GENERAL DATA PROTECTION REGULATION (GDPR) DAN KEDAULATAN NEGARA NON-UNI EROPA

Yohanes Hermanto Sirait

Abstract

 

Pada umumnya, GDPR berlaku terhadap aktivitas proses data yang dilakukan oleh entitas yang didirikan di Uni Eropa. Namun dalam kegiatan tertentu, GDPR dapat juga berlaku diluar Uni Eropa berdasarkan prinsip ektra-teritorial. Prinsip ini memiliki hubungan dengan konsep kedaulatan dalam Hukum Internasional. Tulisan ini bertujuan mengkaji apakah sebuah negara harus tunduk pada GDPR ketika syarat-syarat terpenuhi atau haruskah negara menggunakan kedaulan mereka sebagai dasar untuk menolak. Tulisan ini merupakan peneltiian yuridis normatif. Fokus dari tulisan ini pada perundang-undangan dan sumber hukum lain sebagai sumber hukum primer dan sekunder. Analisis dilakukan secara deduktif dari hal umum kepada hal khusus. Hasil penelitian menunjukan bahwa prinsip ektra-teritorial dalam GDPR sesuai dengan hukum internasional. Praktik tersebut umum dilakukan guna melindungi warga negara dan kepentingan nasional dari adanya ancaman yang berasal dari luar. Peluang adanya tumpang tindih antara prinsip ini dengan kedaulatan negara tidak besar oleh karena prinsip tersebut hanya bekerja ketika kepentinga warga negara Uni Eropa terlanggar.

 

Generally, the GDPR applies to data processing activities conducted by organisations established in the European Union (EU). But in certain activities, GDPR may also apply outside EU according to extra-teritorial principle. This principle has correlation to concept of sovereignty in international law. This article aims to examine whether a state must abide to GDPR when the requirement fulfiled or should the states use their sovereignty as a basis to deny it. This article is normative legal research. It focus on case-law, statutes and other legal source as primary and subsidiary source. The analysis is deductive by reasoning from more general to more specific. The result show that extra-teritorial principle under GDPR is in accordance to international law. The practice is common in the world in order to protect the citizen and national interest from any threat from abroad. The chance of overlapping between this principles with state’s sovereignty is hardly to occur as the principle only works when the interest of European citizen violated.

Keywords

extra-teritorial principle; GDPR; personal data; sovereignty.

Full Text:

PDF

References

Buku

Adrian Sutedi. 2009. Hukum Kepailitan. Ghalia, Jakarta.

Soerjono Soekanto dan Sri Mamudji. 2001. Penelitian Hukum Normatif Suatu Tinjauan Singkat, Cetakan 5. Raja Grafindo Persada. Jakarta.

Soemitro Ronny Hanitijo. 1988. Metode Penelitian Hukum dan Yurimetri. Ghalia Indonesia. Jakarta.

Jurnal dan Majalah

Aldo Ingo Sitepu. 2016. Application of Extraterritorial Jurisdiction in European Convention on Human Rights (Case Study: Al-Skeiniand Others V. UK), Jurnal Hukum Internasional, Volume 13 Number 3.

Alexander Savelyev. 2016. Russia’s new personal data localization regulations: A step forward or a self-imposed sanction?. Computer law & security review 32.

AP Edi Atmaja. 2014. Kedaulatan Negara di Ruang Maya: Kritik UU ITE dalam Pemikiran Satjipto Raharjo. Jurnal Opinio Juris, Vol. 16.

Danel Aditia Situngkir. 2018. Eksistensi Kedaulatan Negara dalam Penerapan Yurisdiksi Mahkamah Pidana Internasional. Jurnal Lex Librum, Vol. V, No. 2.

Denico Doly. 2018. Politik Hukum Pengaturan Perlindungan Data Pribadi. Info Singkat, Vol. X, No. 08/II/Puslit.

European Union Agency for Fundamental Rights and Council of Europe. 2014 Handbook on European Data Protection Law, Belgium.

Irion, K.. 2012. Government Cloud Computing and National Data Sovereignty. Policy & Internet. Vol. 4, No. 3-4.

Jodie A. Kirshner. 2012. Why is the U.S. Abdicating the Policing of Multinational Corporations to Europe?: Extraterritoriality, Sovereignty, and the Alien Tort Statute. Berkeley Journal of International Law, Volume 30 Issue 2 Article 1.

Noah Bialostozky. 2014. Extraterritoriality and National Security: Protective Jurisdiction as a Circumstance Precluding Wrongfulness. Columbia Journal of Transnational Law, 52:617.

Ralph Wilde. 2005. Legal "Black Hole"? Extraterritorial State Action and International Treaty Law on Civil and Political Rights. Michigan Journal of International Law, Volume 26 Issue 3.

Richard van Staden ten Brink, et.al. 2017. China’s new cybersecurity law – effective as of 1 June 2017. Trade Security Journal, Issue 2.

Shakila Bu-Pasha. 2017. Cross-border issues under EU data protection law with regards to personal data protection. Information & Communications Technology Law, Vol. 26, No. 3.

Sigit Riyanto. 2012. Kedaulatan Negara dalam Kerangka Hukum Internasional Kontemporer. Yustisia, Vol.1 No. 3.

Sinta Dewi Rosadi dan Garry Gumelar Pratama. 2018. Perlindungan Privasi dan Data Pribadi dalam Era Ekonomi Digital di Indonesia. VeJ. Volume 4 Nomor 1.

The Council of Europe (CoE) and the European Court of Human Rights (ECtHR). 2018. Handbook on European data protection law, Luxembourg: Publications Office of the European Union.

Artikel dari Internet

Dan Or-Hof. 2018. Will the GDPR violate Israeli sovereignty?. https://iapp.org/news/a/will-the-gdpr-violate-israeli-sovereignty/. 12 April 2018 (15.00).

Dan Hyde. Sovereignty: The State of Data. 2018. https://www.penningtons.co.uk/news-publications/latest-news/2018/sovereignty-the-state-of-data/. 17 April 2019. (15.00).

Dawn Kawamoto. 2018. Will GDPR Rules Impact States and Localities?. http://www.govtech.com/data/Will-GDPR-Rules-Impact-States-and-Localities.html. 16 April 2019 (13.00)

Glenn Wijaya. 2018. GDPR: Tantangan atau Ancaman?. https://www.hukumonline.com/berita/baca/lt5b080336d1aca/gdpr--tantangan-atau-ancaman-oleh--glenn-wijaya. 15 Mei 2019 (13.30).

Imran Aahmad. 2018. Extraterritorial Scope of GDPR: Do Businesses Outside the EU Need to Comply?. https://businesslawtoday.org/2018/04/extraterritorial-scope-gdpr-businesses-outside-eu-need-comply/. 16 April 2019. (13.45)

Interact Law. 2018. Guide to the GDPR for Non-Europeans. interactlaw.com/GDPR. 17 April 2019. (13.00)

Jakarta Post. 2019. “France fines Google $57m for European privacy rule breach”, https://www.thejakartapost.com/life/2019/01/22/france-fines-google-57-mln-for-european-privacy-rule-breach.html. 22 Mei 2019. (16.00).

Kalamullah Ramli. 2017. Data Center di Wilayah NKRI Adalah Isu; Kedaulatan Data, Pendapatan Negara dan Peningkatan Industri Kreatif. https://idpro.id/press-release-nov-17/. 12 Maret 2019. (14.00)

Laura Vegh. 2018. How is the GDPR different from Directive?. https://eugdprcompliant.com/knowledgebase/how-is-the-gdpr-different-from-the-directive. 12 Maret 2019. (14.30).

Badan Pusat Statistika. 2014. https://www.bps.go.id/statictable/2009/04/14/1388/jumlah-kunjungan-wisatawan-mancanegara-ke-indonesia-menurut-negara-tempat-tinggal-2002-2014.html. 14 Maret 2019. (16.00).

Refbacks

  • There are currently no refbacks.