Conclusion

The European Union (EU) and the United States (US) have held rounds of negotiations and made a series of agreements on the transfer of commercial data, air passenger information, and financial transaction records. The EU–US negotiations and the resulting agreements on data transfer illustrate how the EU and the US have dealt with the problem of regulatory spillover or the extraterritorial reach of privacy and security regulation. The EU–US data disputes demonstrate the relevance of territoriality in the politics of data privacy. Territoriality is a vital element of the ongoing politics of regulation concerning transborder data flows. EU–US negotiations that led to the safe harbor arrangement, the question was not whether but how personal data should be transferred from the jurisdiction of the EU and subsequently used in the US. From the perspective of the politics of extraterritorial regulation, the EU–US negotiations and agreements on data transfer exemplify the spillover effects of regulation across jurisdictions and responses to them.