One law to rule them all

On the extraterritorial applicability of the new EU General Data Protection Regulation

Setting the gold standard … In May 2016, the EU adopted its long-awaited new General Data Protection Regulation (GDPR) and thereby opened a new chapter in the history of European and global data protection law. Meeting the challenges of the 21st century globally linked information-society, it took the EU-institutions more than four years and almost 4,000 amendments to finally agree on a compromise text. While elaborating the GDPR, the EU tried …


Current Developments

Schrems – Towards a High Standard of Data Protection for European Citizens

It has been almost six weeks since the ECJ handed down its groundbreaking Schrems judgment. This post reflects upon the institutional practices and scholarly discussion following the judgment. The Court held the transfer of data to the US based on the Commission’s safe harbor decision illegal as it violates the essence of the right to privacy. It refrained from setting a grace period. As the judgment concerns many large companies, one …