UDC 342.738(4-672EU)
Biblid: 1451-3188, 19 (2020)
Vol. 19, No 73-74, pp. 41-59
DOI: https://doi.org/10.18485/iipe_ez.2020.19.73_74.3

Оriginal article
Received: 23 Sep 2020
Accepted: 11 Oct 2020

THE LIMITS OF THE EXTRATERRITORIAL EFFECT OF THE EU GENERAL DATA PROTECTION REGULATION

VUČIĆ Mihajlo (Naučni saradnik, Institut za međunarodnu politiku i privredu, Beograd),

The EU General Data Protection Regulation (GDPR) has an impact on standards of data protection in other legal systems due to its extraterritorial effect. The attractive internal market is the main reason for foreign companies that use personal data of the EU citizens or residents in their business operations to comply with its provisions. Therefore the EU jurisdiction stretches extraterritorially. The extraterritorial activity of one sovereign jurisdiction, in principle, is not contrary to international law but creates problems in practical application and enforcement, as well as objections of other sovereign jurisdictions that can claim a stronger link with the legal issue at hand. Through international treaties that regulate the extraterritorial jurisdictional issues, these problems can be solved. However, the right of personal data protection of the GDPR is constructed as a human right, absolutely protected, which automatically negates the effect of such a treaty. The Court of Justice of the EU has shown the willingness to defend the integrity of this right. This article raises the question of whether the attraction of the internal market together with the conception of the right to data protection as a human right can impose the EU’s data protection model as a global model. It is argued that economically powerful states, even if they share human rights values with the EU, can stand the extraterritorial impact of the GDPR shown through the lens of the EU-US relationship. However, the real problem exists in the conflict of jurisdiction with an economic power with a totally different system of values concerning human rights, and especially data protection rights, such as China. In this context, the article’s conclusion states that, in the best scenario, the extraterritorial effect of the GDPR can lead to the EU’s data protection model becoming a role model for a bloc of like-minded legal systems, especially since data protection in current international relations is rather a security than an economic issue.

Keywords: GDPR, extraterritoriality, data protection, right to privacy, EU