On November 12, 2019, The European Data Protection Board (EDPB) adopted a final version of Guidelines 3/2018 on the territorial scope of the General Data Protection Regulation (GDPR) (the Guidelines). The Guidelines, initially adopted on November 16, 2019, were finalized after a period of open public consultation which ran until January 18, 2019, as previously reported by the E-TIPS® Newsletter here.
The Guidelines aim to provide a common interpretation of the GDPR when assessing whether a particular processing activity by a controller or a processor falls within the territorial scope of the GDPR. The GDPR’s territorial scope is based on two main criteria: the establishment criterion and the targeting criterion. As a result of these two criteria, businesses which did not previously need to consider the applicability of EU data protection law to their processing activities may now be caught within the GDPR’s scope. The Guidelines provide further clarification on the application of the establishment criterion and the targeting criterion by providing examples where the data controller or processor is established outside the European Union.
Summary By: Jae S. Morris
Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.
E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.