GDPR shows its extraterritorial reach
Canadian company caught by the GDPR
For the first time (at least in France), a Court (the Paris Tribunal de Grande Instance), in a decision dated 2 August 2019, has expressly held that the GDPR applies to an entity established outside the European Economic Area, on the basis of the extraterritorial reach of the regulation.
A Canadian-based company, presenting itself as the holder of IP rights in relation to hundreds of audio-visual works, claimed that these works were being made available for illegal download over certain electronic communications platforms.
The Canadian company thus instructed a German-based entity to collect the IP addresses associated with the alleged illegal downloading. The Canadian company then requested the Paris Tribunal de Grande Instance compel the relevant electronic communications provider (Orange) to provide it with contact details of the holders of the identified IP addresses.