Sep 15, 2021
(1) Barrier-free Model
GDPR and EU data protection principles apply to different legal systems such as Japan and the United States. However, EU never intends to become the world's privacy police. Its dominant position in privacy protection is developed to solve its internal problems, which is to coordinate different data processing methods among EU Member States. The use of comprehensive European law is a key factor in the global dissemination of EU data protection law. Take the data protection directive of 1995 as an example, which integrates the existing European national laws and requires each new member state to promulgate a unified national data protection law according to the directive standards as part of the cost of joining the EU. The directive’s general principles and the unified EU data protection law first provide a relatively simple model for new EU Member States, and then provide a reference model for other countries in the world.
(2) Creative Market
The EU data protection’s global success is largely due to high standards of data protection. Different policy concepts, specifically, different regulatory methods compete in an ideological market. Agreements such as safe harbor and privacy protection provide an important basis for the cultural adaptation of American lawyers, consultants and policymakers. For example, when they enter the safe harbor or privacy protection zone, the organizations will accept the acceleration program of EU data protection law. As a result, people are generally familiar with EU-style data protection schemes and gradually agree with their ideas over time. This phenomenon shows that EU doesn’t impose its system on countries, but through attractive ideas and a series of interactions exposed to important behaviors, so as to promote people's gradual adaptation and make the EU concept of privacy become a part of a generally recognized culture.
The data privacy festival gives the impression that EU has contributed to major global changes through a single law. Scholars also believe that EU is actually a unilateral force, and other countries and private companies have no choice but to follow. Their academic views are based on the strength of the EU's important market position, the difficulty of creating different products and services for EU and non-EU citizens, and EU's regulatory capacity. However, this paper argues that the proliferation of EU data protection is not fully consistent with this conclusion. EU is strong in regulatory capacity and has a great influence on the private and public sectors in other countries. However, the way EU uses to achieve global status in data protection law shows that EU's influence cannot be fully attributed to economic power. Taking Japan and the United States as examples, this paper reveals three lessons. First, EU does not exercise power unilaterally, but conducts bilateral negotiations. Second, the adequacy requirement has played an important leverage role in these negotiations. With these levers, EU now flexibly reach an adequacy agreement, and requires bilateral review to check foreign jurisdiction. Third, EU's regulatory capacity reflects the complex interaction between its institutions and the external impact. The decentralization of power within EU and the diversity of its policy and legislative institutions have further enhanced its regulatory capacity.
Finally, the dissemination of EU data protection law is driven by two other factors. Firstly, the legal method it chooses is very suitable for legal transplantation. Secondly, EU-style data protection has proved to be a correct idea, which has been adopted in many jurisdictions. The global dissemination of EU data protection also reflects the success of the creative market.