Law Applicable to Personal Data Protection on the Internet: Some Private International Law Issues
Anuario Español de Derecho Internacional Privado XVIII (2018) 163-192
Centro de Investigação de Direito Privado (CIDP) Research Paper No. 10
31 Pages Posted: 18 Apr 2019 Last revised: 1 Aug 2022
Date Written: October 3, 2018
Abstract
In relationships with relevant contacts with more than one sovereign State (transnational relationships), personal data protection raises an issue of determination of the applicable law. The applicable law can either be a national law or a supranational instrument, which unifies or uniformizes the rules applicable in the States bound by it.
The Reg. (EU) no 2016/679, on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (GDPR) laid down a developed body of uniform material rules on personal data protection. The problems of determination of the applicable law, however, are not suppressed. These problems are raised mainly at three levels: first, the determination of the spatial scope of application of the GDPR; second, the determination of the applicable law when the GDPR refers to the law of the Member States; and third, the determination of the national law applicable to issues that the GDPR does not govern, not even by reference, such as most of the issues relating to torts resulting from the breach of the GDPR provisions.
The aim of this essay is to provide a first approach to these problems and their solution in the internet context.
Keywords: General Data Protection Regulation, Law applicable to personal data protection, Internet, Law applicable to personality rights, Personal data protection, Law applicable to internet torts
JEL Classification: K13, K33, K39
Suggested Citation: Suggested Citation