The EU Data Protection Directive: An Engine of a Global Regime
24(6) Computer Law & Security Report, 508-520 (2008)
23 Pages Posted: 16 Sep 2008 Last revised: 16 Apr 2017
Date Written: September 16, 2008
This article explores a unique form of legal globalization, in which one jurisdiction induces other countries to adopt similar legal mechanisms, without coercion, or taking advantage of ignorance, or abusing political power. The 1995 EU Directive on data protection regulates the collection, processing and transfer of personal data within the EU, with the dual goal of enabling the free flow of data while maintaining a high level of protection. It includes a mechanism which addresses the export of such data. Article 25 stipulates that member states should allow transfer of data to a third country only if the third country ensures an adequate level of data protection. Thus, countries that wish to engage in data transactions with EU member states are indirectly required to provide an adequate level of protection. The article shows that the Directive has had a far greater global impact than thus far acknowledged and that it is currently the main engine of an emerging global data protection regime. Studying the Directive and its actual impact and comparing it to other mechanisms of legal globalization, I conclude that unlike some American scholars who described the Directive as "aggressive", it is better understood as a non-coercive mechanism of soft legal globalization.
Keywords: data protectiom, informational privacy, EU Directive 95/46/EC, soft law, hard law, globalization, soft legal globalization, adequate protection, OECD Guidelines, Standard Contractual Clauses, Binding corporate rules, PNR, SWIFT
Suggested Citation: Suggested Citation