Introduction
The European Union (EU)’s General Data Protection Regulation (GDPR) of 2018 has a large-scale
political effect on the way data protection is used as well as on wider geopolitics. The policy itself is more
about cybersecurity and privacy, but its political implications are deep – shaping global governance,
global trade and diplomacy. Politicians and policymakers have faced GDPR with some or no way out,
with often political back-and-forth between regulators, companies and governments abroad. This essay
looks at the political impact of the GDPR on political thought and the wider political implications of this
regulatory regime.

Political Motivations Behind the GDPR
GDPR was made to address data privacy concerns, led in part by big tech-company data breaches and
scandals. But the regulation also reflects the EU’s desire to position itself as a global leader in digital
governance. As an internationally pre-eminent model for data protection, the EU has been looking to
make a statement about its regard for privacy rights by setting a high bar, and proving itself as a contrast
to the open-ended regulatory policies in other countries, including the United States.
Politicians in the EU understood the need for robust data protection provisions, both to safeguard citizens
and to claim sovereignty over data governance in a world increasingly digital. As Tikk and Kaska (2019)
say: “The GDPR is also an element in the EU’s wider strategy to establish itself as a world leader in
digital governance” (p. 122). This policy moves are motivated by an ambition to disrupt the position of
foreign technology kingpins — most notably those based in the United States — that have historically
had easier regulatory environments.

Implications for International Relations
Perhaps the GDPR’s greatest political impact will be on international affairs. The extraterritorial character
of the regulation, which would extend to any firm that handles EU citizens’ personal information, has
caused rift between the EU and other nations, particularly the United States. The GDPR has also drawn
fire from U.S. policymakers and entrepreneurs who say it puts too many limits on the freedom to trade
and innovate. The GDPR has resulted in conflict with transatlantic ties, as US lawmakers accused the EU
of protectionist use of data privacy to harm US technology providers (Bradford, 2020).
In response, the U.S. has been developing its own data privacy laws, such as the California Consumer
Privacy Act (CCPA) which in part echoes the GDPR. But the US absence of a federally harmonised data
protection legislation has created persistent political limbo over how to reconcile the two systems. In
Bradford’s (2020) words, “The GDPR has brought about the United States to reconsider its data privacy
strategy, making the digital world a new battlefield for political and economic power” (p 45).

For Governments and Corporations, the Problems: Politicians and policymakers also had to confront the GDPR’s implications for private business especially
small and medium-sized enterprises (SMEs). Even though the GDPR aims to guarantee personal data, it’s
also criticised for having such stringent requirements disproportionately burden smaller companies that
simply lack the capacity to take the necessary data protection measures. That’s led to political tension in
the EU itself, with some member states asking for greater latitude in how the regulation is enforced. ‘The
conflict between those who regard GDPR as the right measure to guarantee digital rights and those who
view it as limiting innovation — especially for smaller companies — has intensified,’ Moerel and Prins
(2016) observe (p. 50).
This question has an international political significance, with companies operating outside of the EU
dealing with European customers also liable for GDPR. This has made political difficult for policymakers
in states such as the United States, where corporations pushed for regulatory changes to ease the burden
of EU data protection legislation. The struggle between strong data protection and safeguarding business
interests is still influencing political discussions in the EU and abroad.

Conclusion
The GDPR has broad political ramifications, impacting not just data protection law but also international
politics, global trade and diplomacy. While legislators in the EU have seized on the regulation as a marker
for their political authority in the digital era, others have had to change their own data privacy practices.
These subsequent conflicts between regulators, industry and foreign governments underscore the interplay of politics in regulation of data protection and cybersecurity. The political issue of the GDPR and its transnational ramifications, with cyber attacks still evolving, will remain a hotly contested topic for
policymakers.

References
Bradford, A. (2020). The Brussels effect: How the European Union controls the world. Oxford
University Press.
Moerel, L., & Prins, C. (2016). Privacy for the Homo Digitalis: A blueprint for a new data protection
regulatory framework that adapts to big data and the internet of things. Computer Law & Security
Review, 32(1), 43-57. https://doi.org/10.1016/j.clsr.2015.12.007
Tikk, E., & Kaska, K. (2019). GDPR implications for cybersecurity in Europe and beyond. Journal of
Cyber Policy, 4(2), 117-128. https://doi.org/10.1080/23738871.2019.1658095.