Document Type : Original Article

Authors

• Mohammad Ali Sharifi Kia ¹
• Farideh Shabani Jahromi ²

¹ M.Sc. in international law , law faculty , university of Tehran, Iran.

² Assistant Professor, faculty of law, university of Tehran, Iran.

Abstract

The need to protect users' personal data in cyberspace is inevitable nowadays, thus governments and regional and international mechanisms such as the European Union have also taken legislative actions in this regard. On the other hand, the interpretation of the framework of laws adopted within the European Union is that the implementation of these laws is also limited to the territory of the constituent states of this regional body, while the provisions of the latest European Data Protection Document (GDPR: 2016) shows that it has extraterritorial character and can be applied outside the borders of the union. Therefore, this study uses a descriptive analytical method to examine the text of this document and its previous version (DPD: 1995), and the most important cases before the European Union Court of Justice regarding the transfer of European users’ personal data to the United States of America to clarify the possibility of cross-border application of this document in non-EU countries. Finally, the findings of the present study indicate that due to the significant political and economic power of the Union, the large number of European users in the Internet space, interpretations and opinions provided by the European Court, history of data transfer mechanisms between Europe and the United States, as well as the administrative mandates provided in this document, it can be said that in practice this regulation has extraterritorial character and is applied outside the union.

Keywords

• Extraterritorial enforcement of European laws
• Personal data protection
• Data Protection Directive (1995)
• General Data Protection Regulations (2016)
• United States of America