The EU Data Protection Directive: An engine of a global regime

Michael D. Birnhack*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

62 Scopus citations


The article explores a unique form of legal globalization, in which one jurisdiction induces other countries to adopt similar legal mechanisms, without coercion, taking advantage of ignorance or abusing political power. The 1995 EU Directive on data protection regulates the collection, processing and transfer of personal data within the EU, with the dual goal of enabling the free flow of data while maintaining a high level of protection. It includes a mechanism which addresses the export of such data. Article 25 stipulates that member states should allow transfer of data to a third country only if the third country ensures an adequate level of data protection. Thus, countries that wish to engage in data transactions with EU member states are indirectly required to provide an adequate level of protection. The article shows that the Directive has had a far greater global impact than thus far acknowledged and that it is currently the main engine of an emerging global data protection regime. Studying the Directive and its actual impact and comparing it to other mechanisms of legal globalization, I conclude that unlike some American scholars who described the Directive as "aggressive", it is better understood as a non-coercive mechanism of soft legal globalization.

Original languageEnglish
Pages (from-to)508-520
Number of pages13
JournalComputer Law and Security Review
Issue number6
StatePublished - 2008


Dive into the research topics of 'The EU Data Protection Directive: An engine of a global regime'. Together they form a unique fingerprint.

Cite this