Borders and Bits

Media and Content, Privacy and Security, Networks, the Internet, and Cloud Computing and Internet

Article Snapshot


Jennifer Daskal


Vanderbilt Law Review, Vol. 71, No. 1, pp. 179-240, 2018


Governments seek to regulate and access data stored outside of their traditional territorial limits. Private multinational companies that process data have become key players in shaping privacy and free speech rights.

Policy Relevance

Jurisdiction over data should depend on states’ legitimate interests. 

Main Points

  • Data is transmitted around the globe without regard to territorial borders, but governments seeking to regulate or access the data must operate within territorial jurisdictional limits.
  • Barring all law enforcement access to data stored outside the state’s borders could result in a situation in which no country has jurisdiction, if the state where the data is stored lacks jurisdiction over the people authorized to access the data.
  • Belgian courts ruled that any firm offering services in Belgium was subject to jurisdiction there, and that law enforcement could require disclosure of any data received within Belgium; this approach allows a state to bypass other states’ safeguards for human rights.
  • Some laws block local data providers from disclosing data to foreign officials; one nation might compel production of data when the disclosure is forbidden by another nation, creating a direct conflict.
  • In applying Europe's "right to be forgotten," Google warned that requiring worldwide removal of data from search results simply because the data is illegal in France could result in a "global race to the bottom," as other nations demand that their laws also have global reach.
  • Requiring global takedown of unlawful copyrighted materials is less problematic, because over 171 nations have adopted similar standards for copyright infringement.
  • Traditional jurisdictional rules make little sense when applied to data; new rules should map jurisdiction to the legitimate interests of sovereign states, which include:
    • Preventing and prosecuting crime.
    • Protecting the interests of the state’s own citizens and local firms.
  • Three points emerge in considering the evolution of rules for movement of data across borders.
    • Data governance problems are changing our ideas of territorial jurisdiction.
    • Increasingly, territorial regulation has an extraterritorial effect.
    • The large third-party firms that manage data increasingly determine what rules govern and how the rules are applied.
  • Multinational tech firms like Google and Facebook have become key actors in protecting security, privacy, and speech rights.
    • Tech firms should ensure that their data procedures are transparent to users.
    • Public-private partnerships can oversee and certify firms’ compliance.
    • Tech firms should ensure that users are notified when their data is accessed.

Get The Article

Find the full article online

Search for Full Article