Arbitration and the Protection of Personal Data Under the EU General Data Protection Regulation

The far-reaching reform of the EU data pro­tec­tion regi­me has impac­ted many are­as of social life, inc­lu­ding the field of pri­va­te dispu­te reso­lu­tion (arbi­tra­tion). The measu­res intro­du­ced and obli­ga­tions impo­sed by the Gene­ral Data Pro­tec­tion Regu­la­tion (GDPR) may turn out imprac­ti­cal in the con­text of arbi­tra­tion and dif­fi­cult to recon­ci­le with its uni­que featu­res, such as con­fi­den­tia­li­ty, fle­xi­bi­li­ty, or effi­cien­cy. The paper outli­nes and attempts to address the most signi­fi­cant legal issu­es that ari­se at the inter­sec­tion of arbi­tra­tion and data pro­tec­tion laws. The ini­tial part discus­ses the appli­ca­tion of the GDPR to arbi­tra­tion pro­ce­edings and the law­ful­ness of the pro­ces­sing of per­so­nal data in the cour­se of such pro­ce­edings. Next, the author addres­ses the pro­blem of assi­gning appro­pria­te roles under the GDPR to the par­ti­ci­pants of arbi­tral pro­ce­edings – such as the con­trol­ler, pro­ces­sor, or data sub­ject – whi­le discus­sing the rights and obli­ga­tions asso­cia­ted with them. The last chap­ter, devo­ted to the prin­ci­ples of per­so­nal data pro­ces­sing, indi­ca­tes the obli­ga­tions they impo­se in the con­text of arbi­tra­tion, and the prac­ti­cal pro­blems that may ari­se in the cour­se of the­ir implementation.