Data Extraterritoriality

95 Tex. L. Rev. See Also 145 (2017)

UCLA School of Law, Public Law Research Paper No. 17-24

16 Pages Posted: 31 Jul 2017 Last revised: 12 Sep 2017

See all articles by Kristen Eichensehr

Kristen Eichensehr

University of Virginia School of Law

Date Written: July 27, 2017

Abstract

Data’s intangibility poses significant difficulties for determining where data is located. The problem is not that data is located nowhere, but that it may be located anywhere, and at least parts of it may be located nearly everywhere. And access to data does not depend on physical proximity.

These implications of data’s intangibility challenge traditional international law on jurisdiction. International jurisdictional rules rest in large part on States’ sovereignty over a particular territory and authority over people and things within it, and they presuppose that the location of people and things are finite and knowable. The era of cloud computing — where data crosses borders seamlessly, parts of a single file may exist in multiple jurisdictions, and data’s storage location often depends on choices by private companies — raises new and difficult questions for States exercising enforcement authority, companies receiving requests from law enforcement agencies, and individuals seeking to protect their privacy.

As a part of the Texas Law Review’s symposium on the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, this Essay critiques Tallinn 2.0’s rules and commentary on the international law governing jurisdiction, especially its treatment of extraterritorial jurisdiction. The Essay first describes the Manual’s rules and commentary on extraterritorial jurisdiction, and then raises a procedural objection to the Manual’s approach, namely that ongoing debates about how to determine data’s location make the law too unsettled for a restatement project. The Essay then highlights several substantive concerns with and questions raised by the Manual’s approach. In light of these critiques, the Essay concludes with some suggestions on how to make progress in resolving conflicting international claims to jurisdiction over data going forward.

Keywords: cyber, cyberspace, jurisdiction, extraterritoriality, extraterritorial jurisdiction, Tallinn Manual, Microsoft, Ireland, cross-border data access, law enforcement, jurisdiction, treaty, Budapest Convention

Suggested Citation

Eichensehr, Kristen, Data Extraterritoriality (July 27, 2017). 95 Tex. L. Rev. See Also 145 (2017), UCLA School of Law, Public Law Research Paper No. 17-24, Available at SSRN: https://ssrn.com/abstract=3009774

Kristen Eichensehr (Contact Author)

University of Virginia School of Law ( email )

580 Massie Road
Charlottesville, VA 22903
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
525
Abstract Views
2,678
Rank
97,933
PlumX Metrics