Δημοσιεύθηκε στο Linkedin, 9.2.2020
*** This is part of the GDPR ethics series; A broad mission statement may be found in its opening text. ***
Few legal instruments have done more for European integration than the GDPR: Within only a few years since its release there is practically nobody in Europe that has not heard of it or is not broadly aware of what it does; It is invariably known and referred to by its (English) name, not its local translation; And, everybody knows that it is an EU law, that it comes from Brussels not from the local capital. By taking it to the streets, to daily personal data processing across Europe, the European Commission has dealt a masterstroke: Not only has one of the GDPR’s primary goals been optimally served (namely, harmonisation), but also the case for Europe has been promoted in the minds (and hearts, given its protective nature) of Europeans.
This is no small feat. The law has always been an instrument of integration, if not by force, in European history. The Romans were the first that went down that road: Wherever the legions went, Roman law followed. In the end, all of the vast Roman Empire abided by the same law, much of which is still in effect today.
The second famous army to follow the same pattern has been Napoleon’s: His grenadiers were accompanied by the Napoleonic Code, much of which is also still recognisable today across Europe.
In other words, in Europe empire-building was at the end of the day more dependent on law than on military force. Or, if seen from another perspective, the legal effects of empires of the old have long survived their military effects.
From this point of view the EU is an experiment on legal imperialism without the guns and the warfare. Armed-to-the-teeth legionnaires and ruthless grenadiers have been replaced with civil lawyers carrying laptops, in the hope that this time the effect will be at least equally successful and long-lasting, minus the bloodshed and the human carnage.
However EU-style peaceful regulatory imperialism achieved through consensus and mutual respect comes at a price, namely Directives: EU law has not been allowed to reach directly to the masses, but rather has to be siphoned through national legislation. In this way, however, the EU connection is lost to the people: Lawyers and courts use and refer to national instead of EU law, only marginally acknowledging its EU origins; Non-expert citizens are under the impression that their country is the legislator, despite of the fact that national legislators essentially have to follow whatever their EU colleagues prescribe.
This is not the case with the GDPR. This time everybody in Europe knows that it is an EU law that affects directly everybody’s daily life. No local government intervention, even in the form of translation, is needed. Lawyers and courts know that they have to use and refer directly to EU law provisions, not domestic law. Legal scholars analyse directly EU law articles, unfiltered by national law intervention.
I believe that it is exactly through this process that the GDPR has acquired the international status that it now enjoys. If it wasn’t directly applicable to 500m people, it would not have impressed either the Americans or the Chinese (or any other country, for the same purposes). If the GDPR is to show to the world how technology could be regulated in a human rights-friendly manner, it is its EU-wide basis of application that affords it this role, not the ingeniousness or originality of its provisions. This, I think, should be a valuable lesson-learned to other fields of EU law, as well.