Browsing by Author "Supponen, Mirjam"

Today’s global economy has turned into an information economy in which data has become the new commodity. Data can be transferred internationally in a split second. In the process, jurisdictional lines have become blurry, and companies struggle to understand which rules apply to their data processing activities. Jurisdiction in the Internet realm is one of the most complex challenges, especially concerning issues related to data privacy. Different jurisdictions understandably attempt to extend the application of their data privacy rules as far as possible in order to safeguard their citizens’ rights. However, this practice of extraterritoriality has revealed a deeper privacy conflict between the European and American privacy traditions. The EU started its most recent privacy challenge with the US by affirming the so-called “right to be forgotten” in Google Spain SL v. Agencia Española de Protección de Datos (Case C-131/12 May 13, 2014), a decision by the Court of Justice of the European Union (“CJEU”) in May 2014. The decision represents one of the most far-reaching applications of European data privacy laws and one of the first attempts to regulate privacy online in the information age. This and subsequent CJEU decisions have made it increasingly difficult for companies to avoid EU data privacy laws. This thesis begins by exploring context relevant to the greatly differing privacy discussions occurring in the EU and the US – the two most influential privacy jurisdictions of the world. Next, this thesis will examine the legal implications of the Google Spain decision, especially regarding the decision’s territorial scope and impact. The purpose of this thesis is to explore when companies are obligated to follow the European rules on data privacy after Google Spain and related cases, including the widening definition of “establishment” under Article 4(1)(a) of the DPD. Finally, this thesis will consider new ways of defining the extraterritorial effect of EU data privacy law. Although this research primarily assumes an EU perspective, many aspects are relevant to US and international entities.