Judicial Jurisdiction over Internet Privacy Violations and the GDPR: a Case of ''Privacy Tourism''?

Abstract

This paper discusses the impact of art. 79(2) of the General Data Protection Regulation (GDPR) in international litigation over online privacy violations. The first part introduces the tendency of the European legislator to treat private international law problems in the field of data protection as isolated and independent from the traditional secondary private international law acts. The second part analyses the current status quo of international jurisdiction over online privacy violations according to Regulation 1215/2012. After briefly examining the eDate and Martinez ruling (joined cases C-509/09 and C-161/10), it concludes that the Court of Justice of the European Union has stretched the jurisdictional grounds of art. 7(2) Regulation 1215/2012 too far in order to afford strong protection to data subjects. In that sense, it raises doubts on whether art. 79(2) was necessary. Following this conclusion, it tries to explore the uneasy relationship of GDPR art. 79(2) with the jurisdictional regime established under Regulation 1215/2012. Instead of an epilogue, the last part tries to make some reflections on the impact of GDPR art. 79(2) in privacy litigation cases involving non-EU parties.