Date of Award


Degree Type


Degree Name

Doctor of Law (SJD)



First Advisor

Dr. Christian Nwachukwu Okeke

Second Advisor

Dr. Aileen Huang

Third Advisor

Dr. Zakia Afrin


In the technology and digital era, data is used daily by all businesses including insurance companies, banks, and social media sites. Many companies are involved in processing individuals’ data and data could easily be transferred from one website to another which might be in another country. In fact, there are no borders in cyberspace. Generally, personal data refers to any information relating to individuals including name, address, and credit card numbers. In the cyber environment, it is challenging for people to take control of their personal information and avoid being tracked online. Data protection law is the safeguard to protect personal data and ensure that individuals are still in control of their personal data. Data protection law also benefits governments and entities from cyber-attacks and being hacked. In 2015, criminals attacked the US Office of Personnel Management and stole 21.5 million sensitive personal records of federal employees and their family members. This kind of attack on governments and entities is frequently happening in recent years around the world and it highlights the importance of taking actions by governments and entities to secure individuals’ personal information.

Privacy right as an international human right is respected in many countries around the world. Privacy rights or private life is preserved in several important documents including the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8), and the European Charter of Fundamental Rights (Article 7). European Union (“EU”) Treaties and Charter of Fundamental Rights have recognized privacy and data protection as two separate rights. Article 8 of the EU Charter contains an explicit right to personal data protection. Lisbon Treaty in 2009 gave the EU Charter the same legal value as the constitutional treaties of the EU. Therefore, all EU institutions, bodies, and states have to comply with the EU Charter. The EU Charter of Fundamental Rights gives individuals personal data protection right in all aspects of life including at home, at work, while shopping, when receiving medical treatment, at a police station, or on the Internet. Although individual countries in the EU through the function of data protection regulations try to improve data protection rights, there was still a need to determine a uniform law that governs all EU countries and individuals. In this context, it was necessary to create a more comprehensive legal environment to address globally data protection concerns, rather than just adopting regulations for individuals from specific EU countries.