From opt-in to obligation? Examining the regulation of globally operating tech companies through alternative regulatory instruments from a material and territorial viewpoint

ABSTRACT Modern society’s ever-increasing reliance on technology raises complex legal challenges. In the search for an efficient and effective regulatory response, more and more authorities – in particular the European Union – are relying on alternative regulatory instruments (ARIs) when engaging big tech companies. Materially, this is a natural fit: the tech industry is a complex and rapidly-evolving sector and – unlike the rigid classic legislative process – ARIs allow for meaningful ex ante anticipatory constructions and ex post enforcement due to their unique flexibility. However, from a territorial point of view several complications arise. Although the use of codes of conduct to regulate transnational private actors has a rich history, the way in which such codes are set out under articles 40 and 41 of the EU’s GDPR implies a ‘hardening’ of these soft law instruments that has repercussions for their relationship to the principles of territorial jurisdiction. This contribution serves as a first step for further research into the relationship between codes of conduct, the regulation of the tech industry and the territorial aspects related thereto.