The GDPR as a chance to break down borders

This journal prides itself on taking a global and international view of data protection and privacy issues. Inevitably, much of what we publish deals with European Union (EU) data protection law, and in particular the EU General Data Protection Regulation (GDPR) that will become enforceable in May 2018. But over the years we have been proud to publish articles covering the law of countries and regions that have otherwise received little scholarly attention in Anglophone law journals thus far. This has included articles covering the law of countries in Africa (Cape Verde, Ethiopia, Mauritius, Nigeria, South Africa, Uganda, etc), the Asia-Pacific region (Japan, Korea, Nepal, Singapore, etc) and Latin America (Brazil). IDPL’s international focus is in keeping with the global nature of data processing. It has become a truism that data are routinely transferred internationally, and that data processing takes little account of national borders, largely because of the Internet. However, much data protection and privacy law scholarship is still inward-looking and constrained by national boundaries. This kind of attitude is perhaps not surprising if one keeps in mind that taking a global approach is not always helpful in advancing one’s academic career in law. The parochialisms of academia are also often reflected in the attitudes of governments and regulators. The GDPR is set to become the most influential piece of data protection legislation ever enacted, and its influence will extend beyond the boundaries of Europe. This poses challenges at both the European and international levels, but also presents opportunities. At the European level, the GDPR is designed to lead to large-scale (but not total) harmonization of data protection law across the EU. It is thus important to view it through the lens of EU law, rather than that of a particular national legal system. However, to take one example from books published recently, a review of several commentaries on the GDPR in German is not encouraging in this regard. The ones we have seen are all written by teams of authors who are almost exclusively German (and yes, there are data protection experts outside of Germany who can write in German). Even more disconcerting is that, based on a quick perusal of these works, they tend to cite almost exclusively works written in German. Evaluating an instrument of EU law exclusively through the lens of a particular national legal system is not the way to build a pan-European legal edifice. The GDPR will also have a global impact by restricting cross-border data transfers, directly regulating the conduct of many non-EU organizations, and, importantly for our discussion here, influencing data protection legislation around the world. While it may be pie in the sky, we can only hope that the GDPR will also lead to the development of greater globalization of data protection scholarship. Granted this would require changes in the university systems in different countries that are unlikely to happen any time soon, such as giving greater weight to publications in other languages and legal systems and to collaborative research that considers other relevant disciplines (eg economics, politics, or computer science) when making decisions about career advancement. But there are also other ways that the entry into force of the GDPR can spur the internationalization of data protection scholarship and data protection law. Scholars writing on the GDPR should at least show that they are aware of materials in other languages and from other legal systems. Teams of scholars from different legal systems can also cooperate in GDPR-related projects. There is also an opportunity for the European Commission or some other funding body to support the creation of an online database containing court decisions and opinions from around the EU that interpret the GDPR, in order to make transparent how it is being interpreted in different legal systems and give