The Territorial Scope of GDPR - Conditions, Extraterritorial Application and Implications

Ruan, Kehan

The Territorial Scope of GDPR - Conditions, Extraterritorial Application and Implications

Mark

Ruan, Kehan ^LU (2024) HARN63 20241
Department of Business Law

Abstract: The General Data Protection Regulation (GDPR) has been called the strictest data protection law in history, and one of the key reasons for this is due to its vast territorial scope, which allows it to be applied to non-EU entities as long as the relevant conditions are met. Such a broad extraterritorial application has greatly improved the level of data protection, but it has also triggered some controversies and concerns.
This thesis takes the territorial scope of the GDPR as the subject of study, analyses the conditions for the application of Article 3 of the GDPR as well as evaluates it through the interpretation of the legislation and the case law. Then, the paper analyses the conflicts and shortcomings of the rule in practical... (More); The General Data Protection Regulation (GDPR) has been called the strictest data protection law in history, and one of the key reasons for this is due to its vast territorial scope, which allows it to be applied to non-EU entities as long as the relevant conditions are met. Such a broad extraterritorial application has greatly improved the level of data protection, but it has also triggered some controversies and concerns.
This thesis takes the territorial scope of the GDPR as the subject of study, analyses the conditions for the application of Article 3 of the GDPR as well as evaluates it through the interpretation of the legislation and the case law. Then, the paper analyses the conflicts and shortcomings of the rule in practical application, involving the conflicts and interactions between the territorial scope and the data transfer rules, with the problems encountered in the practice of the representative regime. It proposes solutions such as merging the territorial scope and data transfer rules and guiding the commercialization of representative services. The last part of the thesis explores the implications of the extraterritorial application of the GDPR from an international trade perspective, where some of the GDPR's rules may potentially violate the national treatment and most favoured nation (MFN) requirements of the GATS, either de jure or de facto. In addition, it may create three types of trade barriers: social, regulatory, and technical. Finally, recommendations are provided to help eliminate trade barriers for third countries and the EU respectively. For third countries, it is possible to apply for adequacy decisions, upgrade the level of domestic data protection, and promote data protection standards that are in the national interest. For the EU, more interpretations and guidelines can be developed, and asymmetric enforcement can be implemented. (Less)

Please use this url to cite or link to this publication: http://lup.lub.lu.se/student-papers/record/9154031

author

Ruan, Kehan ^LU

supervisor

Jonas Ledendal ^LU

organization

Department of Business Law

course

HARN63 20241

year

2024

type

H1 - Master's Degree (One Year)

subject

Law and Political Science

keywords

GDPR, Territorial scope, Extraterritorial application, Data transfer, International trade, GATS, Trade barrier

language

English

id

9154031

date added to LUP

2024-06-10 11:23:53

date last changed

2024-06-10 11:23:53

@misc{9154031,
  abstract     = {{The General Data Protection Regulation (GDPR) has been called the strictest data protection law in history, and one of the key reasons for this is due to its vast territorial scope, which allows it to be applied to non-EU entities as long as the relevant conditions are met. Such a broad extraterritorial application has greatly improved the level of data protection, but it has also triggered some controversies and concerns. 
This thesis takes the territorial scope of the GDPR as the subject of study, analyses the conditions for the application of Article 3 of the GDPR as well as evaluates it through the interpretation of the legislation and the case law. Then, the paper analyses the conflicts and shortcomings of the rule in practical application, involving the conflicts and interactions between the territorial scope and the data transfer rules, with the problems encountered in the practice of the representative regime. It proposes solutions such as merging the territorial scope and data transfer rules and guiding the commercialization of representative services. The last part of the thesis explores the implications of the extraterritorial application of the GDPR from an international trade perspective, where some of the GDPR's rules may potentially violate the national treatment and most favoured nation (MFN) requirements of the GATS, either de jure or de facto. In addition, it may create three types of trade barriers: social, regulatory, and technical. Finally, recommendations are provided to help eliminate trade barriers for third countries and the EU respectively. For third countries, it is possible to apply for adequacy decisions, upgrade the level of domestic data protection, and promote data protection standards that are in the national interest. For the EU, more interpretations and guidelines can be developed, and asymmetric enforcement can be implemented.}},
  author       = {{Ruan, Kehan}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{The Territorial Scope of GDPR - Conditions, Extraterritorial Application and Implications}},
  year         = {{2024}},
}

LUP Student Papers

LUND UNIVERSITY LIBRARIES

The Territorial Scope of GDPR - Conditions, Extraterritorial Application and Implications