Project

International organizations and EU data protection law: what limits to the extraterritorial effect of EU law?

Code
3F009219
Duration
01 November 2019 → 31 October 2023
Funding
Research Foundation - Flanders (FWO)
Research disciplines
  • Social sciences
    • European law
    • International law
Keywords
EU law
 
Project description

In the course of the last decade, the EU legal framework governing the processing of personal data has undergone a reform resulting in the adoption of the General Data Protection Regulation (“GDPR”) and Directive 2016/680 (“Law Enforcement Directive”) that became applicable across the EU in May 2018. While non-EU private parties and third countries have fallen within the extensive territorial reach of the EU data protection rules already before the reform, the new laws for the first time directly addressed the situation of international organizations. It has been clarified that all data flows from the EU to international organizations must be compliant with the EU data protection standards. This development raises questions from the point of view of international law, as this requirement might interfere with the autonomy of such organizations, with possible immunities and privileges of some of them and with their different nature, as compared to States. The possible incompatibilities between the EU regime and international law may hamper the functioning of international organizations and their cooperation with both Member States of the EU and private parties that have to comply with the GDPR and/or Law Enforcement Directive. In this context, the question concerning the relationship between EU data protection law and international law governing international organizations arises.