ABSTRACT

Under public international law, a State has a right to exercise jurisdiction and is expected to show restraint when applying extraterritorial jurisdiction. The EU’s Data Protection Directive is far-reaching and has notable effects beyond its territory. The General Data Protection Regulation could serve to broaden these external effects. This expansive application of prescriptive jurisdiction has caused jurisdictional tensions between, for instance, the EU and the US. EU data protection law could conceivably fall into traditional public international law permissive principles of jurisdiction, such as subjective territoriality, objective territoriality, passive personality or the effects doctrine. Whilst there appears to be a shift from territory to personality in European data protection law, territory is still necessary to trigger the application of jurisdiction. The demarcations provided by public international law could offer ways to mitigate transatlantic conflicts in jurisdiction.

Keywords: jurisdiction – data protection – public international law – extraterritoriality