Abstract
Why is the EU capable of regulating the digital environment and how is it able to exert regulatory influence outside its boundaries? This article aims to answer the question by focusing on data protection laws and analysing empirical evidence gathered through interviews with government officials, data protection enforcers, experts, and activists from third countries, as well as industry stakeholders, EU policymakers, national regulators, and academics. Starting from the so-called Brussels effect to provide a comprehensive theoretical framework of EU regulatory influence, it is possible to disentangle the structural pressures that enable EU regulatory influence in foreign jurisdictions and the mechanisms through which it works. As European policymakers appear increasingly keen on setting global standards in new areas of the digital domain, this article provides insight into why and how the EU has been able to exert global influence via its General Data Protection Regulation (GDPR). Empirical evidence collected in this study points to three main drivers of the GDPR’s global success: the EU’s internal market appeal, its credibility as a regulator and enforcer, and the timing of its regulatory actions in line with evolving policy needs. This has enabled the EU to exert regulatory influence in a unilateral and indirect way—via market forces or independent import by third states—as well as in a more direct way—via adequacy decisions. The role of Member States and multilateralism appears to be limited.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data Availability
The data analysed during the current study are available from the corresponding author upon reasonable request, subject to formal consent by interviewees.
Notes
Sweden (1973), Germany (1977), and France (1978).
For a comprehensive review, see Kuner et al. (2020).
In California (2018), Virginia (2020), Colorado (2021), and Utah (2022).
See Raab (2010). Examples of global networks include the Global Privacy Assembly and the Global Privacy Enforcement Network; the Asia Pacific Privacy Authorities Forum is an example of regional network; examples of networks based on cultural-linguistic ties are the Red Iberoamericana de Protección de Datos and the Association francophone des autorités de protection des données personnelles.
See also: European Commission (2021, January 27). “Joint Statement by Vice-President Jourová and Commissioner Reynders ahead of Data Protection Day.” https://ec.europa.eu/commission/presscorner/detail/en/STATEMENT_21_208; Greenleaf, G. (2021). Global data privacy laws 2021: Despite Covid delays, 145 laws show GDPR dominance. Privacy Laws & Business International Report, 169. https://www.privacylaws.com/reports-gateway/articles/int169/int169dplaws2021/
This study focused on Asia, Africa and Latin America: both among and within these continents, the data protection discourse as well as ties with the EU are varied, thus, they provide a good sample to study the influence of the GDPR. Since it is hardly imaginable that dictatorships provide any real protection of personal data, countries ranked as “not free” by Freedom House were excluded. Despite collecting some anecdotal evidence, the US is also out of scope: given its peculiar institutional structure, with data protection not regulated at the federal level, it would deserve a separate paper.
Interview EU-1.
Interview IS-1.
Interview AS-7.
Interview IS-5.
Available at https://youtu.be/kVhOLkIs20A (excerpt starts at 00:08:09).
Interview IS-4.
Ibid.
Interview AS-2.
Interview AF-2.
Available at www.privacylaws.com/events-gateway/events/sa_mauritius_2021/ (excerpt starts at 01:04:09).
Interview LA-4.
Interview AS-5.
Interview AS-2.
Interview LA-1.
Interview EU-11.
Interview EU-1.
Interview EU-13.
References
Bach, D., & Newman, A. L. (2007). The European regulatory state and global public policy: Micro-institutions, macro-influence. Journal of European Public Policy, 14(6), 827–846. https://doi.org/10.1080/13501760701497659
Bach, D., & Newman, A. L. (2010). Governing lipitor and lipstick: Capacity, sequencing, and power in international pharmaceutical and cosmetics regulation. Review of International Political Economy, 17(4), 665–695. https://doi.org/10.1080/09692291003723706
Bach, D., & Newman, A. L. (2014). The European Union as hardening agent: Soft law and the diffusion of global financial regulation. Journal of European Public Policy, 21(3), 430–452. https://doi.org/10.1080/13501763.2014.882968
Bennett, C.J., & Raab, C.D. (2003). The governance of privacy. Policy instruments in global perspective. Ashgate.
Bennett, C. J., & Raab, C. D. (2020). Revisiting the governance of privacy: Contemporary policy instruments in global perspective. Regulation & Governance, 14(3), 447–464. https://doi.org/10.1111/rego.12222
Büthe, T., & Mattli, W. (2011). The new global rulers: The privatization of regulation in the world economy. Princeton University Press.
Bradford, A. (2012). The Brussels Effect. Northwestern University Law Review, 107(1), 1–67. https://scholarlycommons.law.northwestern.edu/nulr/vol107/iss1/1
Bradford, A. (2015). Exporting standards: the externalization of the EU’s regulatory power via markets. International Review of Law and Economics, 42, 158–173. https://doi.org/10.1016/j.irle.2014.09.004
Bradford, A. (2020). The Brussels Effect: How the European Union Rules the World. Oxford University Press.
Buttarelli, G. (2016). The EU GDPR as a clarion call for a new global digital gold standard. International Data Privacy Law, 6(2), 77–78. https://doi.org/10.1093/idpl/ipw006
Bygrave, L. A. (2021). The ‘Strasbourg effect’ on data protection in light of the ‘Brussels Effect’: Logic, mechanics and prospects. Computer Law & Security Review. https://doi.org/10.1016/j.clsr.2020.105460
Calder, A. (2016). EU GDPR a pocket guide. IT Governance Publishing.
da Conceição-Heldt, E., & Meunier, S. (2014). Speaking with a single voice: Internal cohesiveness and external effectiveness of the EU in global governance. Journal of European Public Policy, 21(7), 961–979. https://doi.org/10.1080/13501763.2014.913219
Damro, C. (2012). Market power Europe. Journal of European Public Policy, 19(5), 682–699. https://doi.org/10.1080/13501763.2011.646779
Daskal, J. (2018). Borders and bits. Vanderbilt Law Review, 71(1), 179–240. https://scholarship.law.vanderbilt.edu/vlr/vol71/iss1/3
Drezner, D. (2007). All politics is global: Explaining international regulatory regimes. Princeton University Press.
Farrell, H. (2006). Regulating information flows: States, private actors, and e-commerce. Annual Review of Political Science, 9, 353–374. https://doi.org/10.1146/annurev.polisci.9.060804.162744
Farrell, H., & Newman, A. (2019). Of privacy and power: The transnational struggle over freedom and security. Princeton University Press.
Goldsmith, J., & Wu, T. (2006). Who controls the internet? Oxford University Press.
Greenleaf, G. (2012). The Influence of European data privacy standards outside Europe: Implications for globalisation of convention 108. International Data Privacy Law, 2(2), 68–92. https://doi.org/10.1093/idpl/ips006
Heisenberg D., & Fandel, M. H. (2004). Projecting EU regimes abroad: The EU data protection directive as global standard. In Braman, S. (ed.) The Emergent Global Information Policy Regime. Palgrave Macmillan.
Kuner, C., Bygrave, L. A., Docksey, C., & Drechsler, L. (2020). The EU general data protection regulation (GDPR): A commentary. Oxford University Press.
Lavenex, S. (2014). The power of functionalist extension: How EU rules travel. Journal of European Public Policy, 21(6), 885–903. https://doi.org/10.1080/13501763.2014.910818
Majone, G. (1994). The rise of the regulatory state in Europe. West European Politics, 17(3), 77–101. https://doi.org/10.1080/01402389408425031
Mantelero, A. (2021). The future of data protection: Gold standard vs. global standard. Computer Law & Security Review, 40. https://doi.org/10.1016/j.clsr.2020.105500
Metakides, G. (2022). A crucial decade for European digital sovereignty. In Werthner, H., et al. (eds.), Perspectives on Digital Humanism: 219–225. https://doi.org/10.1007/978-3-030-86144-5_29
Meunier, S., & Nicolaïdis, K. (2006). The European Union as a conflicted trade power. Journal of European Public Policy, 13(906), 907–908. https://doi.org/10.1080/13501760600838623
Newman, A. (2008). Building transnational civil liberties: Transgovernmental entrepreneurs and the European data privacy directive. International Organization, 62(1), 103–130. https://doi.org/10.1017/S0020818308080041
Posner, E. (2010). Sequence as explanation: The international politics of accounting standards. Review of International Political Economy, 17(4), 639–664. https://doi.org/10.1080/09692291003723748
Quaglia, L. (2014a). The European Union, the USA and international standard setting by regulatory fora in finance. New Political Economy, 19(3), 427–444. https://doi.org/10.1080/13563467.2013.796449
Quaglia, L. (2014b). The sources of European Union influence in international financial regulatory fora. Journal of European Public Policy, 21(3), 327–345. https://doi.org/10.1080/13501763.2014.882970
Raab, C. D. (2010). Information privacy: Networks of regulation at the subglobal level. Global Policy, 1(3), 291–302. https://doi.org/10.1111/j.1758-5899.2010.00030.x
Rustad, M. L., & Koenig, T. H. (2019). Towards a global data privacy standard. Florida Law Review, 71, 365–456. https://scholarship.law.ufl.edu/flr/vol71/iss2/3
Schwartz, P. M. (2019). Global data privacy: The EU way. New York University Law Review, 94(4), 771–818. https://www.nyulawreview.org/issues/volume-94-number-4/global-data-privacy-the-eu-way/
Scott, J. (2014). Extraterritoriality and territorial extension in E.U. Law. The American Journal of Comparative Law, 62(1), 87–126. https://doi.org/10.5131/AJCL.2013.0009
Shaffer, G. (2000). Globalization and social protection: the impact of EU and international rules in the ratcheting up of U.S. privacy standards. Yale Journal of International Law, 25(1), 1–88. http://hdl.handle.net/20.500.13051/6405
Vogel, D. (1995). Trading up: Consumer and environmental regulation in a global economy. Harvard University Press.
Young, A. R. (2014). Europe as a global regulator? The limits of EU influence in international food safety standards. Journal of European Public Policy, 21(6), 904–922. https://doi.org/10.1080/13501763.2014.910871
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Ethics Approval
This study has undergone an ethics review in accordance with the LSE Research Ethics Policy and Procedure.
Consent to Participate
Interviewees were given an information sheet and consent form to provide their written consent.
Conflict of Interest
The author declares no competing interests.
Supplementary Information
Below is the link to the electronic supplementary material.
Rights and permissions
About this article
Cite this article
Cervi, G.V. Why and How Does the EU Rule Global Digital Policy: an Empirical Analysis of EU Regulatory Influence in Data Protection Laws. DISO 1, 18 (2022). https://doi.org/10.1007/s44206-022-00005-3
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s44206-022-00005-3