External Ordre Public and The Limit of GDPR’s Extra-Jurisdictional Reach

It is a well established principle in private international law that

The driving force behind development of ordre public externe is the same as that which motivates public policy: no country can afford to open its tribunals to the legislatures of the world without reserving for its judges the power to reject foreign law that is harmful to the forum. 1

This principle affects directly the power of local EU jurisdictions to impose fines on non-EU countries, notwithstanding what the GDPR says.

So far, none of the EU Data Protection Authorities fines and orders issued against non-EU companies located abroad have been challenged in Court or, at least, there are no public information about. 

In the known cases – starting from Google Spain / Costeja –   the local jurisdiction has been affirmed adopting a highly questionable interpretative trick so to issue a decision against the  local subsidiary rather than the holding located elsewhere.

So far, and understandably, (big) companies avoided a full-frontal legal attack against the GDPR, resorting to a less threatening, skirmish-based strategy, nonetheless the problem remains.

Time will tell.

  1. Kent Murphy, The Traditional View of Public Policy and Ordre Public in Private International Law, 11 Ga. J. Int’l & Comp. L. 591 (1981).

Leave a Reply

Your email address will not be published. Required fields are marked *