Abstract
The entry into application of the EU General Data Protection Regulation (GDPR) on May 25, 2018 has raised questions about its impact on data processing by intergovernmental organizations that operate under public international law (referred to here as international organizations or IOs). EU data protection law can have impact beyond EU borders, and the global reach of EU law is a well-recognized phenomenon. The GDPR contains numerous references to IOs but does not state whether it applies to them, and this uncertainty has led to tensions between IOs and the European Commission. The issues surrounding IOs’ processing of personal data show how the GDPR can give rise to unexpected questions under public international law, and illustrate the need for greater engagement between EU law and international law.
Highlights
The entry into application of the EU General Data Protection Regulation (GDPR) on May 25, 2018 has raised questions about its impact on data processing by intergovernmental organizations that operate under public international law
Privileges and immunities of IOs outside the UN system derive most frequently from bilateral agreements between IOs and states, and determining their application to the GDPR is complicated by the fact that in such cases privileges and immunities are granted by the member states and not by the EU. (Privileges and immunities of IOs deriving from national legislation or from customary international law will not be discussed here.) The GDPR does not mention the privileges and immunities of IOs, and not all member states have granted them to all IOs
Beyond the practical issues that arise under the GDPR, its impact on IOs shows that there is a lack of clarity surrounding the interaction between EU law and public international law, and illustrates the tension between the traditional functionalist approach to the governance of IOs and the modern trend towards greater accountability.[21]
Summary
The entry into application of the EU General Data Protection Regulation (GDPR) on May 25, 2018 has raised questions about its impact on data processing by intergovernmental organizations that operate under public international law (referred to here as international organizations or IOs). EU data protection law can have impact beyond EU borders, and the global reach of EU law is a well-recognized phenomenon.[1] The GDPR contains numerous references to IOs but does not state whether it applies to them, and this uncertainty has led to tensions between IOs and the European Commission. The issues surrounding IOs’ processing of personal data show how the GDPR can give rise to unexpected questions under public international law, and illustrate the need for greater engagement between EU law and international law
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have