Abstract
States implementing data privacy laws must carefully consider how
they delineate the scope of application of those laws. The ‘extraterritorial’ application of a country’s data privacy laws may severely impact different actors outside its borders including e.g., their freedom of expression and their financial interests. At the same time, it is clear that, to ensure effective protection of data subjects’ rights, modern data privacy laws must have extraterritorial application. Different attitudes towards privacy and data protection globally and the lack of global standards fuelled a heated debate among those emphasizing the need for jurisdictional restraint and those stressing the need to ensure effective protection. In the light of this, the way in which a data privacy law’s extraterritorial application is delineated requires a careful balancing of important
interests. In the European Union’s General Data Protection Regulation (‘GDPR’), it is Article 3 that performs this function, and in this chapter, we make some observations about how well Article 3 works in this role. However, before doing so, we first examine the role that ‘extraterritoriality’ plays in data privacy law and discuss how the “hero” of this volume – Datalagen (1973:289) (hereinafter ‘Datalagen’) – and its evolution in Swedish law, related to extraterritoriality
they delineate the scope of application of those laws. The ‘extraterritorial’ application of a country’s data privacy laws may severely impact different actors outside its borders including e.g., their freedom of expression and their financial interests. At the same time, it is clear that, to ensure effective protection of data subjects’ rights, modern data privacy laws must have extraterritorial application. Different attitudes towards privacy and data protection globally and the lack of global standards fuelled a heated debate among those emphasizing the need for jurisdictional restraint and those stressing the need to ensure effective protection. In the light of this, the way in which a data privacy law’s extraterritorial application is delineated requires a careful balancing of important
interests. In the European Union’s General Data Protection Regulation (‘GDPR’), it is Article 3 that performs this function, and in this chapter, we make some observations about how well Article 3 works in this role. However, before doing so, we first examine the role that ‘extraterritoriality’ plays in data privacy law and discuss how the “hero” of this volume – Datalagen (1973:289) (hereinafter ‘Datalagen’) – and its evolution in Swedish law, related to extraterritoriality
Translated title of the contribution | Challenges to the extraterritorial enforcement of data privacy law – EU case study |
---|---|
Original language | Swedish |
Title of host publication | Dataskyddet 50 år – historia, aktuella problem och framtid |
Editors | Martin Brinnen, Cecilia Magnusson Sjöberg, David Törngren, Daniel Westman, Sören Öman |
Publisher | eddy.se ab |
Pages | 127-153 |
Number of pages | 28 |
ISBN (Print) | 978-91-89840-02-7 |
Publication status | Published - 2023 |