Research project Online platform trade and EU privacy safeguards
In this project, all aspects of the EU data protection regime are explored in the context of electronic commerce.
In addition to the general legal framework, data processing is governed by user terms and consumer rights as well as by rules on artificial intelligence and the EU digital services and market package. In particular, the liability for providers of online platforms and new machine interfaces are scrutinised.
Within online name spaces, the distinction between the internal market and external trade is blurred, and the project focuses on the territorial scope of EU law in the light of data location and transfers. Furthermore, the idea of a separate field of activities classified among “commerce” becomes increasingly illusory as customised services reaches into the private sphere, and the compartmentation in “digital” and “real life” services needs to be analysed in the light of robotization and the “internet of things”.
The EU's comprehensive legislative package on the Digital Single Market and Artificial Intelligence will be included in the analysis when it enters into force. The project is expected to result in a monograph that will be published by the end of 2023.
Project description
It is a common misunderstanding that the territorial scope of EU law with regard to the protection of personal data would be conditioned on the actual location of the data packets concerned at a given time. However, there are two reasons why the location of data packets and processing infrastructure is irrelevant. First of all, only natural and legal persons qualify as legal entities, and even if algorithms learn and refine their decision-making processes, law as we know it is an empty blow against the machines. Hence, the territorial scope of law is determined by the place where the natural or legal persons concerned are, as opposed to the location of servers, terminal devices or other data processing equipment. Secondly, the internet infrastructure allows automatic allocation of tasks in computer networks across the globe, and it is often difficult to back-track the location of data packets at a given time. Even if machines where accepted as legal entities, the territorial scope of EU law (or any other legal order) would be arbitrary in case the location of data packets would be the decisive criterion for applicability.
If either the data subject or an undertaking involved in the processing activity is in a Member State at the given time, it follows from the general effect criterion that EU law applies with regard to the data processing. Indeed, the fear of “extraterritorial applicability” or “legal colonisation” that results from the lack of a systematic analysis, is rebutted by the link to the Union that is required for EU law to apply. In fact, overlapping legal regimes in cyberspace is less of a problem than lawless internet domains. After all, regulation hinges on the possibility to enforce legal rights, and in that connection the Union seeks to ensure an adequate level of data protection and access to remedies also in third countries. As the European Court of Justice has annulled the European Commission’s decisions that cleared the US data protection regime in two seminal cases, the limelight moves to other bases for data transfers. Besides the general framework for data protection, the project addresses international trade agreements. Since the data subject is also a consumer of digital (platform) services in the context of e-commerce, the EU system for enforcement of consumer rights is investigated as an alternative route to justice. Whereas data processing by some platforms enable meetings between natural and legal persons far apart, other platforms make meetings between man and autonomous machines in real life possible. In order to channel the forces of commerce towards the objectives of the Union, competition law intervention against conduct with regard to processing of personal data may ultimately be necessary.
Project members
Project managers
Claes Granmar
Universitetslektor, docent
Publications
To be published:
Claes Granmar, "A reality check of the Schrems saga", Nordic Journal of European Law, 2021
More about this project
Funding
The project began in 2018 at the Institute for European and Comparative Law (IECL), Oxford University, with scholarship funding from the Faculty of Law at Stockholm University, and continued thereafter at Melbourne Law School, Australia, with suport from a Docent Scholarship from Stockholm University.
Currently, the project is funded by the position as a associate professor at Stockholm University.
Related events and happenings
In June 2018, Claes Granmar organised an interdisciplinary conference on artificial intelligence and fundamental rights with scholars in the fields of law, social science and philosophy from Europe, Australia and Canada.
As a result of the multidimensional and fruitful discussions the anthology "AI and Fundamental Rights" was published.