EU politics and the making of the General Data Protection Regulation : consociationalism, policy networks and institutionalism in the process of balancing actor interests

This thesis analyses the policy process of adoption of the General Data Protection Regulation (GDPR), replacing the EU Directive 95/46/EC, the global “golden standard” setter in the field of privacy and data protection. The GDPR was proposed in January 2012 and was adopted in April 2016 following a...

Full description

Bibliographic Details
Main Author: Jančiūtė, Laima
Published: University of Westminster 2018
Online Access:https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.742302
Description
Summary:This thesis analyses the policy process of adoption of the General Data Protection Regulation (GDPR), replacing the EU Directive 95/46/EC, the global “golden standard” setter in the field of privacy and data protection. The GDPR was proposed in January 2012 and was adopted in April 2016 following a highly politically charged process lobbied against to an unprecedented extent by certain commercial and political interests. The policy process is looked at through the lens of consociationalism, which draws attention to the importance of national governments, policy networks, which stress non-linear policy-making dynamics, and institutionalism, which highlights the significance of institutions. On the whole, the GDPR as approved strengthened the ICT users’ rights, although not to the degree originally envisaged. The study proposes that institutional factors were decisive in determining policy outcomes, either acting in coalition with different policy networks or reacting to external developments, notably the Snowden revelations in 2013. The institutional factors, amongst others, included strategic actor self-interest of preserving or even expanding their spheres of influence, sociological dimensions such as ideological adherence and diverse national and institutional cultures, and important earlier institutional and policy developments. As the thesis shows, the impact of institutional factors on the policy outcomes was particularly evident in the European Parliament’s position during the process. The EP’s influence demonstrates the strong political will of this institution and its overall defence of citizens’ rights against lobbying by the industry. At the same time, the reform process brought around many gains to the national Data Protection Authorities at the cost of the initially foreseen Commission’s remit. This thesis argues that the powers retained by these national supervisory authorities, alongside the numerous derogations following difficulties to reconcile diverse national positions, make the GDPR a tangible case of state-centrism. The Member States’ sovereign decision-making concerns posed breaks to the level of Europeanisation that the GDPR could potentially bring about in this issue-area. This work makes a significant contribution to knowledge by, amongst others, offering a political science perspective in on-line privacy and data protection research dominated by other disciplines, by applying the consociationalism theory – a less explored paradigm in the EU studies as compared to other approaches – and by providing a policy process analysis of the newly adopted data protection instrument with global rules-shaping significance.