Does the GDPR apply beyond the EU borders?

4 · 06 · 22

In some cases yes.

The #GDPR has 3 criteria to determine the territorial scope of application

• Establishment criterion: Processing in the context of activities of an establishment of a controller or processor in the EU (art. 3(1) GDPR)

• Targeting criterion: Foreign controllers and processors that process personal data of DS in the EU (art. 3(2) GDPR)

• Foreign controller subject to EU law (not generally relevant)

According to the Targeting Criterion, a controller established in a non-EU country will be subject to the GDPR if:

• offers goods or services to data subjects in the EU
• monitor the behaviour of data subjects in the EU

Do foreign controllers subject to GDPR have additional obligations?
• They must comply with GDPR (e.g. principles and legal basis)
• They must also appoint a representative in the EU (art. 27 GDPR)

For instance, Clearview AI was fined, among other reasons, for not appointing a representative in the EU (€600.000)

Data protection law in charts_Marengo_2021.v2-30

← Prev. Post Next Post →

Does the GDPR apply beyond the EU borders?

Categories

Latest news

Norwegian Datatilsynet on synthetic data

Not all AI is ML: ISO TR 24372:2021

People-centric approaches to algorithmic explainability (TTC Labs)

Related Posts

Utah Consumer Privacy Act (UCPA) Signed into Law

Alternatives to Google Analytics

Council of Europe’s Guidelines on the Human Rights Impacts of Algorithmic Systems (2020)

Comments

0 comentarios

Contact

federico@qubitprivacy.com

Services