One size doesn’t fit all: the General Data Protection Regulation vis-à-vis international commercial arbitration

Abstract

Abstract This article outlines potential issues posed by the European General Data Protection Regulation (GDPR) to international commercial arbitration proceedings and international arbitral institutions. The GDPR seeks to protect a natural person’s fundamental right against unlawful data processing. It applies widely and covers the processing of personal data in almost all types of services, irrespective of the nature of such service. The circumstances under which the GDPR allows for processing of personal data is limited to six categories. This article delves into the question of whether processing of personal data in an international commercial arbitration would be covered under this exhaustive list of lawful purposes. The analysis highlights how the application of the GDPR would present hurdles to commercial arbitration proceedings and global arbitral institutions, and argues that data protection laws must not be applied in a blanket manner without regard to the unique purposes of processing. The author also proposes necessary amendments to make room for the processing of personal data in private dispute resolution services such as arbitrations, and emphasizes on the need for special exemptions to allow administrative functions of arbitral institutions such as the ICC-Court of Arbitration as well. These exemptions are key to the functioning of private dispute resolution within Europe, and the expansion of arbitration as a form of private dispute resolution on a global scale.