, in an international context, and on operators, which may not have any physical presence in the EU. One may think that processors have no reason to panic, there is little chance that the GDPR enforcers will find them and force them to comply under the threat of fines. Yet, internet users witness an undeniable wave of change in the terms of the use and processing of data on a majority of websites. Does this phenomenon reveal a real power of enforcement on the EU side? This work attempts to answer this question by analysing two factors which greatly impact the efficiency of extraterritorial claims. First, the legitimacy of the extraterritorial claim. Through the application of international law principles, it will be seen that the extraterritorial claim of the EU, despite its broadness, is rather legitimate and even part of a shared tendency among jurisdictions around the world to extend the reach of data protection laws. Second, the enforcement tools of the regulation. This work reveals that the EU may benefit from some direct enforcement tools such as representatives and international cooperation, but also, and more importantly, through indirect means. In particular, the EU may rely on the risk of reputational damage, the incentives to self-compliance, and the rules on data transfers to third countries.
SN  - 2190-3387
UR  - http://nbn-resolving.de/urn:nbn:de:0009-29-47231
ID  - azzi2018
ER  - 
Download

Wordbib

<?xml version="1.0" encoding="UTF-8"?>
<b:Sources SelectedStyle="" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography"  xmlns="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" >
<b:Source>
<b:Tag>azzi2018</b:Tag>
<b:SourceType>ArticleInAPeriodical</b:SourceType>
<b:Year>2018</b:Year>
<b:PeriodicalTitle>JIPITEC</b:PeriodicalTitle>
<b:Volume>9</b:Volume>
<b:Issue>2</b:Issue>
<b:Url>http://nbn-resolving.de/urn:nbn:de:0009-29-47231</b:Url>
<b:Pages>126-137</b:Pages>
<b:Author>
<b:Author><b:NameList>
<b:Person><b:Last>Azzi</b:Last><b:First>Adèle</b:First></b:Person>
</b:NameList></b:Author>
</b:Author>
<b:Title>The Challenges Faced by the Extraterritorial Scope of the General Data Protection Regulation</b:Title>
<b:Comments>The General Data Protection Regulation (GDPR) imposes a significant burden of compliance on overseas businesses which process personal data of EU individuals. An impressive number of articles warns about the new risks incurred by data processors around the world; be they one of the Internet giants, or a non-EU company which dared to offer goods to EU consumers, or that had the idea to use cookies on its website to track EU consumers. However, does the EU actually have the necessary means to ensure that the rules are followed by all? And if not, is the EU equipped to enforce compliance? Those are legitimate questions in the light of the context in which the EU has extended its jurisdiction. Not only has it been decided unilaterally, but such rules are to be enforced in cyberspace, in an international context, and on operators, which may not have any physical presence in the EU. One may think that processors have no reason to panic, there is little chance that the GDPR enforcers will find them and force them to comply under the threat of fines. Yet, internet users witness an undeniable wave of change in the terms of the use and processing of data on a majority of websites. Does this phenomenon reveal a real power of enforcement on the EU side? This work attempts to answer this question by analysing two factors which greatly impact the efficiency of extraterritorial claims. First, the legitimacy of the extraterritorial claim. Through the application of international law principles, it will be seen that the extraterritorial claim of the EU, despite its broadness, is rather legitimate and even part of a shared tendency among jurisdictions around the world to extend the reach of data protection laws. Second, the enforcement tools of the regulation. This work reveals that the EU may benefit from some direct enforcement tools such as representatives and international cooperation, but also, and more importantly, through indirect means. In particular, the EU may rely on the risk of reputational damage, the incentives to self-compliance, and the rules on data transfers to third countries.</b:Comments>
</b:Source>
</b:Sources>
Download

ISI

PT Journal
AU Azzi, A
TI The Challenges Faced by the Extraterritorial Scope of the General Data Protection Regulation
SO JIPITEC
PY 2018
BP 126
EP 137
VL 9
IS 2
DE Data protection; GDPR; compliance; enforcement; extraterritorial scope; international cooperation; international law; overseas data processing
AB The General Data Protection Regulation (GDPR) imposes a significant burden of compliance on overseas businesses which process personal data of EU individuals. An impressive number of articles warns about the new risks incurred by data processors around the world; be they one of the Internet giants, or a non-EU company which dared to offer goods to EU consumers, or that had the idea to use cookies on its website to track EU consumers. However, does the EU actually have the necessary means to ensure that the rules are followed by all? And if not, is the EU equipped to enforce compliance? Those are legitimate questions in the light of the context in which the EU has extended its jurisdiction. Not only has it been decided unilaterally, but such rules are to be enforced in cyberspace, in an international context, and on operators, which may not have any physical presence in the EU. One may think that processors have no reason to panic, there is little chance that the GDPR enforcers will find them and force them to comply under the threat of fines. Yet, internet users witness an undeniable wave of change in the terms of the use and processing of data on a majority of websites. Does this phenomenon reveal a real power of enforcement on the EU side? This work attempts to answer this question by analysing two factors which greatly impact the efficiency of extraterritorial claims. First, the legitimacy of the extraterritorial claim. Through the application of international law principles, it will be seen that the extraterritorial claim of the EU, despite its broadness, is rather legitimate and even part of a shared tendency among jurisdictions around the world to extend the reach of data protection laws. Second, the enforcement tools of the regulation. This work reveals that the EU may benefit from some direct enforcement tools such as representatives and international cooperation, but also, and more importantly, through indirect means. In particular, the EU may rely on the risk of reputational damage, the incentives to self-compliance, and the rules on data transfers to third countries.
ER

Download

Mods

<mods>
  <titleInfo>
    <title>The Challenges Faced by the Extraterritorial Scope of the General Data Protection Regulation</title>
  </titleInfo>
  <name type="personal">
    <namePart type="family">Azzi</namePart>
    <namePart type="given">Adèle</namePart>
  </name>
  <abstract>The General Data Protection Regulation (GDPR) imposes a significant burden of compliance on overseas businesses which process personal data of EU individuals. An impressive number of articles warns about the new risks incurred by data processors around the world; be they one of the Internet giants, or a non-EU company which dared to offer goods to EU consumers, or that had the idea to use cookies on its website to track EU consumers. However, does the EU actually have the necessary means to ensure that the rules are followed by all? And if not, is the EU equipped to enforce compliance? Those are legitimate questions in the light of the context in which the EU has extended its jurisdiction. Not only has it been decided unilaterally, but such rules are to be enforced in cyberspace, in an international context, and on operators, which may not have any physical presence in the EU. One may think that processors have no reason to panic, there is little chance that the GDPR enforcers will find them and force them to comply under the threat of fines. Yet, internet users witness an undeniable wave of change in the terms of the use and processing of data on a majority of websites. Does this phenomenon reveal a real power of enforcement on the EU side? This work attempts to answer this question by analysing two factors which greatly impact the efficiency of extraterritorial claims. First, the legitimacy of the extraterritorial claim. Through the application of international law principles, it will be seen that the extraterritorial claim of the EU, despite its broadness, is rather legitimate and even part of a shared tendency among jurisdictions around the world to extend the reach of data protection laws. Second, the enforcement tools of the regulation. This work reveals that the EU may benefit from some direct enforcement tools such as representatives and international cooperation, but also, and more importantly, through indirect means. In particular, the EU may rely on the risk of reputational damage, the incentives to self-compliance, and the rules on data transfers to third countries.</abstract>
  <subject>
    <topic>Data protection</topic>
    <topic>GDPR</topic>
    <topic>compliance</topic>
    <topic>enforcement</topic>
    <topic>extraterritorial scope</topic>
    <topic>international cooperation</topic>
    <topic>international law</topic>
    <topic>overseas data processing</topic>
  </subject>
  <classification authority="ddc">340</classification>
  <relatedItem type="host">
    <genre authority="marcgt">periodical</genre>
    <genre>academic journal</genre>
    <titleInfo>
      <title>JIPITEC</title>
    </titleInfo>
    <part>
      <detail type="volume">
        <number>9</number>
      </detail>
      <detail type="issue">
        <number>2</number>
      </detail>
      <date>2018</date>
      <extent unit="page">
        <start>126</start>
        <end>137</end>
      </extent>
    </part>
  </relatedItem>
  <identifier type="issn">2190-3387</identifier>
  <identifier type="urn">urn:nbn:de:0009-29-47231</identifier>
  <identifier type="uri">http://nbn-resolving.de/urn:nbn:de:0009-29-47231</identifier>
  <identifier type="citekey">azzi2018</identifier>
</mods>
Download

Full Metadata

JIPITEC – Journal of Intellectual Property, Information Technology and E-Commerce Law
Article search
Extended article search
Newsletter
Subscribe to our newsletter
Follow Us
twitter
 
Navigation