Extraterritoriality and targeting in EU data privacy law: The weak spot undermining the regulation
Date of this Version
•This article aims to highlight that the conventional focus on distinguishing between territorial jurisdiction and extraterritorial jurisdiction is misguided.
•It also analyses the latest legal developments as to Article 4—which deals with the territorial scope—of the European Data Protection Directive as well as the latest version of its counterpart (Article 3) in the proposed European Data Protection Regulation.
•It will be shown that the direction the EU is taking—focusing on ‘targeting’—requires substantial refinement to avoid ending in frustration; the benefits of the ‘targeting’ test as currently articulated are largely illusory, and the severity of its downsides will no doubt become clear once we see it applied in practice in the data privacy context.
This document has been peer reviewed.