Jurisdiction, Conflict of Laws and Data Protection in Cyberspace (Report)


On 12 October 2017, the Brussels Privacy Hub (BPH) at the Vrije Universiteit Brussel and the Department of European and Comparative Procedural Law of the Max Planck Institute (MPI) Luxembourg held a joint conference entitled “Jurisdiction, Conflicts of Law and Data Protection in Cyberspace”. Attended by nearly 100 participants, the conference included presentations by academics from around the world, as well as from Advocate General Henrik Saugmandsgaard Øe of the Court of Justice of the European Union.

Thanks to the Internet, people who are thousands of miles apart can effortlessly engage in social interactions, business transactions and scientific dialogue. While all these activities rely on sophisticated data-exchanges lying outside the borders of any particular State, they also spike discussion on the challenges to the protection of privacy in the Digital Age.

The conference held at the MPI Luxembourg intended to explore some of the most controversial issues lying at the intersection between Private International and Data Protection Law, by addressing, in particular, the problems arising in connection with cross-border telematics exchanges of data in the field of biomedical research and the contractual relationships stemming from social networking and the use of social media.

Welcome address

Prof. Dr Burkhard Hess, Director of the MPI Luxembourg, and Prof. Dr Christopher Kuner, Co-Director of the BPH, opened the discussion by highlighting the importance of considering the topics on the agenda from a European and a global perspective.


Panel I “Data Protection and Fundamental Rights Law: The example of cross-border exchanges of biomedical data – the case of the human genome”

Dr. Fruzsina Molnár-Gábor of the Heidelberg Academy of Sciences and Humanities discussed the need for innovative regulatory solutions in biomedical research, and demonstrated the basic problem of data protection and data transfer: The creation of appropriate and applicable legal frameworks often lags behind the necessarily more rapid pace of data exchange seen in successful scientific research.


Panel II “Territorial Scope of Law on the Internet”

Prof. Dr. Dan Svantesson of Bond University in Australia reconsidered the territorial scope of the new EU General Data Protection Regulation, and proposed a layered approach with sets of provisions based on the objectives pursued and assigned a different extraterritorial reach.

A response was made by Prof. Dr. Gerald Spindler of University of Göttingen, who conversely advocated the existence of an ongoing trend toward a “reterritorialization” of the Cyberspace, favoured by technological advance.


Panel III “Contractual Issues in Online Social Media”

Prof. Dr. Alex Mills of University College London presented a thorough analysis of Facebook’s and Twitter’s general terms and conditions, which brought to light private international law issues stemming from “vertical contractual relationships” between the social media platform and final users.

Prof. Dr. Heike Schweitzer of Freie Universität Berlin, highlighted a fundamental difference between E-Commerce and social media platforms: the self-interest in setting up a consumer-friendly regulatory regime.


Roundtable “Future Challenges of Private International Law in Cyberspace”

Advocate General Saugmandsgaard Øe, Prof. Kevin D. Benish of New York University School of Law, Prof. Dr. Gloria Gonzalez Fuster of Vrije Universiteit Brussels and Dr. Cristina Mariottini, Co-Rapporteur at the ILA Committee on the Protection of Privacy in Private International and Procedural Law analysed and discussed recent law cases.


Overall, the conference demonstrated the growing importance of private international and procedural law for the resolution of cross-border disputes related to data protection. The more regulators permit private enforcement as a complement to the supervisory activities of national and supranational data protection authorities, the more issues of private international law become compelling. As of today, conflict of laws and jurisdictional issues related to data protection have not been sufficiently explored, as the discussion on private law issues related to the EU General Data Protection Regulation demonstrates. With this in mind, both Brussels Privacy Hub and MPI have agreed to regularly organise conferences on current developments in this expanding area of law.

For the picture gallery please click here.