Skip to main content

Article 29 — Relationship with Host-Jurisdiction Law

  1. In accordance with Article 42(1) of the Fundamental Laws, where a data subject is physically present in a jurisdiction that imposes mandatory data protection obligations on controllers or processors, those obligations shall apply to the extent that they afford a higher level of protection to the data subject than the corresponding provisions of this Code. This principle reflects the recognition by the Principality that the physical presence of a person within the territory of a sovereign state may engage the mandatory protective laws of that state.
  2. Where a conflict arises between a provision of this Code and a mandatory data protection law of a host jurisdiction that is applicable to a data subject by reason of that data subject's physical presence in that jurisdiction, the more protective standard shall prevail. For the purposes of this paragraph, the more protective standard is the standard that affords greater protection to the rights, freedoms, and interests of the data subject in the specific circumstances of the case.
  3. The State and its organs, as well as any controller or processor subject to this Code, shall, when processing personal data of persons known or reasonably believed to be physically present in a particular jurisdiction, take reasonable steps to ascertain and comply with the applicable mandatory data protection law of that jurisdiction. Such reasonable steps shall include, at a minimum:
    1. identifying the jurisdiction in which the data subject is or is reasonably believed to be present;
    2. making reasonable inquiries as to the material data protection requirements of that jurisdiction;
    3. implementing any additional technical or organisational measures necessary to comply with the mandatory data protection law of that jurisdiction, to the extent that it affords a higher level of protection than this Code.
  4. This Article does not diminish, restrict, or otherwise affect any right granted to a data subject by this Code. It operates only to extend the level of protection afforded to a data subject where the mandatory data protection law of the host jurisdiction provides a higher standard of protection. In no case shall the application of host-jurisdiction law result in a reduction of the rights that a data subject would otherwise enjoy under this Code.
  5. The supervisory authority may issue guidance, in the form of opinions, guidelines, or advisory notices, on the interaction between this Code and the data protection laws of jurisdictions in which Kaharagians commonly reside or in which controllers and processors subject to this Code commonly operate. Such guidance shall take into account the evolving legal landscape of data protection and shall be updated as necessary to reflect changes in host-jurisdiction law.
  6. Where a controller or processor demonstrates that it has taken the reasonable steps required by paragraph 3 and has acted in good faith to comply with the applicable mandatory data protection law of the host jurisdiction, that fact shall be taken into account by the supervisory authority as a mitigating factor in any proceedings relating to an alleged infringement of this Code or of host-jurisdiction law.