Data Protection Regulation and International Arbitration: Can There Be Harmonious Coexistence (with the GDPR Requirements Concerning Cross-Border Data Transfer)?

Abstract

Recent global trends are producing powerful growth in the digital environment, and its spread is prompting adoption of strict and comprehensive regulation to ensure data protection. This results in a number of difficulties, one of which is lack of consistency between data protection regulation and the regulatory regimes applicable to specific industries and institutions. That inconsistency is particularly evident in the field of international arbitration — one of the most widely used and convenient methods for resolving international disputes. The principles and fundamental concepts that largely define international arbitration, such as autonomy of the parties and confidentiality, have made its use very well accepted and widespread. However, data protection requirements often force the parties that are subject to them to make a difficult choice between the basic principles of international arbitration and the requirements of data protection regulation. This bind has come about because data protection regulation, which generally imposes comprehensive compliance obligations, rarely takes into account the specifics of the industries in which it will be applied. In this article it is analyzing application of the GDPR requirements that pertain to cross-border data transfer from the perspective of international arbitration in order to illustrate difficulties and regulatory gaps that may be encountered by the entities interested in thorough compliance with the applicable regulations.