The territorial scope of European law will largely evolve in favor of a new extraterritorial application. Indeed, the next general data protection regulation will respond to the development of cross-border flows. In addition, more and more companies are using foreign hosts, for example, to store their data. The problem is that most of them apply their internal law standards to this data, without worrying about European rules, even though they are Iran Email List data concerning European citizens! We remember very well the Safe Harbor which, in the end, was almost always erased in favor of American standards of domestic law … The regulation aims to put an end to this problem.

What will be the territorial scope of European law with this regulation? And what will be the consequences on the transfers of client-prospect files? Extension of the territorial scope of European law to external actors European actors “From the moment when companies decide to do business with the personal data of European citizens, they will have to comply with this regulation”, Me Sadde. Indeed, one of the major changes initiated by the new regulation lies in its territorial scope. Currently, European law only applies to European data controllers or to companies established in the territory of a state of the union. Only foreign companies having an establishment or a subsidiary in the territory of the union are also subject to it …

From May 2018, this application should give way

To an extraterritorial application of European Union law. Indeed, article 3 of the regulation defines this new principle. First of all, the regulation will apply to personal data exploited by a manager or a subcontractor located in the territory of the Union and, this, regardless of whether the processing is carried out in Europe or not. Thus, all managers and subcontractors located in the territory of a member state will be subject to these regulations. Non-European actors The real novelty lies in paragraph 2 of the article. Indeed, non-European players are concerned when they process the data of European citizens. In addition, the article states that from the moment you process data concerning a European citizen, you will be affected by the regulation. The connecting criterion is therefore no longer the same.

From now on, the text retains activities directed towards the European Union, even in the physical absence of the company on its territory. Consequently, the regulation requires these companies to choose a representative in the territory of the organization. In addition, the article only concerns two situations in which the processing: Is linked to the activities of offering goods and services to these people Is linked to activities relating to the monitoring of people’s behavior territorial scope of European lawIt will therefore be necessary to assess the intention of the controller to determine whether he is in one of these two situations. For example, if you are a UK company that collects information about natural persons for the purpose of predicting their behavior or preferences, you will be affected by the second hypothesis.

In addition, it should be recalled that the Google Spain case law

Will continue to apply. Thus, a data controller outside the Union but who has an establishment in the territory of the organization, exercising an effective activity there, will remain subject to European regulations. Does the question then arise of the reason for such an enlargement? The reasons for such a territorial extension Expanding the territorial scope of European law The consequent extension of the territorial scope of European law can be explained by the international transfers of data. Indeed, these are in increasing evolution for years. Big Data giants pump the data of European citizens to feed their business without worrying about European rules, not always being subject to them.

In addition, more and more companies trust foreign hosts with servers powerful enough to store their data. However, these are not affected by European law … The increase in all these exchanges gives rise to a certain number of abuses … The regulation aims to ensure optimal protection of the personal data of citizens of the Union, regardless of where in the world they are located! The major objective of this text is therefore to promote the main European principles on the international scene. International data transfers to third countries The expansion of the territorial application of European law is explained by the increase in exchanges and transfers outside the union.

Leave a Reply

Your email address will not be published.