We investigate empirically whether the introduction of the General Data Protection Regulation (GDPR) improved compliance with data protection rights of people who are not formally protected under GDPR. By measuring compliance with the right of access for European Union (EU) and Canadian residents, we find that this is indeed the case. We argue this is likely caused by the Brussels Effect, a mechanism whereby policy diffuses primarily through market mechanisms. We suggest that a willingness to back up its rules with strong enforcement, as it did with the introduction of the GDPR, was the primary driver in allowing the EU to unilaterally affect companies' global behavior.
- Brussels effect
- Data protection
- Right of access to personal data