The European Union general data protection regulation: what it is and what it means

📅 2025-10-03
📈 Citations: 0
Influential: 0
📄 PDF

career value

201K/year
🤖 AI Summary
This paper examines how the General Data Protection Regulation (GDPR) is reshaping global data governance, focusing on institutional tensions between the GDPR and the 1995 Data Protection Directive as well as U.S. privacy law, and its heterogeneous regulatory impacts across diverse business entities. Method: Drawing on doctrinal legal analysis, comparative law, and policy impact assessment—framed within regulatory mechanism design theory—the study systematically evaluates GDPR’s operational logic and extraterritorial effects. Contribution/Results: The paper proposes a novel information governance paradigm anchored in three pillars: enterprise-level internal control mechanisms, data localization practices, and meaningful human involvement in automated decision-making. It elucidates the GDPR’s structural bias favoring direct-to-consumer firms in compliance efficiency and demonstrates how the regulation is catalyzing a fundamental reconfiguration of data-driven business models under heightened protection standards.

Technology Category

Application Category

📝 Abstract
This paper introduces the strategic approach to regulating personal data and the normative foundations of the European Union's General Data Protection Regulation ('GDPR'). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR's approach and provisions; and make predictions about the GDPR's implications. We also highlight where the GDPR takes a different approach than U.S. privacy law. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed regulatory regime, that will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some information-intensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches.
Problem

Research questions and friction points this paper is trying to address.

Explains the GDPR's regulatory approach for personal data
Compares GDPR requirements with US privacy law differences
Analyzes GDPR's impact on global data usage practices
Innovation

Methods, ideas, or system contributions that make the work stand out.

Extends existing data protection directive requirements
Encourages information governance frameworks development
Uses structural elements to ease violation proof
🔎 Similar Papers
No similar papers found.