Data Protection

From a perspective of international law, the General Data Protection Regulation (GDPR) pioneers particularly in terms of its (extraterritorial) application. Whereas in international law, which is based on the Westphalian notion of exclusive state sovereignty, this sovereignty is usually restricted to the state’s own territory and allows for an extraterritorial application of human rights only in exceptional circumstances, the GDPR prominently standardises the domestic-market principle in Article 3(2) GDPR. The …

In algorithmic decision-making systems (ADM systems) machines evaluate and assess human beings and, on this basis, make a decision or provide a forecast or a recommendation for action. Thus, it is not only the data processing as such, but above all the automated decision resulting from the data processing that contains risks for the user. The current international legal framework encompasses such risks by guaranteeing privacy, data protection, personality rights …

The General Data Protection Regulation (GDPR) has come a long way since it was first tabled as proposal by the European Commission on 25 January 2012. Probably, it will be remembered as the biggest achievement of the outgoing Juncker Commission. Despite the fact that Europe plays a second-tier role when it comes to the development and production of data-driven technology and services, research shows that of 132 countries which have …

The collection and processing of our personal data is changing sense-making of the world and ourselves, as are projects of governance surrounding it. In the year since it has become effective, the General Data Protection Regulation (GDPR) has come to represent a global standard for privacy and data protection. Yet, the idea that the GDPR represents a global standard assumes a uniform cultural and political context globally and overlooks broader questions …

The Völkerrechtsblog is happy to announce a forthcoming online symposium on the impact of the EU General Data Protection Regulation (GDPR) on international law. The GDPR is not the only international legal instrument on data protection but it certainly is one of the most influential ones: Since it has become binding in May 2018 it has influenced several data protection reform processes around the world, inside as well as outside …

In her recent blog article, Vishaka Ramesh claims that International Investment Law is violated by Data Protection Principles around the world, supporting her thesis in particular with rules set out by the General Data Protection Regulation of the European Union (GDPR). In her opinion, principles like Data Minimization and Localization are likely to infringe generally accepted principles of investment law, such as the fair and equitable standard of treatment of …

There has been a recent surge in the proliferation of data protection regulations globally, the most recent example of which is the General Data Protection Regulation. Since data protection laws across the world have become increasingly extra-territorial in their reach, there is a higher propensity for foreign entities to be affected by them.

In May 2016, the EU adopted its long-awaited new General Data Protection Regulation (GDPR) and thereby opened a new chapter in the history of European and global data protection law. Meeting the challenges of the 21st century globally linked information-society, it took the EU-institutions more than four years and almost 4,000 amendments to finally agree on a compromise text. While elaborating the GDPR, the EU tried to solve one of the …

It has been almost six weeks since the ECJ handed down its groundbreaking Schrems judgment. This post reflects upon the institutional practices and scholarly discussion following the judgment. The Court held the transfer of data to the US based on the Commission’s safe harbor decision illegal as it violates the essence of the right to privacy. It refrained from setting a grace period. As the judgment concerns many large companies, one …