Jiahong Chen, School of Law, University of Edinburgh, Edinburgh, UK. The author is funded by China Scholarship Council/University of Edinburgh Joint Scholarship. The author thanks Emily Hancox, Wenlong Li, Grant Stirling and an anonymous reviewer for their comments and suggestions on a previous draft.
Jiahong Chen; How the best-laid plans go awry: the (unsolved) issues of applicable law in the General Data Protection Regulation. International Data Privacy Law 2016; 6 (4): 310-323. doi: 10.1093/idpl/ipw020
The General Data Protection Regulation has been adopted recently by the European Union to replace the Data Protection Directive. The Regulation follows a similar pattern to the Directive with regard to the territorial scope of EU data protection law, but unlike the Directive, the issue of applicable national law is no longer addressed.
However, the Regulation expressly allows Member States to deviate from its default rules on dozens of specific matters. Some of these provisions are highly likely to trigger serious problems concerning the applicability of national data protection laws.
Potential conflicts of laws, which are exacerbated by the fact that Member State laws have defined their own scopes in incompatible ways, will inevitably create legal uncertainties to data subjects, data controllers and data protection authorities.