GDPR Issues in Commercial Arbitration and How to Mitigate Them (original) (raw)
Related papers
Data Protection in Commercial Arbitration: In the Light of GDPR
LAP LAMBERT Academic Pubishing, 2019
The present paper analyzes the applicability of the data protection rules towards commercial arbitration. This topic became especially relevant in the context of the adoption of the new data protection framework of the European Union, namely the General Data Protection Regulation (GDPR). GDPR imposes significant requirements for organizations engaged in data processing activities. The purpose of this is to support the main actors in commercial arbitration towards ensuring compliance with data protection legislation. In five chapters the author (i) examines the role of the arbitrators, arbitral institutions, appointing authorities and other key participants in the arbitration proceedings from a data protection perspective; (ii) analyzes the various types of personal data and the possible legal grounds for their processing in arbitration; (iii) focuses on the data subjects' rights under GDPR and their possible limitations in arbitration; (iv) describes the data governance obligations of data controllers in arbitration; (v) explores the future of arbitration and the possible usage of artificial intelligence. The book also contains a Model Privacy Policy for Arbitral Institutions.
Data Protection and International Arbitration
Revista electrónica de direito, 2024
This study aims to reflect on the importance of data protection law, namely the General Data Protection Regulation (GDPR), when it comes to International Arbitration, which is something that implies the need to articulate different laws and international treaties. For this reason, we address the different issues regarding the material and territorial scope of the regulation, as well as the question of transfers of personal data to third countries. We also analyze which personal data can be processed during an international arbitration. Finally, our investigation takes into consideration some of the main issues regarding the proceeding of arbitration itself and evaluates whether the GDPR can offer, when applicable, a coherent answer to the data protection's issues emerging in international arbitration. In a world more technologic than ever, this study aims to demonstrate how these two different worlds (data protection law and international arbitration) can collide for a common application whenever it is necessary.
Law Series of the Annals of the West University of Timisoara, 2016
The examination of the appearance, extent and necessity of transparency and transparent management in certain sectors of the global business environment, furthermore, the comparative analyzation of the related regulatory background gives the backbone of the paper. The increased need for corporate governance and alternative dispute resolution mechanisms in the international business environment (especially via the widespread utilization of investor-state arbitration) proves to be a desire directed towards an increasingly transparent, thus more reliable approach. Therefore, the examination and exploration of conflicting interests and the regulatory background in connection with such matters proves useful in the development of these phenomena. In order to get a deeper understanding of the topic, the paper discovers the historical background of intemational arbitration and compares the arbitration rules of certain arbitral institutions with regards to privacy and confidentiality, thus attempting to measure the extent of transparency manifested in such instruments.
Arbitration and Transparency: Relations Between a Private Environment and a Fundamental Requirement
Slovenian Arbitration Review, 2017
Especially as a result of legal and technological advancements introduced in the 21st century, the need for corporate governance and alternative dispute resolution mechanisms in the international business environment became a desire directed towards an increasingly transparent, thus more reliable approach. With taking into account the impact of such advancements, the exploration of conflicting interests in connection with related matters can be a useful tool in the development of these phenomena. The research ventures into the world of international commercial arbitration and investor-state arbitration, alternative dispute resolution mechanisms frequently applied by the actors of the global business arena. Apart from the examination of the theoretical foundations and legal background of international commercial and investor-state arbitration from the perspectives of privacy and transparency, the paper collects, discusses and compares the rules of procedure of leading arbitral institutions with respect to the degree of privacy and transparency manifested in such instruments. The paper makes the contribution of examining the rules of procedure of leading arbitral institutions from the perspective of certain issues induced by the conflicting interests and relations between privacy and transparency, while also attempting to address such issues in a manner which also takes into account the progressive nature of and requirements set by the 21st century's digital age.
Confidentiality in International Commercial Arbitration: Bedrock or Window-Dressing
Confidentiality in international commercial arbitration can no more be taken for granted by parties in light of the conflicting position that respective nations and arbitral bodies have assumed. Privacy in arbitral proceedings shouldn’t be equated with confidentiality- the latter is dependent on the arbitral seat and the rules applicable to arbitration.. There is a widening gap between the traditional approach (confidentiality as an integral part of arbitration) and the modern understanding (domestic courts have rejected any implied duty of confidentiality). The parties’ agreement to arbitrate hence gains overriding importance. The legal position on confidentiality in arbitration-friendly destinations will be examined, along with the rules of arbitral institutions to study the opposing stands. The author proposes general uniform rule, giving arbitral tribunal greater powers on protecting parties’ confidentiality from potential misuse.
Introduction to the Symposium on the GDPR and International Law
AJIL Unbound, 2020
It is rare that a lengthy and detailed piece of legislation adopted in one jurisdiction becomes not only a law with powerful impact across multiple jurisdictions and continents, but also an acronym that trips readily off the tongue of laypeople and lawyers alike around the world. Yet this has been the fate of the European Union's General Data Protection Regulation, now commonly known as the GDPR, since its coming into force in 2018. Perhaps the Helms-Burton Act came somewhat close in its global impact when the United States adopted the extensive anti-Cuba sanctions regime in 1996. But Helms-Burton was a deliberately globally-targeted sanctions regime that sought to pressure foreign companies trading in or with Cuba into ceasing those activities, and it was adopted as an instrument of U.S. foreign policy. By comparison, the GDPR at first glance appears to be a domestically-focused piece of legislation intended to strengthen data protection and privacy standards within the EU, and to make Europe, in the terms used by the European Commission, "fit for the digital age." Describing itself as a measure intended to harmonize data privacy laws across Europe's single market, the GDPR-which in principle requires no transposition on the part of EU member states in order to have immediate and binding legal effect within those states-applies to any organization operating within the EU or offering goods or services to customers or businesses in the EU. The legislation imposes a demanding set of regulatory standards on those who control or process personal data, in relation to the purposes, uses, handling, and storage of such data. Breaches of these standards can result in the imposition of hefty fines. While the overriding purpose of the regulation may be the protection of personal privacy, the GDPR addresses multiple aspects of data governance that are relevant to businesses worldwide. The key to the way in which the GDPR goes far beyond being a domestic EU-focused legislative measure is in its application to any business or organization anywhere in the world that offers goods or services to persons within the EU, or that monitors the behavior of individuals in the EU. This has meant that the numerous and detailed regulatory standards imposed on companies and organizations-which include the need to obtain the affirmative consent of those whose data they gather or hold; the requirement to inform; the obligation to rectify and to erase data; and restrictions on transfers of data outside the EU-have a very extensive global reach indeed. As Anu Bradford has convincingly argued, at a time when the EU has emerged from a series of economic and political crises as a weakened international political actor, its global regulatory influence and power by comparison has, if anything, increased. 1 While some have welcomed the EU's digital leadership in setting strong data protection and privacy standards, others have been critical of the reach and implications of the GDPR, with the Heritage Foundation and others accusing the EU of digital imperialism. 2 One evident consequence of the global impact of the GDPR is that many of its requirements are in tension with, if not directly in conflict with, other regimes and
Jurisdiction and Applicable Law under the GDPR: A New Landscape
The John Marshall Journal of Information Technology & Privacy (JITP), 2020
Technology, since its introduction into the industry, has observed global and drastic changes over the years. With communication channels expanding across nations, the threats to security continue being increased with each growing day. Management of communication channels, by state or federal authorities, is thus important in the identification of criminals masked behind the internet. These criminals utilize the internet to generate or perform criminal acts, such as fraud and theft, from a personal to a state level. Countless times institutions have complained of the presence of a breach within their networking or predominant organizational system. For this reason, it is important to define rules and regulations that govern a region of the world that, previously, did not have any laws or regulations. Cyber-attacks are issues that are experienced in every nation. For persons who engage in cyber-attacks, violate the privacy of persons and thus are acting against the law of the land. However, the determination of which nation has a right to convict the actor of the deed differs as various laws stipulate which nation is to be sovereign in given situations. Various states differ as to the point at which a person’s private life is invaded with the action of processing data that is from within their account. For this reason, there is a need to develop regulations that state where the privacy of an individual is contravened when accessing information that is online. In 2016, the European Parliament and the Council of the European Union developed the General Data Protection Regulation (GDPR). Previously, it was a directive that had been developed to manage the European Union's (EU) jurisdiction in international conditions within the use of the Internet. In this article, a critical analysis of the GDPR is given with concentration being placed on the clauses stated concerning the factors and institutions it affects, and its scope of jurisdiction within and beyond the European Union.