Ambient assisted living (AAL) technologies are increasingly presented and sold as essential smart additions to daily life and home environments that will radically transform the healthcare and wellness markets of the future. An ethical approach and a thorough understanding of all ethics in surveillance/monitoring architectures are therefore pressing. AAL poses many ethical challenges raising questions that will affect immediate acceptance and long-term usage. Furthermore, ethical issues emerge from social inequalities and their potential exacerbation by AAL, accentuating the existing access gap between high-income countries (HIC) and low and middle-income countries (LMIC). Legal aspects mainly refer to the adherence to existing legal frameworks and cover issues related to product safety, data protection, cybersecurity, intellectual property, and access to data by public, private, and government bodies. Successful privacy-friendly AAL applications are needed, as the pressure to bring Internet of Things (IoT) devices and ones equipped with artificial intelligence (AI) quickly to market cannot overlook the fact that the environments in which AAL will operate are mostly private (e.g., the home). The social issues focus on the impact of AAL technologies before and after their adoption. Future AAL technologies need to consider all aspects of equality such as gender, race, age and social disadvantages and avoid increasing loneliness and isolation among, e.g. older and frail people. Finally, the current power asymmetries between the target and general populations should not be underestimated nor should the discrepant needs and motivations of the target group and those developing and deploying AAL systems. Whilst AAL technologies provide promising solutions for the health and social care challenges, they are not exempt from ethical, legal and social issues (ELSI). A set of ELSI guidelines is needed to integrate these factors at the research and development stage.

Integrating information technology (IT) into emergency responseproduces complex intended and unintended, positive and negative consequences, reaching from enhanced efficienciesto new digital divides. This deliverable presents an analysis of core ethical, legal and socialissues that practitioners and other stakeholders currently encounter in multi-agency collaboration. The report provides a broad overview and an inventory of international coordination initiatives and standarisation activities. The focus lies on issues that are relevant to innovation in IT supported forms of multi-agency emergencyresponse. We examine current approaches and practices of managing these issues, combining literature review with insights from empirical investigations. The purpose of the work summarised here is to inform socio-technicalinnovation in system of systemapproaches to large-scale multi-agency emergency response, and this purpose defines the scope of discussions. Utilization of the document for this purpose is supported by a glossary and an extensive index. The report concludes with a summary.

This paper explores the extent to which technology providers are responsible to end users for embedding data protection rules in the AI systems they design and develop, so as to safeguard the fundamental rights to privacy and data protection. The main argument set forth is that a relational rationale, requiring a broader range of actors in the supply chain to share legal responsibility for Data Protection by Design (DPbD) is better suited to address infringements to these fundamental rights than the current model that assigns responsibility mainly to the data controller or data processor. Reconceptualizing the law in a more future-oriented, relational, and distributed way would make it possible to adapt legal rules – including those within the GDPR and the continuously evolving EU acquis – to the complex reality of technology development, at least partly addressing the responsibility gap in DPbD.

A future-oriented conception of responsibility would require technology providers to adopt more proactive approaches to DPbD, even where they are unlikely to qualify as a controller. A relational approach to DPbD would require technology providers to bear greater responsibilities to those individuals or groups that are affected by their design choices. A distributed approach to DPbD would allow for downstream actors in the supply chain to bear part of the legal responsibility for DPbD by relying on legal requirements that are applicable to various actors in the supply chain supporting DPbD such as those found in contract law, liability law, and the emerging EU acquis governing AI, data, and information security.

Lifelogging technologies have the capacity to transform the health and social care landscape in a way that few could have imagined. Indeed, the emergence of lifelogging technologies within the context of healthcare presents incredible opportunities to diagnose illnesses, engage in preventative medicine, manage healthcare costs and allow the elderly to live on their own for longer periods. These technologies, however, require coherent legal regulation in order to ensure, among other things, the safety of the device and privacy of the individual. When producing lifelogging technologies, it is important that developers understand the legal framework in order to create a legally compliant device. The current regulation of lifelogging is highly fragmented, consisting of a complex patchwork of laws. There are also a number of different regulatory agencies involved. Laws and regulations vary, depending on jurisdiction, making development of these technologies more challenging, particularly given the fact that many lifelogging tools have an international dimension.

Universities around the globe have been profoundly affected by stay-at-home orders, which have required them to close their doors and shift to online teaching and learning. In an effort to avoid delaying or postponing examinations amid the Covid-19 outbreak, many higher-education institutions have turned to online proctoring tools, raising complex questions about how they can ensure the integrity of online assessments while at the same time respect ethical and legal constraints, especially regarding students’ fundamental rights to privacy, data protection and non-discrimination. In particular, universities are increasingly relying on AI-based facial recognition technologies (FRT) that can be used to authenticate remote users that connect from offsite the campus as well as to identify cheating and other dubious behavior throughout the online exam process.

Research and Development (R&D) in the pharmaceutical sector traditionally occurred in closed, siloed institutional settings. This approach was a function of a rights-oriented model which framed access and reuse of data (data sharing) as a threat to rightsholders. However, a closed model of explorative collaboration is less suited to today’s more complex scientific ecosystem, where external engagement and dynamic partnering with multiple actors and diverse information sources has become essential. As such, devising alternative approaches is vital in ensuring that opportunities for scientific advances are not lost or innovation stifled.

This article introduces a hybrid contractual framework that combines the benefits of the automated functionality of smart contracts and non-fungible tokens embedded in the blockchain with more traditional rights-based licensing schemes. The framework described is based on the outcome of an experimental pilot platform that enabled participants to store, find and reuse data following FAIR data principles. The platform documents real-world physical assets in the drug discovery of chemical molecules in an immutable digital ledger.

More generally, smart contracts and non-fungible token’s point us towards an open and global collaborative platform for exploiting and advancing drug research assets. The resulting platform creates mechanisms for resolving issues regarding standardization, interoperability, and disclosure. As such, it overcomes many of the practical hurdles currently obstructing collaboration in pharmaceutical R&D, as well as providing a framework to address the central conflict in drug discovery, namely the demand for greater data sharing and the protection of rightsholder interests.

Creative AI (notably GANs and VAEs) can generate convincing fakes of video footage, pictures, graphics, etc. In order to conceptualize the societal role of creative AI a new conceptual toolbox is needed. The paper provides metaphors and concepts for understanding the functioning of creative AI. It shows how the role of creative AI in relation to FAT ideals can be enriched by a dynamic and constructivist understanding of creative AI. The paper proposes to use Greimas’ actantial model as a heuristic in the operationalization of this type of understanding of creative AI.

Användningen av molntjänster på internet har ökat markant under senare år och utgör redan en väsentlig del av företagens informationshantering. På motsvarande sätt tilltar behovet av insyn i och granskning av dessa ”utrymmen”, t.ex. för skattekontroll. Den tämligen gränslösa och flexibla molnmiljön är emellertid svårnavigerad då lagring sker externt och ibland över flera jurisdiktioner. Kontrollmöjligheterna är begränsade. I målet HFD 2021 ref. 23 klargjordes att bevissäkring i molnet inte är möjlig, då det saknas lagstöd. En teknikanpassad reglering av bevissäkringsreglerna framstår därför som angelägen. I artikeln företas en analys av gällande rätt om bevissäkring i molnet och diskussion om möjliga regleringsmodeller. 

The use of personal care robots in caregiving raises many different ethical and legal dilemmas regarding privacy and personal data, as well as concerns in relation to human dignity and the prohibition of inhuman and degrading treatment. At a more fundamental level, this raises two central issues. First, the question is whether an inidivual can claim a right to human contact and to be cared for by humans, in an increasingly digitalized and robotized society. If so, a second question arises: on which legal grounds and to what extent, can such a right be asserted in relation to robotized caregiving? What would the ethical and legal consequences be if the care of humans were turned over to robots for long periods of time? The purpose of this paper is to provide certain reflections on the legal grounds for a possible right to human caregiving and related issues, which as a general legal framework could affect the way in which care robots can be introdced into caregiving. If there is a rigt to be left alone, is there also a right not to be left alone? 

Predictive tools for child protection based on AI have, with varying success, been developed in different parts of the world. Some examples are the Vulnerable Children Predictive Risk Model of New Zealand from 2012, the Allegheny Family Screening Tool used by Allegheny County in Pennsylvania in the U.S. since 2014 and the Early Help Profiling System of Hackney County Council, London, U.K. In Scandinavia the Gladsaxe-model from Copenhagen, Denmark, seems to have been the first in the region as it was ready in 2018. In Sweden, the municipality of Norrtälje launched an AI tool to analyse cases based on preliminary warning referrals in 2020, to help in the detection of future cases of child maltreatment.

It could be argued that such tools in general will help prevent maltreatment of children and enable social services to become more effective in their outreach work and thus the provision of support to children at high risk at a lower cost. The struggle to provide more effective child welfare and the reality of substantial funding cuts, common to the authorities in many European countries, increases the interest in such systems. Contrary to the promise and hopes for AI tools is the fact that the use of such tools for child protection, comes with multiple risks from a children’s rights perspective. This is certainly the case regarding the use of predictive risk modelling (PRM) in child welfare.

The purpose of this paper is to give a preliminary overview and analysis regarding the design and use of AI tools to identify children at high risk of maltreatment in relation to relevant children’s rights. Are such child protection tools aligned with children’s rights as laid down in the UN Convention of the Rights of the Child (UNCRC), the European Convention of Human Rights and the EU Charter of Fundamental Rights? And to what extent?

The 2019 EU whistleblowing directive (WBD) was enacted to strengthen the position of whistleblowers and provide more effective protection throughout the EU, not least through mandatory whistleblower functions now being implemented by large employers. The implementation of the directive in Sweden has been fairly swift, arguably as whistleblowing protection is already a part of Swedish legal culture.Whistleblower protection in Sweden has its historic roots in the 1766 Freedom of the Press Act. A reaction to corruption and secretive government, the drafters of the Act viewed the participation of citizens and civil servants through the freedom of informants and the right to access public documents as central checks on government. Over the centuries this freedom of informants has been strengthened through the addition of prohibitions on public agencies as to making inquiries into the identity of informants as well as reprisals. Nevertheless, it was not until 2016 that the first specific Whistleblower Act (WA) was introduced. The Act applies to both the public and private sectors. The WBD was implemented in 2021 through a new WA, lagen (2021:890) om skydd för den som rapporterar om missförhållanden, which builds on the 2016 Act but is significantly broader in scope. The aim of this paper is to analyze the evolution of whistleblower protection as well as the current system of the whistleblower legislation in Sweden leading up to the implementation of the WBD. Some reflections related to issues concerning legal culture are given, with the possible challenges regarding the integration of the new European rules in Sweden as well as an analysis of the effectiveness of the Swedish whistleblower protection system. The paper concludes that the implementation of the WBD in Swedish law strengthens whistleblower protection, but also creates a higher degree of complexity, which might lead to it being weakened in practice. Complexities might arise related to the fact that the constitutional protection has precedence over the WA. It might not be clear in all cases which provisions are to apply, which carries with it a risk that the current system will be confusing for potential whistleblowers. Another issue of concern is that the WA requires the whistleblower to follow certain procedures. Although this can create a comprehensible procedure and, in some ways, facilitate reporting of wrongdoings, it can also constitute a restraint on the freedom to report as the whistleblower sees fit together with, for example, a professional reporter. Furthermore, the fact that whistleblowers generally have to report through external reporting channels before he or she can go public might undermine the role of the media as the public watchdog as well as a corporate watchdog.     Moreover, there are still important access to justice issues related to whistleblowing in Sweden that need to be overcome, which has become clear in recent case law through e.g. the Grinnemo-case.     Despite these concerns, it is likely that whistleblower protection will evolve further with the new law and strengthen the safeguards for an effective whistleblower protection to the benefit of the transparency and the proper functioning of democratic societies. 

The purpose of this study is to analyze the legal developments concerning the public administration’s role in making public data available to the public in accordance with the Swedish constitutional principle of publicity and the EU’s Public Sector Information legislation (PSI), including the open data directive, and the relationship between them. Furthermore, the study identifies trends and presents certain proposals for future legislation. 

The public administration, with its large amounts of data, has in some sense always been data-driven. Nevertheless, through the development of big data over the past decades, the ability to store and analyze vast and varying amounts of data at an increasingly growing speed has made public data an even more valuable resource for different actors. This has led to the establishment of an information market based on public data. Public data can be made available for everyone either for a fee or for free in the form of for example Public Sector Information (PSI) or open data. Data from different agencies can be combined with one another and other private data sources, which continuously creates new areas of application. Within the EU this is framed as the data economy. 

Public administrative bodies have therefore achieved a more active role as a catalyst for the data economy, which has been further institutionalized through legal regulations such as the act (2022:818) on the availability of public data, through which the EU open data directive has been implemented. 

Nevertheless, this development entails important risks for both the individual and the nation state. There are underlying risks concerning mass surveillance, discrimination and disinformation. Democracy, the rule of law and fundamental rights, which form the basis of our legal order are at play and depend heavily on the choices we make regarding the use of this common resource. Moreover, there are important risks related to information security and not least national security, especially since it can turn into an impossible endeavor to sort out how and for what purposes these vast amounts of data are used or reused by unknown actors.   

While there is a risk of abuse and overuse of public data, it can also be important to understand it can be a problem if we cannot use this resource in a manner which can lead to increased innovation, growth and welfare.

The current development regarding the further utilization of public information in what is now called the data economy is complex and multifaceted. This increases the need for an integrated regulatory framework. Currently, there are parallel regulations; 1) the national one which takes its starting point in the principle of openness which has its origin in a long tradition of the promotion of democracy and freedom of expression and counteracting corruption and 2) the EU’s PSI legislation with its market-oriented orientation. This in turn requires an overall strategy on the part of the legislator on how the regulations could be integrated in such a way that they enrich each other without putting fundamental values at risk.

Another important issue is which data should be accessible for reuse. This is a matter which requires a complex balancing of interests. This can, for example, involve the weighing of certain fundamental rights, such as the protection of personal data and the freedom of information, as well as balancing the need for open government versus national security and information security. There seems to be an apparent need for a central public organ with the necessary competencies to carry out these complex balancing acts. 

The complex decision-making that the current legislation requires also faces challenges at the conceptual level. Different terms are used within the various regulations in a manner that can cause confusion. Furthermore, certain unexplained discrepancies have also been found in relation to the concept of data within data science and the legislation, which in turn can adversely affect both legal certainty and efficiency.

Another issue concerns the trend towards making public data available at low cost or for free. This is assumed to contribute to increased economic welfare in the form of increased employment, tax revenues and innovation, which is strongly reminiscent of the economic notion of dynamic effects. This should give rise to further evaluation, not least in order to make sure that other important interests are safeguarded both at the individual and the national level. It can also be argued that the fact that the companies involved are the beneficiaries of a state subsidy, as compared to most other business situations where the the “raw material” will not be provided by the state for free. Thus, there is a potential problem in relation to the principle of equality. 

The study shows the need for finding ways to uphold and provide concrete meaning to the fundamental rights and values on which our legal order rests in the EU’s developing data economy.

Författningssamlingen är anpassad till kurser i Rättsinformatik vid Stockholms universitet. Avsikten är att materialet ska vara behändigt även vid annan utbildning och praktik som avser juridiken i det digitaliserade samhället. Författningssamlingen i rättsinformatik kompletteras av en rättsfallssamling inom samma ämnesområde. Författningarna återges som de lyder den 1 juli 2023. 

Rättsfallssamlingen avspeglar kurser i Rättsinformatik vid Stockholms universitet. Avsikten är att materialet ska vara behändigt även vid annan utbildning och praktik som avser juridiken i det digitaliserade samhället. Innehållet är aktuellt per den 1 juli 2023. Rättsfallssamlingen i rättsinformatik kompletteras av en författningssamling inom samma ämnesområde. 

Sweden as a state emerged during the Middle Ages out of the chaos of tumultuous battles between rival clans. Around 1000 AD the different clans seem to have united under the reign of one king and gradually common institutions and central offices developed as well as a class structure consisting of the commoners, the priesthood, the aristocracy and the King. A parliament, the Riksdag, consisting of representatives of the different classes was formed. The Riksdag elected the kings and made decisions regarding war and taxation.

Sweden was an elective monarchy until the Riksdag of 1544, when Sweden was declared a hereditary monarchy. Kings were normally elected by the aristocracy and were usually of royal or aristocratic descent. Swedish kings were normally not as powerful as their European counterparts, being dependent on negotiations with the aristocracy in particular but also with the commoners. There were some rare exceptions involving periods of absolutism during the 17th Century  

The dialectical relationship between taxation and the political balance of power in Sweden has therefore mostly been formed by negotiations and the power relations of different classes. Here the commoners and the aristocracy played an important part.    

The development of taxation and democracy in Sweden can be attributed to many factors. Sweden did not become a more full-blown democracy until 1921. The road towards democracy in Sweden was not marked by war or revolution but occurred gradually over long periods of time. Although Sweden was a highly militarized state from the 16th Century to the 20th Century, Sweden has not endured any civil wars or revolutions.

Taxation and democracy have been closely tied, since the right to political influence and later the right to vote was linked to the individual’s status as taxpayer. In order to fully grasp this evolution, there are certain periods that stand out in Swedish history rather than particular iconic events. These will be described briefly below. Principles and traditions of taxation in medieval Sweden paved the way for the Swedish Empire between 1611-1721, which in turn left its marks on the constitutions of the Age of Liberty between 1719-1772 and in the Constitution of 1809, which was in force until 1975.  

In this chapter the tax history of Sweden is analyzed from the point of view of the dialectical relationship between taxation and the policical balance of power.

Developed countries around the world are facing crucial challenges regarding health and social care because of the demographic change and current economic context. Innovation in technologies and services for Active and Assisted Living stands out as a promising solution to address these challenges, while profiting from the economic opportunities. For instance, lifelogging technologies may enable and motivate individuals to pervasively capture data about them, their environment and the people with whom they interact, in order to receive a variety of services to increase their health, well-being and independence. In this context, the PAAL project presented in this paper has been conceived, with a manifold aim: to increase the awareness about the ethical, legal, social and privacy issues associated to lifelogging technologies; to propose privacy-aware lifelogging services for older people, evaluating their acceptability issues and barriers to familiarity with technology; to develop specific applications referred to relevant use cases for older and frail people.

Utbudet av elektroniska produkter med rättsinformation ökar. Likaså har möjligheterna att få tillgång till dessa breddats avsevärt. För inte alltför många år sedan fanns enbart ett fåtal on-line-databaser att tillgå. Att kunna nå en sådan via en uppringbar förbindelse var då något som var förunnat ett fåtal. Idag kan varje person med någon form av Internet-anslutning söka bland utlagda rättsinformationsprodukter. Några av dessa är renodlade Internet-tillämpningar.

I denna artikel kommer Juridiskt forum, en Internet-tjänst som tillhandahålls av Juridisk Informationsteknologi AB, JIT, att beskrivas.

Den 23:e Nordiska konferensen i rättsinformatik ägde rum i Stockholm 2008 och tog sig an temat ”IT Regulations and Policies: from Theory into Practice”. Huvudsyftet med konferensen var att formulera en juridisk agenda för reglering av IT och policy. De frågor som behandlades rörde bland annat hur man bör balansera kraven på ökad juridisk reglering och hur man bör ta hänsyn till de röster som vill ha mindre regler i informationssamhället. Därtill diskuterades vilka juridiska angreppssätt som är mest lämpliga.

Konferensen tog också upp problem som har blivit relevanta som en följd av samhällets användning av informations- och kommunikationsteknologi, bland annat: 

• Hur den personliga integriteten ter sig i framtiden.
• Hur immaterialrätten påverkas i informationssamhället.
• Hur man kan skydda den personliga integriteten och samtidigt främja informationssäkerheten.
• Vad begrepp som semantic web och sociala media har för betydelse för utvecklingen av juristers informationssökning.
• Hur kunskapshanteringssystem kommer att fungera i framtiden. 

I denna utgåva av Nordisk årsbok i rättsinformatik presenteras bidrag från flera av de talare som medverkade på konferensen. Boken belyser på så vis både aktuella frågor och utvecklingstendenser i informationssamhället.

The series International Encyclopaedia for Cyber Law discusses legal issues that information and communication technology has given rise to. Each monograph in the Cyber Law Encyclopaedia covers the regulation of the ICT market, the protection of intellectual property, ICT contracts, electronic transactions, non-contractual liability, privacy protection and computer-related crime.

Besides editor and main author Christine Kirchberger, who covered intellectual property rights, electronic commerce and privacy protection, other colleagues and lawyers contributed with specific chapters. Johan Kahn, Law Firm Delphi, wrote on ICT contracts, Per Nordenson, Nordenson Law Firm, on alternative dispute resolution within the IT sector, Ulf Isaksson, Danowsky & Partners, on liability, Stanley Greenstein, Swedish Law & Informatics Research Institute, discussed cryptography and standardisation, Henrik Nilsson, Bird & Bird, focused on the regulation of the electronic communications sector, and Erik Wennerström, Swedish Ministry for Foreign Affairs, presented legal issues of computer-related crime.

The countries included in the Cyber Law Encyclopaedia are, among others, Australia, China, Denmark, Ireland, Italy, South Africa, Spain and the United Kingdom. Sweden is the 27th country to join the series, which is edited by Prof. Dr. Jos Dumortier, K.U. Leuven, Belgium.

While the Internet provides enormous opportunities within development of communications and database systems it also endangers the processing of personal data unlawfully. With traditional database structure in focus the responsibility and accountability of said processed personal data was somewhat clear as the General Data Protection Regulation (GDPR) entered the legal framework of the European Union’s member states in May 2018. Blockchain technology being the latest innovation in database structure challenges the applicability of the new regulation by introducing cryptography and a peer-to-peer distributed ledger technology. This thesis is the result of an attempt to analyze the personal data processed in public blockchains, i.e. Bitcoin, and its compliance with certain fundamental data protection rights stipulated in the GDPR such as the right to erasure of personal data.

Furthermore, in relation to fundamental data protection rights violations are also subjects of accountability. While the new distributed ledger technology vastly increases the difficulty to determine a target for accountability the thesis also considers the traditional view on databases on which the GDPR was built upon. Thus, the thesis aims to further explore the relation between participants on the innovative blockchain and fundamental personal data protection rights in the GDPR.

This paper shows how experiences from the area of EU financial law can be used to strengthen privacy protection in Active and Assisted Living (AAL), by fulfilling information obligations. Firstly, the importance of the information obligation in the fields of law, society, and economics is explained. A reluctance to accept new technology often comes from a lack of understanding thereof. In economics, it is assumed that people make informed choices, and that the main tool for consumer protection is the provision of information (the information paradigm). That is why the law requires us to provide information, sometimes making it a condition of a transaction’s validity. Two main EU legal acts vital for computer systems and assistive technology,i.e., the General Data Protection Regulation (GDPR) and the Artificial Intelligence Act (AI Act) proposed by the Commission in 2021, are analysed to identify information obligations: They specify different information obligations, including rules on informed consent, without which several systems and their functions cannot be used. The purpose of the requirement of informed consent is to provide data subjects with tools to protect their privacy, allowing them to decide how their personal data may be processed. The information obligation is similarly applied in the field of consumer protection. In this paper, I suggest verifying the development of regulations concerning consumer protection by information obligation in EU banking and investment law. After the crisis of 2008, a long legal trajectory occurred – from the detailed prospectus, through the simplified prospectus and the Key Investor Information Document (KIIDs), to the current standardised and shorter Key Information Document (KID). Changes were introduced, as a result of behavioural research into people’s perceptions and understanding. That experience may be useful in assisting technologies to fulfil the legal information obligations most effectively and, therefore, strengthen data privacy protection.

Deterrence, civil defense, collective defense, and arms control were key national security doctrines in the 20th century, and they are being reevaluated now for application to cyberspace.

This thesis examines open distributed blockchain technology from a legal perspective. The blockchain is a technology used to secure and ensure the integrity of data in an unsafe digital environment. Traditionally, peer-to-peer networks (P2P-networks), synonymous with distributed networks, have faced the issue of ensuring the integrity of data and deterring scams such as double spending, which refers to someone using the same assets twice, and has discouraged people from using P2P-networks. Scams like double spending have been possible in the absence of a governing party ensuring the integrity of the data, that is until the introduction of Bitcoin in 2008, which introduced a cryptographic solution to ensuring the data’s integrity in a P2P electronic cash system. By relying on cryptography, instead of trusting institutions for the integrity of transactions, the introduction of Bitcoin facilitated a move towards decentralization where classical middleman services, like banking, are becoming obsolete.The General Data Protection Regulation (GDPR), which is to be implemented in all European Union (EU) member countries on May 25th, 2018, is a regulation that aims to harmonize data privacy laws across Europe. The GDPR introduces several fundamental rights and freedoms for natural persons regarding the protection of their personal data. This means that certain responsibilities are imposed on the responsible parties that process personal data.This thesis examines to which extent the GDPR is applicable to an open distributed blockchain and if the fundamental principles under the regulation can be upheld, respectively if the responsible parties can fulfill their responsibilities imposed by the regulation.

Due to its extraterritorial effect, the European Union's trailblazing data privacy law has long been a major concern for US. businesses. With the proposal for a new EU data privacy framework with potential penalties of up to two percent of an offending enterprise's annual worldwide turnover, and with the European Union at the same time expanding the extraterritorial reach of its data privacy law, such concerns are justified indeed. This Article examines the extraterritoriality of current and proposed EU data privacy law and analyses whether reference to international law can either strengthen or weaken those claims of extraterritoriality. In doing so, this Article demonstrates that international law lends support to the approach to extraterritoriality adopted in the EU data privacy law. At the same time, however, the examination of EU law highlights that, from the perspective of extraterritoriality, the current EU Directive is dysfunctional in its unnecessary complexity, and the proposed EU Regulation is in desperate need of refinement. Finally, the Article presents a doctrine of market sovereignly, established by reference to the effective reach of market destroying measures, as a mechanism for determining the extraterritorial reach of jurisdictional claims.