Why and How Does the EU Rule Global Digital Policy: an Empirical Analysis of EU Regulatory Influence in Data Protection Laws

Abstract

Why is the EU capable of regulating the digital environment and how is it able to exert regulatory influence outside its boundaries? This article aims to answer the question by focusing on data protection laws and analysing empirical evidence gathered through interviews with government officials, data protection enforcers, experts, and activists from third countries, as well as industry stakeholders, EU poli-cymakers, national regulators, and academics. Starting from the so-called Brussels effect to provide a comprehensive theoretical framework of EU regulatory influence, it is possible to disentangle the structural pressures that enable EU regulatory influence in foreign jurisdictions and the mechanisms through which it works. As Euro-pean policymakers appear increasingly keen on setting global standards in new areas of the digital domain, this article provides insight into why and how the EU has been able to exert global influence via its General Data Protection Regulation (GDPR). Empirical evidence collected in this study points to three main drivers of the GDPR's global success: the EU's internal market appeal, its credibility as a regulator and enforcer, and the timing of its regulatory actions in line with evolving policy needs. This has enabled the EU to exert regulatory influence in a unilateral and indirect way-via market forces or independent import by third states-as well as in a more direct way-via adequacy decisions. The role of Member States and multilateralism appears to be limited.