cs.CYcs.AIcs.CR
Party Autonomy in Determining the Law Applicable to Non-contractual Obligations concerning Cross-Border Data Transfers
Apr 20, 2026
The paper proposes that party autonomy can be used to determine the applicable law for non-contractual obligations arising from cross-border data transfers by aligning it with the law chosen for the related contractual obligations.
(1)Cross-border data transfers have become a matter of daily occurrence against the backdrop of the development of cloud computing and artificial intelligence. Consequently, where a data leak gives rise to civil liability, the determination of that liability inevitably assumes an international dimension involving foreign elements. (2)As is starkly demonstrated by secret sharing technology in cloud computing, fragments of data may be presumed to be distributed across multiple jurisdictions on a global scale. This renders traditional private international law measures -- predicated on the identification of a physical location -- inadequate for the purposes of determining the applicable law, a difficulty that is particularly acute in relation to non-contractual obligations. (3)Bearing in mind the typical scenario encountered in practice -- in which a Data Subject brings a claim for damages against a SaaS (Software as a Service) provider, which in turn seeks recourse against an IaaS (Infrastructure as a Service) or PaaS (Platform as a Service) provider -- a characteristic feature of such cases is the concurrence of contractual and non-contractual obligations. Taking this feature into account, it is possible to determine the applicable law governing non-contractual obligations through party autonomy -- by aligning it with the law governing the contractual obligation as selected by the parties, an approach that may be termed private ordering. This serves to overcome the difficulties associated with the identification of a physical location and, at the same time, contributes to ensuring the foreseeability of the parties.
Privacy as Permissible Operations: An ABAC Framework for Policy-Law Compliance
The paper introduces APLiance, a novel ABAC framework that models privacy polici…
AI Agents Under EU Law
This paper provides a systematic regulatory mapping and compliance architecture…
Topology-Hiding Path Validation for Large-Scale Quantum Key Distribution Networks
The paper proposes a provably secure path validation protocol for large-scale Qu…
Where Trust Fails: Mapping Location-Data Provenance Risks in Europe
This paper analyzes location-data provenance risks across multiple European sect…
Secure Two-Party Matrix Multiplication from Lattices and Its Application to Encrypted Control
The paper proposes a provably secure, single-round two-party computation protoco…
Cybercrime as a Service: A Scoping Review
This scoping review analyzes the 'Cybercrime as a Service' (CaaS) model, conclud…
Private Seeds, Public LLMs: Realistic and Privacy-Preserving Synthetic Data Generation
The paper proposes RPSG, a method that uses private seeds and differential priva…
Machine Learning for Network Attacks Classification and Statistical Evaluation of Adversarial Learni…
This paper proposes a comprehensive framework for network intrusion detection us…