Persondataforordningens internationale virkning over for tredjelande

Suitti Jeppesen & Ming Xia Jørgensen

Student thesis: Master thesis

Abstract

This thesis is about the upcomingEU’s General Data Protection Regulation (GDPR), which is going to be enforced on the 25thof May 2018,andhas impact onthe EU citizens, when they have given the personal information. The technological opportunity has changed radically since computer and internet came to the world,such aspeople exchanges information and personal data without thinking of theconsequences.The purpose of the GDPR is to strengthen and harmonize data protection for individuals in the EU. GDPR applies to all organizations worldwide handling personal data about citizens of the EU.Not all third countries outside the EU provide a corresponding level of protection, which could lead toprivacy violations and/or marketing abuse of the information. The thesis will examine whether the actual protection of EU citizens' information meets the theoretical protection provided by the Regulation for the transfer of personal data to subsidiaries operating in the EU,but transfers information to either subsidiaries in a third country outside EU cooperation or to parent companies in a third country outside EU cooperation.Similarly, the importance of the EU's principle of free movement of personal data has been taken into account and in comparison with the EU's international relations and trade, the principle has also been taken into account as the EU makes concrete assessments of the adequacy of all third countries' level of protection , so that there is no arbitrary decision on the matter. The results of our study show that the protection of personal data has been increased since 24 October 1995 when Directive 95/46 / EC was born and the improvement is supported by the adoption of the Regulation when harmonizing Union legislation in order to dilute the different interpretations of the Member States of what may apply to privacy, including the protection of personal data.The analysis by the Google Spain casefrom 2014shows that web service providers' affiliates registered in the Union will also be covered by the Regulation's definition of "data controller" and can therefore be held responsible for processing personal data. Further in the analysis by the Schrems case from 2015 isillustrated the relationship between the Safe Harbor Agreement in 2000 and EU-US Privacy Shield Framework in 2016. Safe-Haboris invalidated in the judgment, which leads to the US and EU entering intoEU-US Privacy Shield Frameworkto comply with the obligations deriving from the principles of Article 7 of the Charter on privacy and Article 8 on the protection of personal data.

EducationsMSc in Auditing, (Graduate Programme) Final Thesis
LanguageDanish
Publication date2018
Number of pages121
SupervisorsVishv Priya Kohli