Operators of overseas websites with even a minimal commercial activity in the UK might be subject to the General Data Protection Regulation

Mayer Brown
The General Data Protection Regulation (“GDPR”) might apply to operators of overseas websites that have even a minimal commercial activity in the UK following the judgment of the Court of Appeal of England and Wales in Soriano v Forensic News LLC and Others [2021] EWCA Civ 1952. 
Operators of overseas online platforms, apps and websites that collect information about UK or EU users might need to comply with the data protection obligations in the GDPR, and its strict data processing principles, even if:
  • they have no physical presence in Europe, or
  • their content is not specifically oriented towards European customers,
provided that they have some (even minimal) commercial activity in the UK or the EU.

Share this article: