Global Data Privacy: The EU Way

31 Pages Posted: 18 Mar 2019

See all articles by Paul M. Schwartz

Paul M. Schwartz

University of California, Berkeley - School of Law

Date Written: February 20, 2019

Abstract

EU data protection law is playing an increasingly prominent role in today’s global technological environment. The cornerstone of EU law in this area, the General Data Protection Regulation (GDPR), is now widely regarded as a privacy law not just for the EU, but for the world. In the conventional wisdom, the EU has become the world’s privacy cop, acting in a unilateral fashion and exercising de facto influence over other nations through its market power. Yet, understanding the forces for convergence and divergence in data privacy law demands a more nuanced account of today’s regulatory environment.

In contrast to the established narrative about EU power, this Article develops a new account of the diffusion of EU data protection law. It does so through case studies of Japan and the United States that focus on how these countries have negotiated the terms for international data transfers from the EU. The resulting account reveals the EU to be both collaborative and innovative.

Three important lessons follow from the case studies. First, rather than exercising unilateral power, the EU has engaged in bilateral negotiations and accommodated varied paths for non-EU nations to meet the GDPR’s “adequacy” requirement for international data transfers. Second, while the adequacy requirement did provide significant leverage in these negotiations, it has been flexibly applied throughout its history. Third, the EU’s impressive regulatory capacity rests on a complex interplay of institutions beyond the European Commission. Not only are there a multiplicity of policy and lawmaking institutions within the EU, but the EU has also drawn on non-EU privacy innovations and involved institutions from non-EU countries in its privacy policymaking.

Finally, this Article identifies two overarching factors that have promoted the global diffusion of EU data protection law. The first such factor regards legal substance. Public discourse on consumer privacy has evolved dramatically, and important institutions and prominent individuals in many non-EU jurisdictions now acknowledge the appeal of EU-style data protection. Beyond substance, the EU has benefited from the accessibility of its omnibus legislative approach; other jurisdictions have been drawn to the EU’s highly transplantable legal model. In short, the world has weighed in, and the EU is being rewarded for its success in the marketplace of regulatory ideas.

Keywords: Information Privacy, Data Privacy, Data Protection Law, EU Law, Comparative Law

JEL Classification: K1, K40, K2, K20

Suggested Citation

Schwartz, Paul M., Global Data Privacy: The EU Way (February 20, 2019). New York University Law Review, Vol. 94, 2019. Available at SSRN: https://ssrn.com/abstract=3338954

Paul M. Schwartz (Contact Author)

University of California, Berkeley - School of Law ( email )

Boalt Hall #7200
Berkeley, CA 94720-7200
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
294
rank
101,882
Abstract Views
2,285
PlumX Metrics