Recent technological developments have enabled the storage and processing of data directly in outer space, including through emerging concepts of space-based data centres. This development challenges the traditional assumption that data are stored within terrestrial infrastructures subject to clear territorial jurisdiction. As data processing moves beyond Earth, questions arise as to whether existing data privacy rules can apply in an environment that is not subject to territorial sovereignty.
This article examines the applicability of data privacy law to on orbit data processing, with particular attention to the European legal framework. It considers the jurisdictional structure of international space law and assesses the relevance of international human rights law and the GDPR. The analysis is supported by four case studies addressing space-based data centres, remote sensing data, Big Data, and space tourism.
The article argues that while existing privacy rules may apply in certain circumstances, their effectiveness is limited by jurisdictional complexity, enforcement constraints, and the absence of reregulation of privacy tailored to space environment. It concludes that from a European perspective, in the absence of a dedicated international treaty, soft law instruments, contractual practices, and emerging European regulatory initiatives may play an important role in addressing data privacy concerns beyond Earth.
Air and Space Law