Our systems are now restored following recent technical disruption, and we’re working hard to catch up on publishing. We apologise for the inconvenience caused. Find out more: https://www.cambridge.org/universitypress/about-us/news-and-blogs/cambridge-university-press-publishing-update-following-technical-disruption
We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.
This journal utilises an Online Peer Review Service (OPRS) for submissions. By clicking "Continue" you will be taken to our partner site
https://mc.manuscriptcentral.com/ajil.
Please be aware that your Cambridge account is not valid for this OPRS and registration is required. We strongly advise you to read all "Author instructions" in the "Journal information" area prior to submitting.
To save this undefined to your undefined account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you used this feature, you will be asked to authorise Cambridge Core to connect with your undefined account.
Find out more about saving content to .
To save this article to your Kindle, first ensure [email protected] is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below.
Find out more about saving to your Kindle.
Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.
The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.
The European Union's (EU) negotiating position on cross-border data flows, which the EU has recently included in its proposal for the World Trade Organization (WTO) talks on e-commerce, not only enshrines the protection of privacy and personal data as fundamental rights, but also creates a broad exception for a Member's restrictions on cross-border transfers of personal data. This essay argues that maintaining such a strong position in trade negotiations is essential for the EU to preserve the internal compatibility of its legal system when it comes to the right to protection of personal data under the EU Charter of Fundamental Rights (EU Charter) and the recently adopted General Data Protection Regulation (GDPR).
The entry into application of the EU General Data Protection Regulation (GDPR) on May 25, 2018 has raised questions about its impact on data processing by intergovernmental organizations that operate under public international law (referred to here as international organizations or IOs). EU data protection law can have impact beyond EU borders, and the global reach of EU law is a well-recognized phenomenon. The GDPR contains numerous references to IOs but does not state whether it applies to them, and this uncertainty has led to tensions between IOs and the European Commission. The issues surrounding IOs’ processing of personal data show how the GDPR can give rise to unexpected questions under public international law, and illustrate the need for greater engagement between EU law and international law.
The consensus view is that European-style data protection (including the General Data Protection Regulation (2016/679) (GDPR)) is becoming the global standard. But this view is not shared by all, with scholars pointing to divergence between European and American approaches to privacy. Determining the relative influence of each model is important. Regulation of the private sector use of personal data can shape economic and social conditions, from the cost of running a business to the relationships between consumers, companies, and their governments. This essay argues that it is too soon to conclude that the European Union has won the competition to influence global data protection and privacy laws, especially as the United States finds itself in the midst of shaping and defining its own privacy regime. I will explore the GDPR's viability as a global regulatory model, raising reasons to doubt that it will ultimately dominate the privacy regulation market. First, the mere fact that the United States is likely to develop a federal privacy regime that will depart from the European model will be influential in its own right. Second, there are compelling economic reasons for private and public entities to lobby against European-style regulation.
The European Union's General Data Protection Regulation (GDPR) is widely viewed as setting a new global standard for the protection of data privacy that is worthy of emulation, even though the relationship between the GDPR and existing international legal protections for the right to privacy remain unexplored. Correspondingly, this essay examines the relationship between these two bodies of law, and finds that the GDPR's provisions are neither necessary nor sufficient to protect the right to privacy as enshrined in Article 17 of the International Covenant on Civil and Political Rights (ICCPR). It argues that there are other equally valid and effective approaches that states can pursue to protect the right to privacy in an increasingly digital world, including the much-maligned American approach of regulating data privacy on a sectoral basis.
The General Data Protection Regulation (GDPR) imposes important transparency and accountability requirements on different actors who process personal data. This is great news for the protection of individual data privacy. However, given that “personal information and human stories are the raw material of journalism,” what does the GDPR mean for freedom of expression and especially for journalistic activity? This essay argues that, although EU states seem to have taken their data protection obligations under the GDPR seriously, efforts to balance this against the right to freedom of expression have been more uneven. The essay concludes that it is of key importance to ensure that the GDPR's safeguards for data privacy do not compromise a free press.