Proceedings of the 3rd International Conference on Law and Governance (ICLAVE 2019)

Extraterritoriality of Data Protection: GDPR and Its Possible Enforcement in Indonesia

Authors
Indriana Pramesti, Arie Afriansyah
Corresponding Author
Indriana Pramesti
Available Online 27 March 2020.
DOI
10.2991/aebmr.k.200321.012How to use a DOI?
Keywords
data protection, GDPR, extraterritoriality, data protection law enforcement, jurisdiction
Abstract

The expansion of communication technology entails the free flows of data beyond and across borders. Jurisdiction based on territoriality is seen by an increasing number of countries to be longer sufficient when it comes to data transfer governance, and data privacy in particular. The European Union’s General Data Protection Regulation or GDPR is by far the most innovative and comprehensive set of data rules, which, aside from imposing high standards of data protection, introduces extraterritorial application to controller and processor outside the EU. Questions are raised regarding the legality of EU legislator decision to regulate non-EU actors and activities. But the biggest question remains: how such regulation can be enforced in third countries. This paper examines the enforcement of extraterritorial application of GDPR, in particular the provision of Art. 3 (1) and Art. 3 (2), by reviewing from the perspective of international law as well as domestic law. Alternative strategies deployed by EU regulators to promote compliance with the GDPR will also be discussed. Prescriptive jurisdiction and enforcement jurisdiction will be distinguished so as to give clarity on the extent of power a state has in terms of application of laws. States are permitted under International law to prescribe, in its own jurisdiction, legislation that regulate matters outside of its own territory. However, they are limited by the international law to enforce such regulation in the territory of other country without said country’s consent. As Indonesia is not a party to any treaty governing enforcement of judgement and actions of foreign authority nor it permits, based on its laws, the same, it is unlikely that court decision or sanctions from European authority can be enforced in Indonesia. However, alternative strategies deployed by the EU regulators, particularly the data adequacy requirement may drive compliance among Indonesian entity.

Copyright
© 2020, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

Volume Title
Proceedings of the 3rd International Conference on Law and Governance (ICLAVE 2019)
Series
Advances in Economics, Business and Management Research
Publication Date
27 March 2020
ISBN
10.2991/aebmr.k.200321.012
ISSN
2352-5428
DOI
10.2991/aebmr.k.200321.012How to use a DOI?
Copyright
© 2020, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - CONF
AU  - Indriana Pramesti
AU  - Arie Afriansyah
PY  - 2020
DA  - 2020/03/27
TI  - Extraterritoriality of Data Protection: GDPR and Its Possible Enforcement in Indonesia
BT  - Proceedings of the 3rd International Conference on Law and Governance (ICLAVE 2019)
PB  - Atlantis Press
SP  - 83
EP  - 94
SN  - 2352-5428
UR  - https://doi.org/10.2991/aebmr.k.200321.012
DO  - 10.2991/aebmr.k.200321.012
ID  - Pramesti2020
ER  -