| 英文摘要 |
Currently there has been an unprecedented number of data privacy laws being enacted or revised around the world with most of them being affected by the European Union’s data protection regulations. The EU has had regulations pertaining to data protection since 1995, and the newest legislation, the General Data Protection Regulation (GDPR), went into effect on May 25, 2018. The GDPR not only applies to data processing activities conducted by organizations established in the EU but also extends to its territorial reach with two types of business activities: offering of goods or services to data subjects situated in the EU and monitoring of the behaviour of such data subjects. Given the extensive obligations and stiff penalties imposed by the GDPR, global organizations have been rightly focused on how their own data processing activities may fit within the scope of extraterritorial effect of GDPR. But to date, there has been a degree of uncertainty for organizations regarding the scope of the GDPR’s application outside of the EU. Although Article 3 of the GDPR represents a significant expansion of the territorial reach of an EU Regulation, a global approach to the protection of individuals’ rights is still necessary--especially in the case of the online world, as it does not respect physical or geographical boundaries and thus often gives rise to the question of which law is applicable in the case of online activities. As regulatory changes can prove to be both an opportunity and a challenge, this article aims to examine the extraterritoriality of prior and current EU data privacy law, discuss the key concepts of the provision for applicability of EU data protection laws to non-EU data controller or processor, point out the differences and related questions about the application of extraterritorial effect provisions between Directive and GDPR, and-- finally--provide suggestions toward domestic legislation.
|
本站僅提供期刊文獻檢索。
