Governments, organizations and individuals increasingly generate, collect and process personal data. There are practical and legal limits to applying domestic law outside the jurisdiction.
Data protection laws typically require a minimum level of connection to the territory. In many countries, the law only applies when controllers and/or processors are established in the territory, processing takes place within the territory, or data subjects are targeted or monitored within the territory. Applicability based solely on the location of the data subject is often considered an overreach.
