More Than an Enforcement Problem: The General Data Protection Regulation, Legal Fragmentation, and Transnational Data Governance

Yiran Lin*

Transnational data governance has been a field of growing legislative development, emblematic of the increasing regulation of the digital economy.  However, there are substantial challenges in governing cross-border data flows and activities while ensuring uniformity across borders and between jurisdictions.  The General Data Protection Regulation (GDPR), a European Union (EU) regulation put into effect in 2018, is a transnational data governance regime that aims to create a golden data privacy standard with an extraterritorial reach.  The GDPR is an emerging global standard that digital companies and nations will likely ultimately adhere to due to the significance of the European economy and to the EU’s regulatory power.  However, the GDPR’s intra-EU implementation in the past five years has brought to light the inconsistencies in its application.

This Note analyzes the obstacles confronted by the GDPR as a transnational data governance regime and the degree of legal fragmentation that has surfaced within its regional roll-out.  The lack of consistency in implementing the GDPR will not only undermine the credibility and reliability of European regulatory power, but also create uncertainty for users and regulators across the world.  To better understand the gap between the intended global reach of the GDPR and the current state of its uneven implementation, this Note discusses various factors that have contributed to the intra-EU divergence within national enforcement and corporate compliance.  It then evaluates the strengths and deficiencies of suggested solutions to enhance the effective enforcement of the GDPR.  By doing so, it links the GDPR’s intra-EU legal fragmentation to the broader tension between Europe’s right-based approach to data privacy, the United States’ market-based approach, and China’s state-based approach.  Lastly, the Note sheds light on the importance of aligning these fundamental models in order to create a uniform and sustainable solution to transnational data governance and envision the future for global data privacy.

* J.D. Candidate, Columbia Law School, 2024. Thank you to Professor Anu Bradford for her immensely illuminating guidance and insights on this Note; and to the editors and staff of CJTL for their diligent and meticulous editorial work.