Territorial Scope and Data Transfer Rules in the GDPR: Realising the EU’s Ambition of Borderless Data Protection

Onderzoeksoutput: Working paper

Samenvatting

Legal protection of personal data that are transferred or processed outside the EU’s territorial boundaries has been strengthened in recent years, both in the GDPR and by the Court of Justice. The main mechanisms for guarding against data protection threats originating from outside the EU’s borders are rules on the territorial scope of EU data protection law (Article 3 GDPR), which allow its application to data processing by non-EU parties, and data transfer restrictions (Chapter V GDPR), which protect personal data that are transferred to third countries. The GDPR does not indicate how these two mechanisms interact, which has led to initiatives to disapply data transfer rules when data processed outside the EU are already subject to it. However, there has been little transparency about these initiatives or explanation of their rationale, despite their significance for the protection of EU data and their impact on the GDPR’s global reach. For the protection of EU data against external threats to be both legally sound and effective in practice, it is necessary to examine the nature and interaction of rules on territorial scope and data transfers, in order to determine how the EU’s vision of cross-border data protection can be realised.
Originele taal-2English
UitgeverUniversity of Cambridge
Pagina's1-36
Aantal pagina's36
VolumePaper no. 20/2021
StatusPublished - 16 apr 2021

Publicatie series

NaamUniversity of Cambridge Faculty of Law Legal Studies Research Paper Series
UitgeverijUniversity of Cambridge Faculty of Law
Nr.No. 20/2021

Vingerafdruk

Duik in de onderzoeksthema's van 'Territorial Scope and Data Transfer Rules in the GDPR: Realising the EU’s Ambition of Borderless Data Protection'. Samen vormen ze een unieke vingerafdruk.

Citeer dit