Building trust in the Digital Age: The Extraterritorial Reach of Data Protection

The extraterritorial application of EU data protection law is welcomed by many as enhancing individuals’ trust as to the protection of their data in a globalized world. However, there is considerable diversity internationally about the appropriate balance between data protection and privacy on the one hand and freedom of expression and information on the other. Unilaterally determining this balance can jeopardize the trust of external actors in the EU’s commitment to transparency and free movement of data. Within this context, the paper analyses CJEU cases that have enabled the extraterritorial reach of EU law and a recent attempt to limit it as regards the right to be forgotten. The constraining approach may partly restore external trust, but also raises questions about the EU’s promise to protect privacy rights against tech giants thus undermining individuals’ trust. Trust is thus multi-dimensional and the CJEU plays a key role in enhancing and breaking trust at different fronts.