The Devil is in the Detail: Cross Border Application and (In)visible Issue of Applicable Law in the General Data Protection Regulation

9 Baku St. U. L.Rev. 120 (2023)
Article language: English.

The advent of modern technologies has recently exposed the EU data protection regime to significant changes. In this vein, the General Data Protection Regulation (GDPR) has improved the previous EU data protection regime and regulated the exponentially increasing form of data processing activities – the extraterritorial data processing activities – at the required level. Accordingly, the applicability issue has played an intriguing role within the framework of the GDPR. Herewith, this article will explore the issue of determining the applicable law within the GDPR. Whereas the GDPR has uniform applicability on the EU level at first sight, a closer examination reveals that the regulation of certain substantive issues is left to the discretion of the Member States. That said, the non-existence of the rule on determining the applicable law within the GDPR puts its objective in peril.
In this article, the applicability of the GDPR will be analyzed in the context of the territorial and extraterritorial reach. Specifically, the criterion of “establishment” the criterion of “offering goods or services” and “monitoring the data subjects’ behaviours” will be examined in greater detail in this regard. Furthermore, this article will delve into the (in)visible issue – the determination of applicable law – in the framework of the GDPR. As regards this issue, the possible mechanisms will be scrutinized, and viable solutions will be suggested to determine the applicable law in case of the overlapping of the Member States’ laws.

Bu post həm də digər dildə mövcuddur: Azərbaycanca