Home > Current

Jurisdictional Issues, Extra-Territorial Effect and Future of International Data Transfers

Hasan Özer ( Masaryk University Law Faculty (PhD Candidate), Czechia )



Abstract

In the ever-evolving tapestry of the digital age, the seamless flow of information across borders has become the lifeblood of global commerce and communication. At the heart of this digital symphony lies cyberspace; an expansive, borderless realm where traditional concepts of jurisdiction and territoriality are constantly being redefined. As we navigate this brave new world, the complexities of international data transfers emerge as a critical area of concern, demanding our attention and innovative thinking.

The digital age has ushered in an era where data is often likened to the new oil, fueling the engines of the global economy. From multinational corporations orchestrating complex supply chains to individuals engaging in cross-border e-commerce, the ability to transfer data across international boundaries is indispensable. It is estimated that by 2025, the global data sphere will grow to 175 zettabytes, with a significant portion of this data crossing international borders. Yet, with this exponential growth comes a web of legal complexities, as data often traverses multiple jurisdictions, each with its own regulatory tapestry.

Historically, jurisdiction has been a function of geography, with clear-cut boundaries delineating the reach of legal authority. However, in the digital realm, where information can be transmitted instantaneously across continents, these boundaries blur, posing significant challenges for legal frameworks that were designed for a pre-digital era. The inherent fluidity in data storage and transfer underscores the need to rethink how jurisdiction is determined and exercised in the digital age.

As we delve deeper into the complexities of cyberspace, we will explore the historical context and traditional concepts of jurisdiction and territoriality, examine case studies and legal precedents, and analyze the challenges in determining applicable law for data transfers. We will also address the tautological issues that arise in international data transfers and propose both theoretical and practical solutions. Finally, we will discuss the role of sovereignty and the rule of law in data transfers, and offer recommendations for harmonizing international data protection laws to create a unified framework that balances data privacy with global data flows.

In this brave new world of digital interconnectedness, the stakes are high, and the need for innovative legal solutions is paramount. Let us embark on this journey together, navigating the complexities of international data transfers and striving to create a more secure and compliant digital future.

Keywords

Data protection; International data transfers; Future privacy technologies; Data privacy; GDPR; Data transfer mechanisms

Full Text

PDF

References

[1].Berman, Paul Schiff. “The Globalization of Jurisdiction.” SSRN Scholarly Paper. Rochester, NY, April 10, 2002. https://doi.org/10.2139/ssrn.304621.
[2].Born, Gary B., and Peter B. Rutledge. International Civil Litigation in United States Courts. Aspen Publishing, 2022.
[3].Buiten, Miriam, Alexandre de Streel, and Martin Peitz. “The Law and Economics of AI Liability.” Computer Law & Security Review 48 (April 1, 2023): 105794. https://doi.org/10.1016/j.clsr.2023.105794.
[4].Chander, Anupam, and Uyên Lê. “Data Nationalism.” Emory Law Journal 64, no. 3 (January 1, 2015): 677.
[5].Columbia Journal of Transnational Law. “The Personal Information Protection Law: China’s Version of the GDPR?,” February 14, 2022. https://www.jtl.columbia.edu/bulletin-blog/the-personal-information-protection-law-chinas-version-of-the-gdpr.
[6].“Convention on Cybercrime.” In Wikipedia, May 9, 2024. https://en.wikipedia.org/w/index.php?title=Convention_on_Cybercrime&oldid=1223060166.
[7].“Cost of a Data Breach 2023 | IBM.” Accessed July 13, 2024. https://www.ibm.com/reports/data-breach.
[8].Cross Border Privacy Rules System. “Cross Border Privacy Rules System.” Accessed June 16, 2024. https://cbprs.org/.
[9].“Data Privacy Framework.” Accessed June 29, 2024. https://www.dataprivacyframework.gov/.
[10].Dijk, Marten van, Craig Gentry, Shai Halevi, and Vinod Vaikuntanathan. “Fully Homomorphic Encryption over the Integers,” 2009. Cryptology ePrint Archive. https://eprint.iacr.org/2009/616.
[11].European Commission - European Commission. “Adequacy Decision for Safe EU-US Data Flows.” Text. Accessed July 9, 2024. https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3721.
[12].Gatteschi, Valentina, Fabrizio Lamberti, Claudio Demartini, Chiara Pranteda, and Víctor Santamaría. “Blockchain and Smart Contracts for Insurance: Is the Technology Mature Enough?” Future Internet 10, no. 2 (February 2018): 20. https://doi.org/10.3390/fi10020020.
[13].Goldsmith, Jack, and Tim Wu. “Who Controls the Internet?: Illusions of a Borderless World.” Faculty Books, January 1, 2006. https://doi.org/10.1093/oso/9780195152661.001.0001.
[14].Google Spain SL and Google Inc v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González, No. Case C‑131/12 (ECJ May 13, 2014).
[15].Greenleaf, Graham. “Global Data Privacy Laws 2019: 132 National Laws & Many Bills.” SSRN Scholarly Paper. Rochester, NY, February 8, 2019. https://papers.ssrn.com/abstract=3381593.
[16].Hartley, Trevor. International Commercial Litigation: Text, Cases and Materials on Private International Law, 2015. https://doi.org/10.1017/CBO9781316155776.
[17].Hert, Paul, and Vagelis Papakonstantinou. “The New General Data Protection Regulation: Still a Sound System for the Protection of Individuals?” Computer Law & Security Review 32 (March 1, 2016). https://doi.org/10.1016/j.clsr.2016.02.006.
[18].“International Data Transfers.” ICO, October 19, 2023. https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/the-uk-gdpr/international-data-transfers/.
[19].Jakab, András. “Informal Institutional Elements as Both Preconditions and Consequences of Effective Formal Legal Rules: The Failure of Constitutional Institution Building in Hungary.” The American Journal of Comparative Law 68, no. 4 (December 1, 2020): 760–800. https://doi.org/10.1093/ajcl/avaa031.
[20].joachimd. “ICC Dispute Resolution Statistics: 2023.” ICC - International Chamber of Commerce, June 24, 2024. https://iccwbo.org/news-publications/news/icc-dispute-resolution-statistics-2023/.
[21].Johnson, David R., and David Post. “Law and Borders: The Rise of Law in Cyberspace.” Stanford Law Review 48, no. 5 (1996): 1367–1402. https://doi.org/10.2307/1229390.
[22].Justia Law. “International Shoe Co. v. Washington, 326 U.S. 310 (1945).” Accessed June 15, 2024. https://supreme.justia.com/cases/federal/us/326/310/.
[23].Justia Law. “Yahoo!, Inc. v. La Ligue Contre Le Racisme, 169 F. Supp. 2d 1181 (N.D. Cal. 2001),” June 18, 2024. https://law.justia.com/cases/federal/district-courts/FSupp2/169/1181/2423974/.
[24].Justia Law. “Zippo Mfg. Co. v. Zippo Dot Com, Inc., 952 F. Supp. 1119 (W.D. Pa. 1997),” June 18, 2024. https://law.justia.com/cases/federal/district-courts/FSupp/952/1119/1432344/.
[25].Kerr, Orin S. “The Problem of Perspective in Internet Law.” SSRN Scholarly Paper. Rochester, NY, May 18, 2002. https://doi.org/10.2139/ssrn.310020.
[26].Kuner, Christopher. “Schrems II Re-Examined.” Verfassungsblog, August 25, 2020. https://verfassungsblog.de/schrems-ii-re-examined/.
[27].Transborder Data Flows and Data Privacy Law. Oxford University Press, 2013. https://doi.org/10.1093/acprof:oso/9780199674619.001.0001.
[28].LII / Legal Information Institute. “Conflict of Laws.” Accessed June 29, 2024. https://www.law.cornell.edu/wex/conflict_of_laws.
[29].MIT Press. “The Governance of Privacy.” Accessed July 9, 2024. https://mitpress.mit.edu/9780262524537/the-governance-of-privacy/.
[30].Peifer, Karl-Nikolaus. “Transatlantic Data Privacy Law.” THE GEORGETOWN LAw JOURNAL 106 (n.d.).
[31].Polčák, Radim, and Dan Jerker B. Svantesson. Information Sovereignty: Data Privacy, Sovereign Powers and the Rule of Law. Edward Elgar Publishing, 2017.
[32].PricewaterhouseCoopers. “Transcript: 2023 Global DTI Survey Key Findings.” PwC. Accessed July 13, 2024. https://www.pwc.com/gx/en/issues/cybersecurity/global-digital-trust-insights/transcript-2023-global-dti-survey-key-findings.html.
[33].“Proof of Foreign Law: A Guide for Judges | Federal Judicial Center.” Accessed June 29, 2024. https://www.fjc.gov/content/373797/proof-foreign-law-guide-judges.
[34].Reinsel, David, John Gantz, and John Rydning. “The Digitization of the World from Edge to Core,” 2018.
[35].Review, Stanford Law, and tribe. “The Right to Be Forgotten.” Stanford Law Review, February 13, 2012. https://www.stanfordlawreview.org/online/privacy-paradox-the-right-to-be-forgotten/.
[36].Secureframe. “Why Compliance Automation Is a Strategic Advantage for Modern Organizations.” Accessed July 9, 2024. https://secureframe.com/blog/compliance-automation.
[37].Shaw, Malcolm N. International Law. Cambridge University Press, 2017.
[38].The Economist. “The World’s Most Valuable Resource Is No Longer Oil, but Data.” Accessed July 13, 2024. https://www.economist.com/leaders/2017/05/06/the-worlds-most-valuable-resource-is-no-longer-oil-but-data.
[39].TrustArc. “Why Your Business Needs an EU-US Data Privacy Framework Verification.” Accessed June 29, 2024. https://trustarc.com/resource/business-eu-us-data-privacy-framework-verification/.
[40].Yakovleva, Svetlana. “Privacy Protection(Ism): The Latest Wave of Trade Constraints on Regulatory Autonomy,” n.d., 105.
[41].Zyskind, Guy, Oz Nathan, and Alex Pentland. “Enigma: Decentralized Computation Platform with Guaranteed Privacy.” arXiv, June 10, 2015. https://doi.org/10.48550/arXiv.1506.03471.

Copyright © 2026 Hasan Özer Creative Commons License Publishing time:2026-01-20
This work is licensed under a Creative Commons Attribution 4.0 International License