Protection of Personal Data in Cyberspace: The EU-US E-Market Regime

Main Article Content

Tossapon Tassanakunlapan Milagros Alvarez Verdugo


 The goal of this article is studying the provision and implementation of Personal Data Protection in the EU-US Bloc, in order to initiate an International or Universal Regime.

Firstly, it reviews the old regime, which was enacted before the reformation process of EU and US. It shows that the legal consequences of each agreement will be different because their legal nature depends on their launching institution. The different scopes on actors and jurisdiction are critical; IT corporations are multi-national legal persons, under the appliance of the law of specific territory but their activities are trans-border. Moreover, these instruments have been created for decades so there are some out-of date provisions maintained in those legal documents. The implementation of data subjects’ rights is increasingly complicated because data is decentralized and under the control of various organizations, private companies and state authorities. Furthermore, the data controller/processor has relationship with state authorities, or the existences of a conflict of interests. Hence, the individual’s appeal for remedy is complex as well as the monitoring of duty bearer practice. The hard cases are presented in many court cases of the US Courts and Court of Justice of European Union, and in official reports of competent organizations.

Right to personal data protection often deals with the relationship between exercise of rights and state of emergency or prosecution of criminal and terrorism. As state authorities and courts weight up the reasons for accessing certain data and the potential effect on an individual of such state surveillance, a better necessary precondition and proportionate solution must be provided. The EU had launched set of regional instruments in 2016. Nonetheless, the problems come from US entities, intelligence authorities and IT corporations, which are subjects under US national security laws. Accordingly, the rights of global netizens are in the realm of US jurisdiction when their personal data is transferred and it may be compromised by US Government. Thus, US was contracted to agree on bilateral instruments with the EU concerning the harmonization of data protection policies, as trade partner in a single e-market, as well as the earlier responses US took for supporting EU data subjects. These reforms of EU and EU-US regime could be extracted or used, as a model, for initiating a universal regime.


Article Details

How to Cite
Tassanakunlapan, T., & Verdugo, M. (2018). Protection of Personal Data in Cyberspace: The EU-US E-Market Regime. ASEAN Journal of Legal Studies, 1(1), 51-71. Retrieved from
Academic Articles


Boehm, Franziska. "Confusing Fundamental Rights Protection in Europe: Loopholes in Europe’s Fundamental Rights Protection Exemplified on European Data Protection Rules." University of Luxembourg, Law Working Paper Series, Paper no. 2009-01, 2009.
Bowden, Caspar. “Directorate General For Internal Policies.” The US Surveillance Programmes and Their Impact on EU Citizens' Fundamental Right, European Parliament, Brussels, 2013.
Busby, Scott. “State Department on Internet Freedom at RightsCon”, 4 Mar. 2014, state-department-on-internet-freedom-at-rightscon/. Accessed 14 Nov. 2015.
Cate, Fred H. "The Failure of Fair Information Practice Principles." Consumer Protection in the Age of the Information Economy, 2006.
CJEU. Case C-131/12 Google Inc. v Agencia Española de Protección de Datos. 13 May 2014.
CJEU. Case C-362/14 Maximillian Schrems v Data Protection Commissioner. 6 Oct. 2015, para. 95.
CJEU. ECLI:EU:C:2014:238 Joined cases C-293/12 and C-594/12, Digital Rights Ireland (C-293/12) and Seitlinger (C-594/12). 2014.
De Hert, Paul and Papakonstantinou, Vagelis. "Three Scenarios for International Governance of Data Privacy: Towards an International Data Privacy Organization, Preferably a UN Agency." ISJLP, vol. 9, 2013.
De Hert, Paul and Schreuders, Eric. "The Relevance of Convention 108." Proceedings of the Council of Europe Conference on Data Protection, Warsaw, 2001.
DLA Piper. "EU General Data Protection Regulation - Key Changes | DLA Piper Global Law Firm." Accessed 14 Jan. 2017.
Dowling Jr, Donald C. "Preparing to Resolve Us-Based Employers' Disputes under Europe's New Data Privacy Law." J. Alt. Disp. Resol., vol. 2, 2000.
Dowling Jr, Donald C. “International Data Protection and Privacy Law.” Practising Law Institute treatise International Corporate Practice, 2009.
Eberlein, Burkard and Newman, Abraham L. "Escaping the International Governance Dilemma? Incorporated Transgovernmental Networks in the European Union." Governance, vol. 21, no. 1, 2008.
EU. Directive 95/46/EC. 1995.
EU. General Data Protection Regulation. 2016.
European Commission. Agreement on Commission’s EU Data Protection Reform Will Boost Digital Single Market. Brussels, 15 Dec. 2015.
European Commission. Communication From The Commission to The European Parliament and The Council Transatlantic Data Flows: Restoring Trust through Strong Safeguards, COM(2016) 117 final. Brussels, 29 Feb. 2016.
European Commission. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions: The European Agenda on Security, COM(2015) 185 final. Strasbourg, 28 Apr. 2015.
European Commission. EU Commission and United States agree on new framework for transatlantic data flows: EU-US Privacy Shield. Strasbourg, 2 Feb. 2016.
European Commission. EU Data protection reform on track: Commission proposal on new data protection rules in law enforcement area backed by Justice Ministers. Luxembourg, 9 Oct. 2015.
European Commission. EU Data protection reform on track: Commission proposal on new data protection rules in law enforcement area backed by Justice Ministers. Luxembourg, 9 Oct. 2015.
European Commission. European Commission launches EU-U.S. Privacy Shield: stronger protection for transatlantic data flows. Brussels, 12 July 2016.
European Commission. EU-U.S. Privacy Shield: Frequently Asked Questions. Brussels. 29 Feb. 2016.
European Commission. Questions and Answers - Data protection reform, Brussels. 21 Dec. 2015.
European Commission. Questions and Answers on the EU-US data protection "Umbrella agreement". Brussels, 1 Dec. 2016.
European Commission. Restoring Trust in EU-US data flows - Frequently Asked Questions. Brussels, 27 Nov. 2013.
European Data protection Supervisor. Opinion 1/2016. 12 Feb. 2016, p. 43.
Fahey, Elaine and Curtin, Deirdre. A Transatlantic Community of Law: Legal Perspectives on the Relationship between the EU and US Legal Orders. Cambridge University Press, UK, 2014.
Farrell, Henry. "Constructing the International Foundations of E-Commerce—the EU-US Safe Harbor Arrangement." International Organization, vol. 57, no. 02, 2003, p. 278.
Galetta, Antonella and De Hert, Paul. A European perspective on data protection and access rights. Vrije Universiteit, Brussel, 2013.
Gavilán, Elisa U. "Derechos Fundamentales Versus Vigilancia Masiva. Comentario a La Sentencia Del Tribunal De Justicia (Gran Sala) De 6 De Octubre De 2015 En El Asunto C-362/14 Schrems." Revista de Derecho Comunitario Europeo, no. 53, 2016.
Global Privacy Counsel. Article 29 Working Party Letter to Mr. Peter Fleischer on Google. 16 May 2007.
Greenleaf, Graham. "Sheherezade and the 101 Data Privacy Laws: Origins, Significance and Global Trajectories." Journal of Law, Information & Science, 2013.
Grimm, Dieter. “Der Datenschutz vor einer Neuorientierung” Juristenzeitung, 2013.
Human Rights Committee. Communication No.488/1992 Toonan v Australia. 1992
Human Rights Committee. Communication No.903/1999. 1999.
Human Rights Committee. Communication No.1482/2006. 2006.
Hunton&Williams. Overview of the EU General Data Protection Regulation. 2016.
Ingram, Mick."Google Publishes Figures on Government Requests for Data" World Socialist Web Site, 26 Apr. 2010, Accessed 31 Oct. 2013.
Kerr, Orin S. “The Fourth Amendment and the Global Internet.” GWU Law School Public Law Research Paper No. 2014-30, 2014.
Kirby, Michael. "The History, Achievement and Future of the 1980 Oecd Guidelines on Privacy." International Data Privacy Law, vol. 1, no. 1, 2011.
Kokott, Juliane and Sobotta, Christoph. "The Distinction between Privacy and Data Protection in the Jurisprudence of the Cjeu and the Ecthr." International Data Privacy Law, vol. 3, no. 4, 2013.
Korff , Douwe. "EU-US Umbrella Data Protection Agreement : Detailed Analysis by Douwe Korff." European Area of Freedom Security & Justice, 14 Oct. 2015, Accessed 12 Apr.2017.
Kuczerawy, Aleksandra and Coudert, Fanny. "Privacy Settings in Social Networking Sites: Is It Fair?." IFIP PrimeLife International Summer School on Privacy and Identity Management for Life, Springer, New York, 2010, pp. 237–238.
Kuner, Christopher. "An International Legal Framework for Data Protection: Issues and Prospects." Computer law & security review, vol. 25, no. 4, 2009, p. 307.
Kuner, Christopher. "European Data Protection Law." Corporate Compliance and Regulation, Oxford University Press, UK, 2007, ch.2.37.
Kuner, Christopher. "Regulation of Transborder Data Flows under Data Protection and Privacy Law: Past, Present, and Future." TILT Law & Technology Working Paper No. 016/2010, 2010.
Lopez-Tarruella, Aurelio. "Introduction: Google Pushing the Boundaries of Law." Google and the Law, Springer, 2012.
Masing, Johannes. "Herausforderungen Des Datenschutzes." Neue Juristische Wochenschrift, vol. 65, no. 33, 2012.
Mendel, Toby et al. Global Survey on Internet Privacy and Freedom of Expression. UNESCO, Paris, 2012.
Metcalf, Katrin N. "Legal Aspects of Privacy Law and Data Protection." The Right to Privacy as a Human Right and Everyday Technologies, Institute of Human Rights NGO, 2014.
Milanovic, Marko. "Human Rights Treaties and Foreign Surveillance: Privacy in the Digital Age." Harv. Int'l LJ, vol. 56, 2015.
Moraes, Claude. “Working Document on the US and EU Surveillance programmes and their impact on EU citizens fundamental rights.” LIBE Committee Inquiry on electronic mass surveillance of EU citizens, Justice and Home Affairs, 2013.
Nowak, Manfred. United Nations Covenant on Civil and Political Rights: Ccpr Commentary. Engel, Lancaster, 1993.
Obama, Barack. US Presidential Policy Directive 28 – Signals Intelligence Activities. The White House Office of the Press Secretary, 17 Jan. 2014.
Omtzigt, Pieter. Mass Surveillance DOC.13734. Committee on Legal Affairs and Human Rights Session, Brussels, 2015.
Raab, Charles D. "Information Privacy: Networks of Regulation at the Subglobal Level." Global Policy, vol. 1, no. 3, 2010.
Ramos, Mario H. "Una Vuelta De Tuerca Más a Las Relaciones En Materia De Protección De Datos Entre La Ue Y Los Estados Unidos: La Invalidez De La Decisión Puerto Seguro." Revista General de Derecho Europeo, no. 39, 2016.
Reding, Viviane. "The Upcoming Data Protection Reform for the European Union." International Data Privacy Law, vol. 1, 2011, pp. 3-5.
Rivero, Álvaro F. "Right to Be Forgotten in the European Court of Justice Google Spain Case: The Right Balance of Privacy Rights, Procedure, and Extraterritoriality." European Union Working Papers, no.19, Stanford-Vienna Transatlantic Technology Law Forum, 2017.
Schmitt, Desirée. "Taking a Look at Two Cases in the Margin of the CJEU’s “Privacy Spring”, before and after the General Data Protection Regulation: Weltimmo and Bara." Jean-Monnet-Saar, 2016, Accessed 10 Jan. 2017.
Stepanovich, Amie and Mitnick, Drew and Robinson, Kayla. “United States: the necessary and proportionate principle and US Government.” Global Information Society Watch 2014: Communication Surveillance in Digital Age, 2014.
UN. A/HRC/RES/17/4. 2011.
European Council Regulation (EC) 44/2001 of 22 December 2000 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters, [2001] OJ L12/1.
United States Court of Appeal Second Circuit. Case 678 F.3d Electronic Privacy Information Center v. National Security Agency. 2012.
United States District Court for the District of Columbia, Case 11-5233 EPIC vs. NSA. Document #1373260. 05 Nov. 2012.
United States District Court for the District of Columbia, Case 957 F. Supp. 2d 1 Klayman v. Obama. 16 Dec. 2013.
Weiss, Martin A and Archick, Kristin. "US-EU Data Privacy: From Safe Harbor to Privacy Shield." Congressional Research Service, 2016.
Working Party Article29. Opinion 01/2016 on the EU – U.S. Privacy Shield draft adequacy decision. 13 Apr. 2016.
Working Party Article29. Statement of the Working Party 29 on the EU – U.S. Umbrella Agreement. Brussels, Oct. 2016.