SlideShare a Scribd company logo

The long arm of the gdpr

M
Mathew Chacko

Aadya Misra on the GDPR and extraterritoriality

Law
1 of 9
Download to read offline
THE LONG ARM OF THEGDPR THE EXTRATERRITORIAL EFFECT
ARTICLE 3 TERRITORIAL SCOPEOF THEGDPR – It applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the EU, regardless of whether the processing takes place in the Union or not. – The GDPR applies to the processing of personal data of data subjects who are in the EU by a controller or processor not established in the EU, where the processing activities are related to: – the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the EU; or – the monitoring of their behaviour as far as their behaviour takes place within the EU. – The GDPR applies to the processing of personal data by a controller not established in the EU, but in a place where a law of a member state applies by virtue of public international law.
CRITERION 1: OFFERINGOF GOODSAND SERVICES – The mere accessibility of an establishment’s website in the EU is an insufficient factor. – The organization must ”envisage” that its activities will be directed to data subjects in the EU. – Factors to determine whether an organization offers goods and services include: – Use of a language or currency that is often used within one or more member states of the EU; – Possibility of ordering goods or services in the language of that member state; – The mention of customers or users within the EU.
CRITERION 1: OFFERINGOF GOODSAND SERVICES – An intention to target EU customers may be determined by “patent evidence”, such as the payment of money to a search engine to facilitate access by those within a country or where targeted countries are designated by name. – Certain other factors may evidence the above-mentioned intention: – The “international nature” of the relevant activity (for example: certain tourist activities); – Use of telephone numbers with an international code; – Use of a top-level domain name other than that of the state in which the trader is established (such as .de or .eu); – Description of “itineraries…from countries to the place where the service is provided”; – Mentions of an “international clientele composed of customers domiciled in various countries”.
CRITERION 2: MONITORING OF BEHAVIOUR – The following factors would help determine whether a processing activity could be considered ”monitoring behavior” of data subjects in the EU: – Are they tracked on the internet? – Are these persons profiled? – Does the profiling result in decisions concerning the person? – Does the profiling result in analyzing or predicting the person’s personal preferences, behaviours, attitudes, etc.? – Examples include: – online behavioural advertising; – travel data of individuals using a city’s public transport system (for example: tracking via travel cards); – profiling and scoring for the purposes of risk assessment (for example: credit scoring, insurance premiums, fraud prevention, detection of money-laundering); – location tracking; – monitoring of wellness, fitness and health data via wearable devices.
REPRESENTATIVES – If an establishment offers goods or services to data subjects in the EU or monitor the behaviours of such data subjects, they need to appoint “representatives”. – Representatives should be appointed by a written mandate. – Representatives can be natural or legal persons. – These representatives should be established in countries where the data subjects are. – They are available locally to data subjects and act as intermediaries between them and the controller or processor located overseas. – There is an implication that representatives could be named as parties in administrative actions or litigation.
EXCEPTIONS FOR APPOINTINGA REPRESENTATIVE – If the processing is occasional; – If it does not include processing, on a large scale, of special categories of personal data or the processing of personal data relating to criminal convictions and offences and if it is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; – If the controller is a public authority or body.
ISSUESWITH ENFORCEMENT – The mechanism for overseas enforcement of the GDPR is currently unclear.
ThankYou! If you have any questions, please reach out to aadya.misra@spiceroutlegal.com

Recommended

LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...Dr. Oliver Massmann
 
Protecting rights at the canadian border
Protecting rights at the canadian borderProtecting rights at the canadian border
Protecting rights at the canadian borderMy Consultant
 
Time to slow down? Measured respondes to the fake news crisis
Time to slow down? Measured respondes to the fake news crisisTime to slow down? Measured respondes to the fake news crisis
Time to slow down? Measured respondes to the fake news crisismrleiser
 
Integrated criminal and justice information system of Korea
Integrated criminal and justice information system of KoreaIntegrated criminal and justice information system of Korea
Integrated criminal and justice information system of KoreaYoungTae (Henry) Huh
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report- Mark - Fullbright
 
Legislation Exercise
Legislation ExerciseLegislation Exercise
Legislation ExerciseHadil Hammad
 
Know your rights protection against facial recognition software.
Know your rights protection against facial recognition software.Know your rights protection against facial recognition software.
Know your rights protection against facial recognition software.Diganth Raj Sehgal
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 

Recommended

LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...Dr. Oliver Massmann
 
Protecting rights at the canadian border
Protecting rights at the canadian borderProtecting rights at the canadian border
Protecting rights at the canadian borderMy Consultant
 
Time to slow down? Measured respondes to the fake news crisis
Time to slow down? Measured respondes to the fake news crisisTime to slow down? Measured respondes to the fake news crisis
Time to slow down? Measured respondes to the fake news crisismrleiser
 
Integrated criminal and justice information system of Korea
Integrated criminal and justice information system of KoreaIntegrated criminal and justice information system of Korea
Integrated criminal and justice information system of KoreaYoungTae (Henry) Huh
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report- Mark - Fullbright
 
Legislation Exercise
Legislation ExerciseLegislation Exercise
Legislation ExerciseHadil Hammad
 
Know your rights protection against facial recognition software.
Know your rights protection against facial recognition software.Know your rights protection against facial recognition software.
Know your rights protection against facial recognition software.Diganth Raj Sehgal
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 
Cyber Crime in Government
Cyber Crime in GovernmentCyber Crime in Government
Cyber Crime in GovernmentJacqueline Fick
 
Privacy politics in the UK
Privacy politics in the UKPrivacy politics in the UK
Privacy politics in the UKblogzilla
 
2015 Internet Crime Report
2015 Internet Crime Report 2015 Internet Crime Report
2015 Internet Crime Report Rob Wilson
 
Fighting Telephone Trickery Using Consumer Protection Laws
Fighting Telephone Trickery Using Consumer Protection Laws Fighting Telephone Trickery Using Consumer Protection Laws
Fighting Telephone Trickery Using Consumer Protection Laws Community Legal Education Ontario (CLEO)
 
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Ben Allen
 
Leg4
Leg4 Leg4
Leg4 brock55
 
M.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnM.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnMetamorphosis
 
Cybercrime convention
Cybercrime conventionCybercrime convention
Cybercrime conventionmoldovaictsummit2016
 
Cybercrime law
Cybercrime lawCybercrime law
Cybercrime lawTearsome Llantada
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
 
FACEBOOK PHOTOS COULD BE ADDED TO AUSTRALIA'S FACIAL VERIFICATION DATABASE
FACEBOOK PHOTOS COULD BE ADDED TO AUSTRALIA'S FACIAL VERIFICATION DATABASEFACEBOOK PHOTOS COULD BE ADDED TO AUSTRALIA'S FACIAL VERIFICATION DATABASE
FACEBOOK PHOTOS COULD BE ADDED TO AUSTRALIA'S FACIAL VERIFICATION DATABASEMichael Giffney
 
Surveillance and data retention in Poland
Surveillance and data retention in PolandSurveillance and data retention in Poland
Surveillance and data retention in PolandRemigiuszRosicki
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesGiannisBasa
 
Cyber Crime Laws of Pakistan
Cyber Crime Laws of PakistanCyber Crime Laws of Pakistan
Cyber Crime Laws of PakistanShahzaib Mahesar
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
Current State of Personal Data Protection in Electronic Voting: Criteria and ...
Current State of Personal Data Protection in Electronic Voting: Criteria and ...Current State of Personal Data Protection in Electronic Voting: Criteria and ...
Current State of Personal Data Protection in Electronic Voting: Criteria and ...TELKOMNIKA JOURNAL
 
Academic letter re changes in surveillance law
Academic letter re changes in surveillance lawAcademic letter re changes in surveillance law
Academic letter re changes in surveillance lawAndrew Murray
 
Tools for Assisting Identity Theft Victims
Tools for Assisting Identity Theft VictimsTools for Assisting Identity Theft Victims
Tools for Assisting Identity Theft VictimsIDLegalAid
 
Szymon Osowski - Freedom Of Information, Putting Human Right In The Legal Con...
Szymon Osowski - Freedom Of Information, Putting Human Right In The Legal Con...Szymon Osowski - Freedom Of Information, Putting Human Right In The Legal Con...
Szymon Osowski - Freedom Of Information, Putting Human Right In The Legal Con...Sieć Obywatelska Watchdog Polska
 
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9...
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9...Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9...
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9...Kimberly-Clark
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)BenjaminShalevSalovi
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmChris White
 

More Related Content

What's hot

Cyber Crime in Government
Cyber Crime in GovernmentCyber Crime in Government
Cyber Crime in GovernmentJacqueline Fick
 
Privacy politics in the UK
Privacy politics in the UKPrivacy politics in the UK
Privacy politics in the UKblogzilla
 
2015 Internet Crime Report
2015 Internet Crime Report 2015 Internet Crime Report
2015 Internet Crime Report Rob Wilson
 
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Ben Allen
 
M.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnM.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnMetamorphosis
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
 
FACEBOOK PHOTOS COULD BE ADDED TO AUSTRALIA'S FACIAL VERIFICATION DATABASE
FACEBOOK PHOTOS COULD BE ADDED TO AUSTRALIA'S FACIAL VERIFICATION DATABASEFACEBOOK PHOTOS COULD BE ADDED TO AUSTRALIA'S FACIAL VERIFICATION DATABASE
FACEBOOK PHOTOS COULD BE ADDED TO AUSTRALIA'S FACIAL VERIFICATION DATABASEMichael Giffney
 
Surveillance and data retention in Poland
Surveillance and data retention in PolandSurveillance and data retention in Poland
Surveillance and data retention in PolandRemigiuszRosicki
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesGiannisBasa
 
Cyber Crime Laws of Pakistan
Cyber Crime Laws of PakistanCyber Crime Laws of Pakistan
Cyber Crime Laws of PakistanShahzaib Mahesar
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
Current State of Personal Data Protection in Electronic Voting: Criteria and ...
Current State of Personal Data Protection in Electronic Voting: Criteria and ...Current State of Personal Data Protection in Electronic Voting: Criteria and ...
Current State of Personal Data Protection in Electronic Voting: Criteria and ...TELKOMNIKA JOURNAL
 
Academic letter re changes in surveillance law
Academic letter re changes in surveillance lawAcademic letter re changes in surveillance law
Academic letter re changes in surveillance lawAndrew Murray
 
Tools for Assisting Identity Theft Victims
Tools for Assisting Identity Theft VictimsTools for Assisting Identity Theft Victims
Tools for Assisting Identity Theft VictimsIDLegalAid
 
Szymon Osowski - Freedom Of Information, Putting Human Right In The Legal Con...
Szymon Osowski - Freedom Of Information, Putting Human Right In The Legal Con...Szymon Osowski - Freedom Of Information, Putting Human Right In The Legal Con...
Szymon Osowski - Freedom Of Information, Putting Human Right In The Legal Con...Sieć Obywatelska Watchdog Polska
 
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9...
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9...Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9...
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9...Kimberly-Clark
 

What's hot (20)

Cyber Crime in Government
Cyber Crime in GovernmentCyber Crime in Government
Cyber Crime in Government
 
Privacy politics in the UK
Privacy politics in the UKPrivacy politics in the UK
Privacy politics in the UK
 
2015 Internet Crime Report
2015 Internet Crime Report 2015 Internet Crime Report
2015 Internet Crime Report
 
Fighting Telephone Trickery Using Consumer Protection Laws
Fighting Telephone Trickery Using Consumer Protection Laws Fighting Telephone Trickery Using Consumer Protection Laws
Fighting Telephone Trickery Using Consumer Protection Laws
 
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
Navigating Privacy Laws When Developing And Deploying Location Tracking Appli...
 
Leg4
Leg4 Leg4
Leg4
 
M.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnM.Marusic Dzlp E Society En
M.Marusic Dzlp E Society En
 
Cybercrime convention
Cybercrime conventionCybercrime convention
Cybercrime convention
 
Cybercrime law
Cybercrime lawCybercrime law
Cybercrime law
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud Services
 
FACEBOOK PHOTOS COULD BE ADDED TO AUSTRALIA'S FACIAL VERIFICATION DATABASE
FACEBOOK PHOTOS COULD BE ADDED TO AUSTRALIA'S FACIAL VERIFICATION DATABASEFACEBOOK PHOTOS COULD BE ADDED TO AUSTRALIA'S FACIAL VERIFICATION DATABASE
FACEBOOK PHOTOS COULD BE ADDED TO AUSTRALIA'S FACIAL VERIFICATION DATABASE
 
Surveillance and data retention in Poland
Surveillance and data retention in PolandSurveillance and data retention in Poland
Surveillance and data retention in Poland
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization Issues
 
Cyber Crime Laws of Pakistan
Cyber Crime Laws of PakistanCyber Crime Laws of Pakistan
Cyber Crime Laws of Pakistan
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)
 
Current State of Personal Data Protection in Electronic Voting: Criteria and ...
Current State of Personal Data Protection in Electronic Voting: Criteria and ...Current State of Personal Data Protection in Electronic Voting: Criteria and ...
Current State of Personal Data Protection in Electronic Voting: Criteria and ...
 
Academic letter re changes in surveillance law
Academic letter re changes in surveillance lawAcademic letter re changes in surveillance law
Academic letter re changes in surveillance law
 
Tools for Assisting Identity Theft Victims
Tools for Assisting Identity Theft VictimsTools for Assisting Identity Theft Victims
Tools for Assisting Identity Theft Victims
 
Szymon Osowski - Freedom Of Information, Putting Human Right In The Legal Con...
Szymon Osowski - Freedom Of Information, Putting Human Right In The Legal Con...Szymon Osowski - Freedom Of Information, Putting Human Right In The Legal Con...
Szymon Osowski - Freedom Of Information, Putting Human Right In The Legal Con...
 
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9...
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9...Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9...
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9...
 

Similar to The long arm of the gdpr

General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)BenjaminShalevSalovi
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmChris White
 
Who needs a EU representative according to GDPR article 27?
Who needs a EU representative according to GDPR article 27?Who needs a EU representative according to GDPR article 27?
Who needs a EU representative according to GDPR article 27?idc-representative
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Edouard Nguyen
 
Board Priorities for GDPR Implementation
Board Priorities for GDPR ImplementationBoard Priorities for GDPR Implementation
Board Priorities for GDPR ImplementationJoseph V. Moreno
 
GDPR - Are you ready?
GDPR - Are you ready?GDPR - Are you ready?
GDPR - Are you ready?VILT
 
White-Paper_Security-DBSec_EU-GDPR_06-2016
White-Paper_Security-DBSec_EU-GDPR_06-2016White-Paper_Security-DBSec_EU-GDPR_06-2016
White-Paper_Security-DBSec_EU-GDPR_06-2016stefanjung
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization Vishnuvarthanan Moorthy
 
Data protection for Lend.io - legal analysis by Bird and Bird
Data protection for Lend.io - legal analysis by Bird and BirdData protection for Lend.io - legal analysis by Bird and Bird
Data protection for Lend.io - legal analysis by Bird and BirdCoadec
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
Kyte GDPR Compliance - Offered Services
Kyte GDPR Compliance - Offered ServicesKyte GDPR Compliance - Offered Services
Kyte GDPR Compliance - Offered ServicesKyte Consultants Ltd.
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection ActYizi
 
Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)Kwanko
 
Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...
Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...
Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...Andrea Leonardi
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
 
20131009 aon security breach legislation
20131009 aon security breach legislation20131009 aon security breach legislation
20131009 aon security breach legislationJos Dumortier
 
GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GreenRope
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookPlr-Printables
 

Similar to The long arm of the gdpr (20)

General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, Ecosystm
 
Who needs a EU representative according to GDPR article 27?
Who needs a EU representative according to GDPR article 27?Who needs a EU representative according to GDPR article 27?
Who needs a EU representative according to GDPR article 27?
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?
 
Board Priorities for GDPR Implementation
Board Priorities for GDPR ImplementationBoard Priorities for GDPR Implementation
Board Priorities for GDPR Implementation
 
GDPR - Are you ready?
GDPR - Are you ready?GDPR - Are you ready?
GDPR - Are you ready?
 
White-Paper_Security-DBSec_EU-GDPR_06-2016
White-Paper_Security-DBSec_EU-GDPR_06-2016White-Paper_Security-DBSec_EU-GDPR_06-2016
White-Paper_Security-DBSec_EU-GDPR_06-2016
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization
 
Data protection for Lend.io - legal analysis by Bird and Bird
Data protection for Lend.io - legal analysis by Bird and BirdData protection for Lend.io - legal analysis by Bird and Bird
Data protection for Lend.io - legal analysis by Bird and Bird
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
 
Kyte GDPR Compliance - Offered Services
Kyte GDPR Compliance - Offered ServicesKyte GDPR Compliance - Offered Services
Kyte GDPR Compliance - Offered Services
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)
 
MySQL GDPR Whitepaper
MySQL GDPR WhitepaperMySQL GDPR Whitepaper
MySQL GDPR Whitepaper
 
Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...
Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...
Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
 
20131009 aon security breach legislation
20131009 aon security breach legislation20131009 aon security breach legislation
20131009 aon security breach legislation
 
GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant?
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e book
 

More from Mathew Chacko

Overview of digital payments in india
Overview of digital payments in india Overview of digital payments in india
Overview of digital payments in india Mathew Chacko
 
Competition law and Joint Ventures
Competition law and Joint Ventures Competition law and Joint Ventures
Competition law and Joint VenturesMathew Chacko
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill Mathew Chacko
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 
Video on Demand: Indian Law
Video on Demand: Indian LawVideo on Demand: Indian Law
Video on Demand: Indian LawMathew Chacko
 
The defence india start up challenge
The defence india start up challengeThe defence india start up challenge
The defence india start up challengeMathew Chacko
 
Anatomy of a simple India - Delaware flip
Anatomy of a simple India - Delaware flip Anatomy of a simple India - Delaware flip
Anatomy of a simple India - Delaware flip Mathew Chacko
 
Online wallets: part 2 (compliance)
Online wallets: part 2 (compliance) Online wallets: part 2 (compliance)
Online wallets: part 2 (compliance) Mathew Chacko
 
Spice Route Legal Data Protection & Privacy Update
Spice Route Legal Data Protection & Privacy UpdateSpice Route Legal Data Protection & Privacy Update
Spice Route Legal Data Protection & Privacy UpdateMathew Chacko
 
The Law on Token sales
The Law on Token salesThe Law on Token sales
The Law on Token salesMathew Chacko
 
Blockchain & the law 101
Blockchain & the law 101Blockchain & the law 101
Blockchain & the law 101Mathew Chacko
 

More from Mathew Chacko (18)

Overview of digital payments in india
Overview of digital payments in india Overview of digital payments in india
Overview of digital payments in india
 
Abuse of dominance
Abuse of dominanceAbuse of dominance
Abuse of dominance
 
Competition law and Joint Ventures
Competition law and Joint Ventures Competition law and Joint Ventures
Competition law and Joint Ventures
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
 
Blockchain (2019)
Blockchain (2019)Blockchain (2019)
Blockchain (2019)
 
Video on Demand: Indian Law
Video on Demand: Indian LawVideo on Demand: Indian Law
Video on Demand: Indian Law
 
An eye in the sky?
An eye in the sky? An eye in the sky?
An eye in the sky?
 
The defence india start up challenge
The defence india start up challengeThe defence india start up challenge
The defence india start up challenge
 
Anatomy of a simple India - Delaware flip
Anatomy of a simple India - Delaware flip Anatomy of a simple India - Delaware flip
Anatomy of a simple India - Delaware flip
 
Online wallets: part 2 (compliance)
Online wallets: part 2 (compliance) Online wallets: part 2 (compliance)
Online wallets: part 2 (compliance)
 
Wallets an overview
Wallets an overviewWallets an overview
Wallets an overview
 
ICOs: A Primer
ICOs: A Primer ICOs: A Primer
ICOs: A Primer
 
Transparency gdpr
Transparency gdprTransparency gdpr
Transparency gdpr
 
Spice Route Legal Data Protection & Privacy Update
Spice Route Legal Data Protection & Privacy UpdateSpice Route Legal Data Protection & Privacy Update
Spice Route Legal Data Protection & Privacy Update
 
consent:gdpr
consent:gdprconsent:gdpr
consent:gdpr
 
The Law on Token sales
The Law on Token salesThe Law on Token sales
The Law on Token sales
 
Blockchain & the law 101
Blockchain & the law 101Blockchain & the law 101
Blockchain & the law 101
 

Recently uploaded

如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书FS LS
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书SD DS
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaAbheet Mangleek
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxAbhishekchatterjee248859
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiBlayneRush1
 
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书SD DS
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一st Las
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxKUHANARASARATNAM1
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书SD DS
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书SD DS
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书SD DS
 
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionNilamPadekar1
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书Fir sss
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxsrikarna235
 
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》o8wvnojp
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesHome Tax Saver
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书Fir sss
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 

Recently uploaded (20)

如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in India
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptx
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
 
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
 
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 sedition
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
 
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
 
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Serviceyoung Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax Rates
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 

The long arm of the gdpr

  • 1. THE LONG ARM OF THEGDPR THE EXTRATERRITORIAL EFFECT
  • 2. ARTICLE 3 TERRITORIAL SCOPEOF THEGDPR – It applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the EU, regardless of whether the processing takes place in the Union or not. – The GDPR applies to the processing of personal data of data subjects who are in the EU by a controller or processor not established in the EU, where the processing activities are related to: – the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the EU; or – the monitoring of their behaviour as far as their behaviour takes place within the EU. – The GDPR applies to the processing of personal data by a controller not established in the EU, but in a place where a law of a member state applies by virtue of public international law.
  • 3. CRITERION 1: OFFERINGOF GOODSAND SERVICES – The mere accessibility of an establishment’s website in the EU is an insufficient factor. – The organization must ”envisage” that its activities will be directed to data subjects in the EU. – Factors to determine whether an organization offers goods and services include: – Use of a language or currency that is often used within one or more member states of the EU; – Possibility of ordering goods or services in the language of that member state; – The mention of customers or users within the EU.
  • 4. CRITERION 1: OFFERINGOF GOODSAND SERVICES – An intention to target EU customers may be determined by “patent evidence”, such as the payment of money to a search engine to facilitate access by those within a country or where targeted countries are designated by name. – Certain other factors may evidence the above-mentioned intention: – The “international nature” of the relevant activity (for example: certain tourist activities); – Use of telephone numbers with an international code; – Use of a top-level domain name other than that of the state in which the trader is established (such as .de or .eu); – Description of “itineraries…from countries to the place where the service is provided”; – Mentions of an “international clientele composed of customers domiciled in various countries”.
  • 5. CRITERION 2: MONITORING OF BEHAVIOUR – The following factors would help determine whether a processing activity could be considered ”monitoring behavior” of data subjects in the EU: – Are they tracked on the internet? – Are these persons profiled? – Does the profiling result in decisions concerning the person? – Does the profiling result in analyzing or predicting the person’s personal preferences, behaviours, attitudes, etc.? – Examples include: – online behavioural advertising; – travel data of individuals using a city’s public transport system (for example: tracking via travel cards); – profiling and scoring for the purposes of risk assessment (for example: credit scoring, insurance premiums, fraud prevention, detection of money-laundering); – location tracking; – monitoring of wellness, fitness and health data via wearable devices.
  • 6. REPRESENTATIVES – If an establishment offers goods or services to data subjects in the EU or monitor the behaviours of such data subjects, they need to appoint “representatives”. – Representatives should be appointed by a written mandate. – Representatives can be natural or legal persons. – These representatives should be established in countries where the data subjects are. – They are available locally to data subjects and act as intermediaries between them and the controller or processor located overseas. – There is an implication that representatives could be named as parties in administrative actions or litigation.
  • 7. EXCEPTIONS FOR APPOINTINGA REPRESENTATIVE – If the processing is occasional; – If it does not include processing, on a large scale, of special categories of personal data or the processing of personal data relating to criminal convictions and offences and if it is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; – If the controller is a public authority or body.
  • 8. ISSUESWITH ENFORCEMENT – The mechanism for overseas enforcement of the GDPR is currently unclear.
  • 9. ThankYou! If you have any questions, please reach out to aadya.misra@spiceroutlegal.com