Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: extraterritoriality

Posted in International/EU Privacy

EDPB’s Common Sense Approach to the GDPR’s Territorial Scope

The EU General Data Protection Regulation is now a fully functioning six-month old creature, which has brought with it significant evolutionary changes. One of the most notable innovations of the new European data protection framework is its ambitious extra-territorial application. The introduction of brand new grounds for the applicability of the law was a major development. As a result, and as essential as this is, the GDPR’s territorial scope of application has become one of the most difficult issues to pin down. Therefore, the publication of the European Data Protection Board’s draft guidelines on the territorial scope of the GDPR marks an important milestone in understanding the implications of this influential framework.

Posted in Consumer Privacy, International/EU Privacy, Privacy & Security Litigation

Second Circuit Holds That U.S. Cannot Compel By Warrant Microsoft’s Production of Emails Stored Outside of U.S., Citing The Stored Communications Act’s Privacy Protections and Lack of Extraterritorial Effect

A three-judge panel of the U.S. Court of Appeals for the Second Circuit today unanimously reversed a lower court’s denial of Microsoft’s motion to quash a warrant seeking the content of emails for a customer of its Outlook.com email service. The decision is surprising in that that U.S. courts, including the Second Circuit, have traditionally enforced government process seeking documents or data stored abroad from entities that have control over the information under the test of “control, not location.” This case could have a significant impact on cloud providers’ decisions to store information abroad. It also serves, in the midst of debates about the newly enacted Privacy Shield and the recent challenge to Standard Contractual Clauses now before the Court of Justice of the European Union, as a counterbalance to arguments that some make about the U.S. legal system not respecting personal privacy.