Territorial Scope and Data Transfer Rules in the GDPR: Realising the EU’s Ambition of Borderless Data Protection
Research output: Working paper › Research › peer-review
Standard
Territorial Scope and Data Transfer Rules in the GDPR: Realising the EU’s Ambition of Borderless Data Protection. / Kuner, Christopher Barth.
University of Cambridge. Faculty of Law, 2021. p. 1-36.Research output: Working paper › Research › peer-review
Harvard
APA
Vancouver
Author
Bibtex
}
RIS
TY - UNPB
T1 - Territorial Scope and Data Transfer Rules in the GDPR: Realising the EU’s Ambition of Borderless Data Protection
AU - Kuner, Christopher Barth
N1 - Research Paper No. 20/2021
PY - 2021
Y1 - 2021
N2 - Legal protection of personal data that are transferred or processed outside the EU’s territorial boundaries has been strengthened in recent years, both in the GDPR and by the Court of Justice. The main mechanisms for guarding against data protection threats originating from outside the EU’s borders are rules on the territorial scope of EU data protection law (Article 3 GDPR), which allow its application to data processing by non-EU parties, and data transfer restrictions (Chapter V GDPR), which protect personal data that are transferred to third countries. The GDPR does not indicate how these two mechanisms interact, which has led to initiatives to disapply data transfer rules when data processed outside the EU are already subject to it. However, there has been little transparency about these initiatives or explanation of their rationale, despite their significance for the protection of EU data and their impact on the GDPR’s global reach. For the protection of EU data against external threats to be both legally sound and effective in practice, it is necessary to examine the nature and interaction of rules on territorial scope and data transfers, in order to determine how the EU’s vision of cross-border data protection can be realised.
AB - Legal protection of personal data that are transferred or processed outside the EU’s territorial boundaries has been strengthened in recent years, both in the GDPR and by the Court of Justice. The main mechanisms for guarding against data protection threats originating from outside the EU’s borders are rules on the territorial scope of EU data protection law (Article 3 GDPR), which allow its application to data processing by non-EU parties, and data transfer restrictions (Chapter V GDPR), which protect personal data that are transferred to third countries. The GDPR does not indicate how these two mechanisms interact, which has led to initiatives to disapply data transfer rules when data processed outside the EU are already subject to it. However, there has been little transparency about these initiatives or explanation of their rationale, despite their significance for the protection of EU data and their impact on the GDPR’s global reach. For the protection of EU data against external threats to be both legally sound and effective in practice, it is necessary to examine the nature and interaction of rules on territorial scope and data transfers, in order to determine how the EU’s vision of cross-border data protection can be realised.
KW - Faculty of Law
KW - data protection
KW - GDPR
KW - Applicable law
KW - international data transfers
M3 - Working paper
T3 - University of Cambridge Faculty of Law Legal Studies Research Paper Series
SP - 1
EP - 36
BT - Territorial Scope and Data Transfer Rules in the GDPR: Realising the EU’s Ambition of Borderless Data Protection
PB - University of Cambridge. Faculty of Law
ER -
ID: 335282908