Data Protection in Commercial Arbitration: In the Light of GDPR

This paper analyzes the applicability of data protection rules to commercial arbitration, a topic that has gained relevance with the adoption of the EU's General Data Protection Regulation (GDPR). The GDPR imposes significant obligations on organizations engaged in data processing. The aim is to assist key actors in commercial arbitration in ensuring compliance with data protection law. In five chapters, the author: (i) examines the role of arbitrators, arbitral institutions, appointing authorities, and other key participants from a data protection perspective; (ii) analyzes the types of personal data involved and legal grounds for processing; (iii) focuses on data subjects' rights under the GDPR and their possible limitations in arbitration; (iv) outlines the data governance obligations of controllers in arbitration; and (v) explores the future of arbitration, including the potential use of AI. The book also includes a Model Privacy Policy for Arbitral Institutions.