Choices, choices. I will continue to follow the GDPR for jurisdictional purposes, including territorial scope. (And I have a paper coming up on conflict of laws issues in the private enforcement of same). But for much of the GDPR enforcement debate, I am handing over to others. Johannes Marosi, for instance, who reviews the CJEU judgment this week in Fansites /Wirtschaftsakademie, over at Verfassungsblog. I reviewed the AG’s Opinion here.
Judgment in Grand Chamber but with small room for cheering.
As Johannes’ post explains, there are many loose ends in the judgment, and little reference to the GDPR (technically correct but from a compliance point of view wanting). (As an aside: have a look at Merlin Gömann’s paper, in CMLREv, on the territorial scope of the GDPR).
(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 18.104.22.168.5.