Extraterritorial Application of the EU General Data Protection Regulation

This paper explores the issues related to the extraterritorial applicability of the EU General Data Protection Regulation (GDRP). The author analyses the process of progressive development of the EU law in general and the current state of a general worldwide jurisdiction of the EU regulations in the field of data protection. The author explores different cases in which data administrators from third States would be obliged to comply with the provisions of the GDPR and the possible legal consequences that would follow eventual breaches.

EU law, data protection, GDPR, extraterritorial jurisdiction

1. Hartley T. C. The Foundations of European Union Law: An Introduction to the Constitutional and Administrative Law of European Union. New York: Oxford University Press, 2014.

2. Horspool Margot, Matthew Humphreys, and M. Wells-Greco. European Union Law: Oxford University Press, 2018.

3. Berry née Deards, Elspeth and Sylvia Hargreaves. European Union Law. Oxford University Press, 2007.

4. Hartley T. C. The Foundations of European Union Law: An Introduction to the Constitutional and Administrative Law of European Union. New York: Oxford University Press, 2014.

5. Fairhurst John. Law of the European Union. 2016.

6. Ortiz Blanco Luis. Market Power in EU Antitrust Law. Oxford: Hart, 2012

7. European Union, Charter of Fundamental Rights of the European Union, 26 October 2012, 2012/C 326/02

8. The EU adopted EU Resolution 45/2001 on 18.12.2000 that set the legal framework with respect to the protection of personal data by the Community institutions and the free movement of such data

9. CJEU, Case C-131/12, Google Spain, 13 May 2014.

10. Case C-131/12, Judgement of the CJEU, Google Spain, 13 May 2014, para. 60.

11. Case C-131/12, Judgement of the CJEU, Google Spain, 13 May 2014, para. 28.

12. Case C-131/12, Judgement of the CJEU, Google Spain, 13 May 2014, para. 56.

13. CJEU, Case C-585/08, Pammer and Hotel Alpenhof, 7 October 2010.

14. Case C-585/08, Judgement of the CJEU, Pammer and Hotel Alpenhof,

15. October 2010, para. 75.

16. Case C-585/08, Judgement of the CJEU, Pammer and Hotel Alpenhof,

17. Case C-230/14, Judgement of the CJEU, Weltimmo, 1 October 2015, para. 32.

18. Case C-230/14, Judgement of the CJEU, Weltimmo, 1 October 2015, para. 41.

19. Case C-230/14, Judgement of the CJEU, Weltimmo, 1 October 2015, para. 34.

20. CJEU, Case C-230/14, Weltimmo, 1 October 2015.

21. Case C-230/14, Judgement of the CJEU, Weltimmo, 1 October 2015, para.12.

22. Feiler Lukas, Nikolaus Forgo, and Michaela Weigl. The EU General Data Protection Regulation (GDPR): A Commentary. 2018.

23. Each of these activities falls within the scope of Art. 3, paragraph 2 of the GDPR.

24. Kuner Christopher. The Internet and the Global Reach of EU Law. London School of Economics, Society and Economy Working Papers 4/2017.

25. The interpretation of the intention would be made in the light of the court findings in cases C-131/12, C-585/08, C-230/14.

26. Ingram David. Facebook says data leaks hit 87 million users, widening privacy scandal. (Reuters. 4 April 2018. URL: https://www.reuters.com/article/us-facebook-privacy/facebook-says-data-leak-hits-87-million-users-widening-privacy-scandal-idUSKCN1HB2CM).

27. Hern Alex. Facebook moves 1.5bn users out of reach of new European privacy law. (The Guardian. 19 April 2018. URL: https://www.theguardian. com/technology/2018/apr/19/facebook-moves-15bn-users-out-of-reach-of-new-european-privacy-law).

28. Facebook Inc. Condensed Consolidated Statements of Income for 2017. URL: https://investor.fb.com/investor-news/press-release-details/2018/Facebook-Reports-Fourth-Quarter-and-Full-Year-2017-Results/default.aspx.

29. Vidal-Hall v Google Inc. [2014] EWHC 13 (QB) Court High Court, Queen’s Bench Division.

30. Elspeth B. n. D., Hargreaves S. European Union Law. Oxford University Press, 2007. Fairhurst J. Law of the European Union. 2016

31. Feiler L., Forgo N., and Weigl M. The EU General Data Protection Regulation (GDPR): A Commentary. 2018

32. Hartley T.C. The Foundations of European Union Law: An Introduction to the Constitutional and Administrative Law of European Union. New York: Oxford University Press, 2014

33. Hern A. Facebook moves 1.5bn users out of reach of new European privacy law. The Guardian. 19 April 2018

34. Horspool M., Humphreys M., and Wells-Greco M. European Union Law. Oxford University Press, 2018

35. Ingram D. Facebook says data leaks hit 87 million users, widening privacy scandal. Reuters. 4 April 2018

36. Kuner Ch. The Internet and the Global Reach of EU Law. Society and Economy Working Papers. London School of Economics. 4/2017. Ortiz B.L. Market Power in EU Antitrust Law. Oxford: Hart, 2012