Data protection in M&A transactions between EU Member States and third countries
Lindqvist, Sofia (2019-04-30)
Data protection in M&A transactions between EU Member States and third countries
Lindqvist, Sofia
(30.04.2019)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
suljettu
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2019050214012
https://urn.fi/URN:NBN:fi-fe2019050214012
Tiivistelmä
This thesis discusses about data protection related issues in mergers and acquisitions (M&A) conducted between European Union Member States and third countries. The main focus is on the European Union’s General Data Protection Regulation (GDPR) which entered into force in 25 May 2018. M&A transactions are usually seen as part of business law and the link between M&A and data protection has long been overlooked. The GDPR has a broad territorial and material scope, thus it applies to different processing activities also in relation to M&A transactions.
The GDPR aimed to harmonize the data protection rules in the EU. It strives to ensure the fundamental rights of individuals’ especially in relation to protection of their personal data. Furthermore, the GDPR also strives to ensure the free flow of data within the EU and to make greater possibilities for businesses to operate within the EU. The primary focus of this thesis is on the tension between these two objectives resulting from the provisions of the GDPR. This tension can be seen as a part of conversation between conflicting fundamental values, namely the right to data protection and the freedom to conduct business. It appears that following the GDPR, a greater emphasis has been given to the right to data protection without necessarily balancing these conflicting fundamental rights.
This thesis thus analyses the current provisions of the GDPR and their impact on M&A transactions especially between EU Member States and third countries. The aim of the thesis is to identify relevant legal problems but also provide suggestions on how the provisions of the GDPR could be applied in international M&A transactions. Companies wanting to operate within the EU through M&A transactions as well as EU based companies wanting to engage in these transactions have to bear in mind the requirements of the GDPR. From the legal side, the general nature of the GDPR decreases the legal certainty for the companies while simultaneously reduces the level of data protection of individuals personal data. In order to tackle the current problems, a fair balance must be found between these conflicting interests.
The GDPR aimed to harmonize the data protection rules in the EU. It strives to ensure the fundamental rights of individuals’ especially in relation to protection of their personal data. Furthermore, the GDPR also strives to ensure the free flow of data within the EU and to make greater possibilities for businesses to operate within the EU. The primary focus of this thesis is on the tension between these two objectives resulting from the provisions of the GDPR. This tension can be seen as a part of conversation between conflicting fundamental values, namely the right to data protection and the freedom to conduct business. It appears that following the GDPR, a greater emphasis has been given to the right to data protection without necessarily balancing these conflicting fundamental rights.
This thesis thus analyses the current provisions of the GDPR and their impact on M&A transactions especially between EU Member States and third countries. The aim of the thesis is to identify relevant legal problems but also provide suggestions on how the provisions of the GDPR could be applied in international M&A transactions. Companies wanting to operate within the EU through M&A transactions as well as EU based companies wanting to engage in these transactions have to bear in mind the requirements of the GDPR. From the legal side, the general nature of the GDPR decreases the legal certainty for the companies while simultaneously reduces the level of data protection of individuals personal data. In order to tackle the current problems, a fair balance must be found between these conflicting interests.