Ülke Dışı Etki Prensibi: GDPR Üzerinden Bir İnceleme

Yıl 2025, Cilt: 7 Sayı: 2, 1 - 21, 29.12.2025

Dilara Dolunay Dursun

Öz

Klasik uluslararası hukuk düzeninde, bir devletin kendi ülkesi dışında, özellikle başka bir devletin ülkesinde
yetki kullanması kural olarak yasaklanmıştır. Günümüzde ise, küreselleşme ve dijital ekonominin de etkisiyle
klasik uluslararası hukuktaki ülkesellik prensibine alternatif düzenlemeler gözlenmeye başlamıştır.
Avrupa Birliği (AB)’nin Genel Veri Koruma Tüzüğü’nün (GDPR) 3. maddesinde düzenlenen ülke dışı etki
prensibi AB dışında yerleşik olan veri sorumlularını ve veri işleyenleri belirli koşullar altında GDPR
hükümlerine uymaya zorlamaktadır. GDPR, yürürlüğe girdiğinden beri ülke dışı kapsama ilişkin hükümleri
dolayısıyla tartışılmıştır. Bu hükümlerin uluslararası hukuk ilkeleriyle uyumlu olmadığı, devletlerin egemen
eşitliği, iç işlerine karışma yasağı gibi ilkelere aykırılığı ileri sürülmüştür. Bu çalışmada, ülke dışı etki prensibine
dair uluslararası hukukta tezahür eden teorik tartışmalar gözetilerek söz konusu iddiaların geçerliliği
değerlendirilmektedir.

Anahtar Kelimeler

Ülke Dışılık Prensibi , Ülke Dışı Etki Prensibi , Uluslararası Kamu Hukuku , GDPR , Devletin Yetkisi.

The Principle of Extraterritorial Effect: An Analysis Through the GDPR

Öz

In classical international law, the exercise of the competence of a state outside its own territory, particularly
within the territory of another State, has generally been prohibited. In recent times, however, alternative
regulatory approaches to the traditional principle of territoriality in international law have begun to emerge,
driven in part by globalization and the digital economy.The extraterritorial scope principle set out in Article 3
of the European Union’s General Data Protection Regulation (GDPR) obliges data controllers and data
processors established outside the EU to comply with the GDPR under certain conditions. Since its entry into
force, the GDPR has been the subject of extensive debate due to its provisions on extraterritorial applicability.
It has been argued that these provisions are incompatible with fundamental principles of international law,
including the sovereign equality of States and the principle of non-intervention in domestic affairs. This study
assesses the validity of such claims by taking into account the theoretical debates on extraterritorial jurisdiction
as they have emerged in international law.ns of the study.

Anahtar Kelimeler

Principal of Extraterritoriality , Principal of Extraterritorial Effect , Public International Law , GDPR , State Competence

Kaynakça

• Alien Tort Statute. (1789). United States Code, 28, § 1350.
• Article 29 Data Protection Working Party. (2016). Opinion 01/2016 on the EU–U.S. Privacy Shield draft adequacy decision (WP 238). European Commission. https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2016/wp238_en.pdf.
• Council of Europe. (1950). European Convention on Human Rights (213 UNTS 221).
• Court of Justice of the European Union. (2014). Google Spain SL and Google Inc. v. Agencia Española de Protección de Datos (AEPD) and Mario Costeja González, Case C 131/12, ECLI:EU:C:2014:317.
• Court of Justice of the European Union. (2015). Maximillian Schrems v. Data Protection Commissioner, Case C 362/14, ECLI:EU:C:2015:650.
• Court of Justice of the European Union. (2015). Weltimmo s.r.o. v. Nemzeti Adatvédelmi és Információszabadság Hatóság, Case C 230/14, ECLI:EU:C:2015:639.
• Court of Justice of the European Union. (2020). Data Protection Commissioner v. Facebook Ireland Ltd and Maximillian Schrems (Schrems II), Case C‑311/18, ECLI:EU:C:2020:559.
• European Data Protection Board. (2019). Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) (Version 2.1). European Data Protection Board. https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_32018_territorialscope_en.pdf .
• European Union. (1996). Council Regulation (EC) No 2271/96 of 22 November 1996 protecting against the effects of the extraterritorial application of legislation adopted by a third country, and actions based thereon or resulting therefrom. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:01996R2271-20180807.
• European Union. (2012). Consolidated version of the Treaty on the Functioning of the European Union. Official Journal, C326/47.
• European Union. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation). Official Journal, L119/1.
• International Law Commission. (2001). Draft articles on the responsibility of states for internationally wrongful acts. United Nations. https://legal.un.org/ilc/texts/instruments/english/draft_articles/9_6_2001.pdf
• United Nations. (1945). Charter of the United Nations. San Francisco.
• United Nations. (1969). Vienna Convention on the Law of Treaties. 1155 UNTS 331.
• United Nations General Assembly. (2018, October 17). Promotion and protection of human rights: Right to privacy (A/73/438). https://documents.un.org/doc/undoc/gen/n18/324/46/pdf/n1832446.pdf
• Acer, Y., & Kaya, İ. (2019). Uluslararası hukuk temel ders kitabı (10th ed.). Seçkin.
• Adcock, F. E., & Mosley, D. J. (1975). Diplomacy in ancient Greece (1st ed.). St. Martin's Press.
• Aksar, Y. (2019). Teoride ve uygulamada uluslararası hukuk -I- (5th ed.). Seçkin.
• Kelsen, H. (1967). Principles of international law (2nd ed.). Holt, Rinehart and Winston.
• Lauterpacht, H. (1982). The development of international law by the International Court (Reprint ed.). Cambridge University Press.
• Margolies, D. S., Özsu, U., Pal, M., & Tzouvala, N. (2019). The extraterritoriality of law: History, theory, politics (1st ed.). Routledge.
• Milanovic, M. (2011). Extraterritorial application of human rights treaties: Law, principles, and policy [Online edition]. Oxford University Press. Retrieved May 5, 2025, from https://oxford.universitypress.com .
• Oppenheim, L. (2018). International law: A treatise Vol. I. Peace (1st ed.). Gece Kitaplığı.
• Shaw, M. N. (2018). Uluslararası hukuk (8th ed.). TÜBA.
• Bennett, C. J. (2018). The European General Data Protection Regulation: An instrument for the globalization of privacy standards? Information Polity, 23, 239–246.
• Bu-Pasha, S. (2017). Cross-border issues under EU data protection law with regards to personal data protection. Information & Communications Technology Law, 26(3), 214–228. https://doi.org/10.1080/13600834.2017.1330740
• Colangelo, A. J. (2011). A unified approach to extraterritoriality. Virginia Law Review, 97(5), 1019–1086.
• Colangelo, A. J. (2014). What is extraterritorial jurisdiction? Cornell Law Review, 99(6), 1303–1359.
• Dal, U. (2019). Avrupa Birliği Genel Veri Koruma Tüzüğü’nün ülke dışı uygulama yetkisi ve bu yetkinin uluslararası hukukta meşruiyeti. Kişisel Verileri Koruma Dergisi, 1(1), 21–33.
• Fitzmaurice, G. (1957). The general principles of international law, considered from the standpoint of the rule of law. Recueil des Cours, 92, 1–125.
• Gstrein, O. J., & Zwitter, A. (2021). Extraterritorial application of the GDPR: Promoting European values or power? Internet Policy Review, 10(3). https://doi.org/10.14763/2021.3.1576.
• Gür, B. A. (2018). Uluslararası hukuk ve AB hukuku boyutuyla kişisel verilerin yurt dışına aktarılması. Marmara Üniversitesi Hukuk Fakültesi Hukuk Araştırmaları Dergisi, 25(2), 850–872.
• Hemler, A. (2025). Deconstructing blocking statutes: Why extraterritorial legislation cannot violate the sovereignty of other states. Journal of Private International Law, 21(1), 115–134.
• Kadıoğlu Kumtepe, C. (2021). Uluslararası veri aktarımının kısıtlanmasına ilişkin veri uygunluğu ilkesinin devletlerin egemenliğine etkisi. İstanbul Gedik Üniversitesi Hukuk Fakültesi Dergisi, 2(1), 1–20.
• Kamminga, M. (2020). Extraterritoriality. In The Max Planck Encyclopedia of Public International Law. Oxford University Press. Retrieved May 5, 2025, from http://opil.ouplaw.com .
• Kaya, M., & Shahid, H. (2025). Cross-border data flows and digital sovereignty: Legal dilemmas in transnational governance. Interdisciplinary Studies in Society, Law, and Politics, 4(2), 219–233.
• Kuner, C. (2009). An international legal framework for data protection: Issues and prospects. Computer Law & Security Review, 25(4), 307–317. https://papers.ssrn.com/abstract=1443802.
• Kuner, C. (2010). Internet jurisdiction and data protection law: An international legal analysis (Part 2). International Journal of Law and Information Technology, 18(3), 227–248.
• Newman, A. (2008). Building transnational civil liberties: Transgovernmental entrepreneurs and the European data privacy directive. International Organization, 62(1), 103–130.
• Ryngaert, C. (2023). Extraterritorial enforcement jurisdiction in cyberspace: Normative shifts. German Law Journal, 24(3), 537–550.
• Shurson, J. (2025). Investigative jurisdiction: The evolving limits of extraterritoriality in transnational digital investigations. International and Comparative Law Quarterly, 74(3), 675–705. https://doi.org/10.1017/S0020589325100985.
• Sullivan, C. (2019). EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross-border data transfers and protection of personal data in the IoT era. Computer Law & Security Review, 35(4), 380–397. https://doi.org/10.1016/j.clsr.2019.05.004.
• Sun, N. (2024). Extraterritorial application of law: Evolutionary rules and related structures. Law Science, 3(2), 315–348.