The Thesis focuses on the legal perspective of Transnational Data Protection. Here, the scope of the thesis is limited to the provisions and interdependencies of the European Union (EU). Matters of national legislation of EU Member States are implicitly mentioned or characterized but not within the scope of the thesis.
Within the current business as well as administrative environment the topic of data protection is a crucial factor for business, public reception and security. The Snowden incident, the Safe Harbor Ruling of the European Court of Justice and ultimately the introduction of the new European General Data Protection Regulation in May 2018 poses potential threat scenarios for businesses and require responsive actions on the respective management level. While the importance of data protections is now an omnipresent and a commonly known issue, it is still a rather neglected topic. It often bears the stigma of nuisance and implies costly implementation of measures and processes.
Nonetheless, corporations, companies, businesses and governmental agencies have to adhere to data protection regulations, the demands of the digitalization and social pressure. Therefore, the abidance by Data Protection Law has incrementally gained a more essential role within company’s and administration’s structures during the last years. This is especially true for transnational contexts. Here, Data Protection Management encompasses privacy compliance and organizational privacy management as part of the information security risk management. Essentially the objective and responsibility of Data Protection Management in the context of transnational data flows in the EU are based in its the legal framework.
Within the current business environment the topic of data protection is a crucial factor for business, public reception and security. Businesses and governmental agencies have to adhere to data protection regulations. Therefore, the abidance by Data Protection Law has gained a more essential role within company’s and administration’s structures. This is especially true for transnational contexts. Data Protection encompasses privacy compliance and management as part of the information security risk management.
Table of Contents
1. Introduction
2. The economic relevance of data protection
2.1 Economic Analysis
2.2 Digitalization and hyper-connectivity
2.3 Big Data and Data Analytics
2.4 Economics of Cyber Crime and the Counter-Market of Security
2.5 Future Scenarios of the Management Project
2.5.1 Scenario: Medical Data
2.5.2 Scenario: Financial Data
2.6 Implication for Businesses: Compliance with legal standards can be a unique selling point
3. Data Protection Traditions - protecting and securing data
3.1 Origin of Data Protection
3.2 Approaches to Data Protection
3.2.1 Comprehensive Laws
3.2.2 Sectoral Laws
3.2.3 Self-Regulation
3.2.4 Regulation through technology
3.3 Implication for Businesses: Clash of legislations and need for harmonization
4. Legal Grounds for processing and transfer – Data Protection in the European Union
4.1 Overview of the legal system in regard to Data Protection
4.1.1 The European Convention on Human Rights
4.1.2 Council of Europe Convention 108
4.1.3 Interim Conclusion: Direct impact of ECHR and Convention 108 on international data flow regulation
4.1.4 European Union data protection law
4.1.5 Implication for Businesses: Data protection framework influences the construction and development of the European Data Protection legislation
4.1.6 European Data Protection Directive
4.1.7 General Data Protection Regulation
4.2 Implication for Businesses: Transnational applicability and comprehensive framework of requirements
5. Applicable law and Conflict-of-law for data protection issues
5.1 Rome I
5.1.1 Territorial Scope
5.1.2 Conflict-of-Law
5.2 Rome II
5.2.1 Territorial Scope
5.2.2 Conflict-of-Law
5.3 Data Protection Directive and Rome I and II Regulations
5.3.1 Differentiation by nature and scope
5.3.2 Lex Specialis
5.4 General Data Protection Regulation and Rome I and II Regulations
5.5 Brussels I Regulation
5.5.1 Territorial Scope
5.5.2 Conflict-of-law
5.6 General Data Protection Regulation and Brussels I
5.7 Implication for Businesses: The Market Place Principle opens the world-wide applicability of European Data Protection
6. International transfer of personal identifiable data
6.1 Adequacy Decision and accepted treaty
6.2 Excursus: Transfer of personal identifiable data between the EU and the US
6.2.1 Safe Harbor
6.2.2 EU-U.S. Privacy Shield
6.2.3 Intermediary Results of the Analysis
6.3 Contractual Clauses
6.4 Binding Corporate Rules
6.6 Implication for Businesses: International transfer of customer data and employee data
7. Further practical implication of Transnational Data Protection
7.1 Transnational Negotiations – Always implied Data Protection issues?
7.2 Competencies necessary for Transnational Data Protection
8. Conclusion
Research Objective and Scope
This master thesis examines the legal implications of the European General Data Protection Regulation (GDPR) for transnational business models and international data transfers, focusing on how organizations must adapt their processes to comply with the EU's evolving data protection framework.
- Analysis of the economic relevance and business impact of data protection and cybersecurity.
- Evaluation of the EU legal framework for data protection, including conventions and directives.
- Examination of conflict-of-law issues, including the Rome I, Rome II, and Brussels I regulations in relation to data protection.
- Assessment of the requirements and mechanisms for the international transfer of personal identifiable data.
Excerpt from the Book
2.4 Economics of Cyber Crime and the Counter-Market of Security
The described tendencies allocate a high value to personal identifiable data. Subsequently, the accumulation and use of data are prone to missuses and even criminal actives. While crime is not considered something that is abstinent from the business world, it is also seldom realized as its own economy. Furthermore, it is – as a market – not necessarily associated with digitalization.
A criminal act is considered any behavior that deviates from societal norms, crosses the boundaries of ethical and lawful behavior, and is sanctioned by a governmental authority. As such criminal behavior is often associated with the aspect of punishment, fines, and imprisonment.
Any association to economics and business is often limited to crime happening in a certain business environment. However, crime in itself can be considered a market and thus bound to economic principles.
Within the “crime market” any individual player is motivated by the rational maximization of utility (Eide et alt., 2006). This assumption is based upon the principle of rational choice, meaning that any individual acts rationally to maximize expected utility and that this utility is “a positive function of income” (ibid). This leads to a very simplistic economic model: Any endeavor that has a greater income than zero after subtraction of costs is profitable (Segura & Lahuerta, 2010). It is a simple cost-benefit principle (Li et alteri, 2006). This model transfers the rational choice assumptions to criminal activity.
Summary of Chapters
1. Introduction: Outlines the increasing importance of data protection in modern business and states the core research question regarding the impact of the GDPR on transnational business models.
2. The economic relevance of data protection: Analyzes the economic value of data protection, the impact of digitalization, and how cybercrime operates as a market, necessitating security measures.
3. Data Protection Traditions - protecting and securing data: Explores historical origins of data protection and various legislative approaches, such as comprehensive laws versus self-regulation.
4. Legal Grounds for processing and transfer – Data Protection in the European Union: Provides a comprehensive overview of the EU's data protection legal framework, focusing on the transition from the Data Protection Directive to the GDPR.
5. Applicable law and Conflict-of-law for data protection issues: Contextualizes the GDPR within broader legal principles, specifically examining how Rome I, Rome II, and Brussels I regulations address international data protection disputes.
6. International transfer of personal identifiable data: Discusses mechanisms for transferring data to third countries, including adequacy decisions, contractual clauses, and binding corporate rules.
7. Further practical implication of Transnational Data Protection: Addresses practical challenges for businesses, such as data protection during negotiations and the need for intercultural competence among legal teams.
8. Conclusion: Summarizes the thesis, emphasizing that the GDPR acts as a guiding example for the international marketplace while imposing high compliance obligations on businesses.
Keywords
GDPR, Data Protection, Transnational Business, Personal Identifiable Data, Cybercrime, European Union, Conflict of Law, Privacy, Compliance, Data Transfer, Digitalization, Data Protection Officer, Accountability, Consumer Protection, Legal Framework.
Frequently Asked Questions
What is the core focus of this thesis?
The thesis examines the legal and economic implications of the European General Data Protection Regulation (GDPR) for international business models that rely on cross-border data flows.
What are the central themes of the work?
Key themes include the economic impact of data protection, the evolution of EU data protection legislation, the intersection of data protection with conflict-of-law rules, and the practical challenges of international data transfers.
What is the primary research question?
The research aims to answer how the European General Data Protection Regulation impacts transnational business models and their management of data transfers.
Which scientific methods are employed?
The work utilizes a legal analysis of EU regulations and directives, alongside an economic perspective using frameworks like the STEP analysis and Porter's Five Forces to evaluate the market for data protection.
What does the main part of the work cover?
The main body covers the economic relevance of data, historical traditions of data protection, the hierarchy of EU data protection laws, mechanisms for international transfers, and the practical application of GDPR in corporate environments.
How can this work be characterized by its keywords?
It is characterized by terms such as GDPR, transnational business, data transfers, compliance, conflict-of-law, and privacy by design, reflecting its focus on both the legal and managerial aspects of data protection.
How does the GDPR affect companies outside the EU?
The thesis explains that the GDPR's territorial scope extends to non-EU organizations when they offer goods or services to, or monitor the behavior of, data subjects located within the European Union.
What is the "Market Place Principle" mentioned in the work?
It refers to the concept that the GDPR's influence extends beyond EU borders, effectively requiring organizations worldwide to comply if they target individuals residing within the European Union.
- Arbeit zitieren
- Jan Alexander Linxweiler (Autor:in), 2017, Transnational Data Protection, München, GRIN Verlag, https://www.grin.com/document/988690
