Cross-Border Data Protection: Applicable Law and Territorial powers of National Data Protection Supervisors

Chapter 11 provides a critical analysis of private international law with regard to disputes based on torts between private parties arising from infringements of privacy and data protection rights, and defamation, committed by internet communication. This is a fast-developing and changing area. It compares the private international law rules in Germany and England. The proceedings examined in this chapter are civil litigation, as opposed to judicial review of administrative action (Chapter 7). The chapter covers the harmonized rules under the Brussels Regulation and, in particular, the jurisprudence in respect of the mosaic rule established in Shevill and the rules on civil jurisdiction in the General Data Protection Regulation (GDPR). Additionally, where the Brussels Regulation does not apply, it examines in detail the national rules of jurisdiction in Germany and England, in particular the “conflicts of interest” test in Germany, and, for defamation cases in England, the new test on the most appropriate place under the Defamation Act 2013. Since the rules on applicable law for privacy, defamation, and other personality rights cases are not harmonized in the Rome II Regulation, national law prevails. The rules in Germany and England are analysed—contrasting and comparing the approaches in internet cases. It unravels the extraordinarily complicated and twisted knot of jurisdiction and applicable law in the area of personality rights infringements online and brings some clarity to this area. It concludes with some robust suggestions for improving the rules on jurisdiction and applicable law to provide a better balance of conflicting interests.

Download Full-text

Legal and Regulatory Challenges in Facilitating a Sustainable ASEAN E-Commerce Sector

Research Anthology on E-Commerce Adoption, Models, and Applications for Modern Business ◽

10.4018/978-1-7998-8957-1.ch096 ◽

2021 ◽

pp. 1925-1949

Author(s):

Lekha Kunju Pillai Laxman

Keyword(s):

Qualitative Research ◽

Data Protection ◽

Market Access ◽

Secondary Data ◽

Foreign Market ◽

Cross Border ◽

Qualitative Research Design ◽

Security And Reliability ◽

Access Data ◽

Regulatory Challenges

The ASEAN region's potential ability to reap the benefits of e-commerce is considerable, and it is timely to strategize a sustainable pathway for ASEAN's e-commerce market. This chapter explores the arising legal and regulatory challenges with measures needed to facilitate e-commerce activities in the region. A qualitative research design is utilized to review secondary data and analyze ASEAN's current legal and regulatory framework. The findings reveal that despite the untapped potential of the collectively large “ASEAN market,” there are significant challenges to developing e-commerce in some countries. Moreover, there are additional regulatory challenges in tackling a myriad of issues related to cross-border challenges in terms of security and reliability of payments: logistics, customs and border administration, foreign market access, data protection, and the regulatory environment for national and cross-border e-commerce transactions. Some form of legal and regulatory harmonization is required between member nations in order to mutually reap the benefits of e-commerce.

Download Full-text

An Urgent Suggestion to Pour Old Wine into New Bottles: Comment on “A New Jurisprudential Framework for Jurisdiction”

AJIL Unbound ◽

10.1017/s2398772300001215 ◽

2015 ◽

Vol 109 ◽

pp. 81-85 ◽

Cited By ~ 1

Author(s):

Cedric Ryngaert

Keyword(s):

International Law ◽

Data Protection ◽

Legal Framework ◽

The Internet ◽

Technological Evolution ◽

International Jurisdiction ◽

Cross Border ◽

Data Protection Law ◽

Informed Reader ◽

Previous Scholarship

Dan Svantesson is quickly establishing himself as a leading voice in the field or jurisdiction. Coming to this field from Internet and data protection law, he is surely well placed to criticize the current legal framework of international jurisdiction in light of technological evolution, which has made territoriality lose its salience as the cornerstone of jurisdiction. I myself have recently been characterized as one of the border guards of territoriality, on the basis of my earlier monograph on Jurisdiction in International Law. Accordingly, the informed reader might believe that I will severely criticize as iconoclastic such a proposal as Svantesson’s namely, doing away with territoriality as the very linchpin of jurisdiction. As it happens, however, I largely concur with Svantesson’s ideas, at least to the extent they apply to cross-border transactions via the Internet. In this contribution, I argue that the reality of a de-territorialized Internet necessitates jurisdictional rethinking, but that this rethinking in fact heavily relies on previous scholarship, predating the Internet era. The advent of the current era, however, has lent particular urgency to those earlier proposals.

Download Full-text

Processing employees’ personal data during the Covid-19 pandemic

European Labour Law Journal ◽

10.1177/2031952520978994 ◽

2020 ◽

pp. 203195252097899

Author(s):

Seili Suder

Keyword(s):

Data Protection ◽

Health And Safety ◽

Personal Data ◽

Health Data ◽

Body Temperatures ◽

National Data ◽

Pragmatic Approach ◽

General Data Protection Regulation ◽

Nation States ◽

General Data

While needing to ensure the health and safety of their employees during the Covid-19 pandemic, employers face many burning data protection questions, including under what conditions they can process employees’ personal data (in particular health data) and whether gathering personal data concerning employees’ medical history, trips and contacts with infected persons, is allowed. This article focuses on issues that are problematic, based on the analysis of guidance issued by the European Data Protection Board, as well as national data protection authorities and practitioners from 20 countries in response to these concerns. The first section of the article analyses concepts of personal data and health data in the context of Covid-19. Then the article proceeds with exploring what possible legal bases employers can use to process employees’ personal data in general, and health data in particular, under the General Data Protection Regulation when applying different measures to combat Covid-19. In the latter part of the article two practical questions raised by employers – concerning the checking of employees’ body temperatures and informing them of possible infection – are discussed. The analysis indicates that national data protection authorities seem to look for a reasonable and pragmatic approach regarding compliance with the GDPR in light of the Covid-19 emergency. However, their guidance differs in several areas and the views in between nation states are not always aligned. A more specific, clear and uniform pan-European vision concerning the processing of employees’ data in times of emergency is needed to better protect employees and limit the spread of the virus.

Download Full-text

Resolution of Cross-border Securities Disputes under the Scheme ofShanghai-Hong Kong Stock Connect: An Exploration on the Applicable Law

Chinese Journal of International Law ◽

10.1093/chinesejil/jmw003 ◽

2016 ◽

Vol 15 (1) ◽

pp. 167-192

Author(s):

Guangjian TU ◽

Hongyan WANG

Keyword(s):

Hong Kong ◽

Applicable Law ◽

Cross Border

Download Full-text

Applicable Law to Transnational Personal Data: Trends and Dynamics

German Law Journal ◽

10.1017/glj.2020.73 ◽

2020 ◽

Vol 21 (6) ◽

pp. 1283-1308

Author(s):

Jie (Jeanne) Huang

Keyword(s):

Data Protection ◽

Personal Data ◽

Chinese Media ◽

Applicable Law ◽

Personal Data Protection ◽

Regional Coordination ◽

The Law ◽

Model Law ◽

The Right ◽

The Eu

AbstractThe recent COVID-19 outbreak has pushed the tension of protecting personal data in a transnational context to an apex. Using a real case where the personal data of an international traveler was illegally released by Chinese media, this Article identifies three trends that have emerged at each stage of conflict-of-laws analysis for lex causae: (1) The EU, the US, and China characterize the right to personal data differently; (2) the spread-out unilateral applicable law approach comes from the fact that all three jurisdictions either consider the law for personal data protection as a mandatory law or adopt connecting factors leading to the law of the forum; and (3) the EU and China strongly advocate deAmericanization of substantive data protection laws. The trends and their dynamics provide valuable implications for developing the choice of laws for transnational personal data. First, this finding informs parties that jurisdiction is a predominant issue in data breach cases because courts and regulators would apply the law of the forum. Second, currently, there is no international treaty or model law on choice-of-law issues for transnational personal data. International harmonization efforts will be a long and difficult journey considering how the trends demonstrate not only the states’ irreconcilable interests but also how states may consider these interests as their fundamental values that they do not want to trade off. Therefore, for states and international organizations, a feasible priority is to achieve regional coordination or interoperation among states with similar values on personal data protection.

Download Full-text