How to Save Democracy From Technology
Ending Big Tech’s Information Monopoly
That Europe’s best days are over has become a common refrain. Journalists, analysts, and even world leaders observe that “the Continent’s grand unity project is failing, and its global influence is fading”; lament “the coming erosion of the European Union”; and explain “why Europe no longer matters.”
Such pessimism can hardly come as a surprise. Crises loom well beyond the European horizon. China has arisen as a major economic power. Russia is asserting its will across the globe. Citizens of democratic countries have responded to the lure of economic populism. And with the United States in retreat from multilateralism, and the United Kingdom exiting the EU, even the union’s most ardent supporters have grown understandably convinced of the inevitability of its decline.
And yet an important dimension of the EU’s power remains unaffected by any of these trends, and that is the EU’s capacity to set high domestic standards, remaking global regulations in the process. EU regulations influence which products are built and how business is conducted, not just in Europe but everywhere in the world. Because it plays this role, the EU can transform global markets in multiple sectors—something it has done in setting the standards for the protection of privacy, for example. So long as the EU commands this essential regulatory authority, it will remain a major force in the global economy.
Europe’s regulatory power reaches across countries and industries. EU regulations determine the default privacy settings on the iPhone. They stipulate how timber is harvested in Indonesia, how honey is produced in Brazil, and what pesticides cocoa farmers use in Cameroon. They decide what equipment is installed in dairy factories in China and how much privacy is afforded to Internet users in Latin America. These are but a few examples of the EU’s power unilaterally to regulate global markets, which is known as the “Brussels Effect.”
The Brussels Effect suggests that the bigger and more affluent the consumer market, the more likely that exporting companies will comply with its standards. Europe’s combination of size and affluence makes its consumer market one that few companies would choose to forgo. With a population of 516 million and GDP per capita of $40,900, the EU has a larger market than the United States and a more affluent one than China. It is also the world’s second-largest importer of goods. As a result, for many companies, the benefits of market access outweigh the cost of adjusting to the EU’s stringent standards.
Due to the Brussels Effect, the EU does not need to impose its standards coercively on anyone.
But market size alone does not explain Europe’s ability to project its regulatory preferences beyond its borders. The EU has also built an extensive institutional architecture and harnessed the political will to enforce its regulations. Brussels has a far-reaching sanctioning authority and the ability to bar products or services from the EU market. The prospect of such exclusion effectively deters violations and induces compliance with EU regulations.
As a result of the Brussels Effect, the EU does not need to impose its standards coercively on anyone—market forces alone are often sufficient to convert the EU standard into the global standard as companies voluntarily extend the EU rule to govern their worldwide operations.
Europe has exerted its regulatory power to particular effect with regard to data privacy. In 2016, the EU enacted the General Data Protection Regulation (GDPR), which limits the quantity of personal data that can be collected and the purposes for which that data may be used; it also requires that any entity—private or governmental—that collects and processes such data must ensure its integrity, security, and accuracy. The GDPR stipulates a “right to be forgotten,” by which people retain the right to ask for certain personal data to be erased. The law’s “privacy by design” provision requires manufacturers to design their products and services with GDPR obligations in mind. Companies that fail to comply with the GDPR face fines of up to 20 million euros or up to four percent of the company’s total worldwide revenue from the preceding financial year.
Adopting the GDPR was a contentious process. The United States government and leading U.S. companies—including Cisco, Intel, Microsoft, and NBCUniversal—opposed the regulation on the grounds that it would hinder national security cooperation and kill innovation and research. The intensity of U.S. criticism was consistent with a profound divergence of views between the EU and the United States over the ability of markets to self-govern and the desirability of government intervention. U.S. data privacy laws are considerably weaker than those in the EU, and they are mostly restricted to the public sector, health care, and banking. The private sector in the United States is largely left to devise and enforce its own data privacy restrictions.
The politics underlying the international privacy debates have recently shifted in the EU’s favor, thanks in part to the revelation that a British political consulting firm, Cambridge Analytica, acquired private data obtained from Facebook users. These data were used in the 2016 U.S. presidential election and the 2016 Brexit referendum. But the ultimate determinant of the GDPR’s fate will not be politics so much as the Brussels Effect.
As corporations have bowed to the Brussels Effect, governments have followed suit.
The EU is an important market for many data-driven businesses, including Facebook and Google. Facebook has more than 250 million users in Europe, and they produce 25 percent of Facebook’s global revenue. Google’s share of the search market is more than 90 percent in most EU member states, which exceeds its 67 to 75 percent market share in the United States. Abandoning the EU market is not even remotely a commercially viable option for them. These digital companies will be hard-pressed to circumvent the GDPR, because the regulation protects European data regardless of where the data are processed.
Companies may wish to divide products and services between markets in an attempt to circumvent the Brussels Effect. Instead of adhering to a uniform standard in their global conduct, corporations could customize their practices to suit different regulatory markets. But doing so would be difficult and costly, making this tactic highly unlikely. Many digital companies store their data in overseas servers and must move them across borders. Since privacy regulations can differ across jurisdictions, and devising multiple compliance regimes is costly, business logic compels these digital companies to streamline: they apply the most stringent standards across the board so as to retain the ability to conduct business everywhere.
Rather than divide their services or forgo the EU market entirely, several U.S. companies, including Google, Facebook, Microsoft, Netflix, Uber, and Airbnb, have amended their global privacy practices to fit the EU’s standards. And as corporations have bowed to the Brussels Effect, governments have followed suit. To date, nearly 120 countries have adopted privacy laws, most of them resembling the EU data protection regime. The United States may not be able to hold out in perpetuity. If Washington concedes that the time has come for a robust federal data protection law, the Brussels Effect will have reached its last frontier.
In a world of growing disenchantment with international cooperation, the Brussels Effect has produced impressive compliance, if not consensus, on critical cross-border matters such as data privacy. But the headwinds are strong. A rising China, backlash to globalization, and a decline in international cooperation are just a few of the forces that countervail Europe’s regulatory standard setting.
Nonetheless, there is reason to think that the Brussels Effect will prevail. Though China may soon possess the largest consumer market, its projected income per capita in 2050 will be $17,372, far below that of EU member states. Less wealthy consumers have a lower appetite for regulations that might compromise growth and economic development. And since importers set standards by regulating market access and China’s economy relies primarily on exports, a “Beijing Effect” is unlikely to replace the Brussels Effect anytime soon.
The fear of shrinking multilateralism is not a cause for alarm either. Countries may retreat from security and trade agreements or even leave the EU. But these antiglobalist stances will not undermine the global regulations that the EU produces. Take Brexit, for example: roughly half of British exports are destined for the EU, meaning that the United Kingdom will continue to need access to the EU’s large consumer market long after Brexit. While British companies could, in principle, adopt one set of standards for Europe and multiple other sets of standards for the rest of the world post-Brexit, the Brussels Effect makes this unlikely. The Brussels Effect therefore mitigates the decline of globalization and, if anything, fills the void left by waning multilateralism. The Brussels Effect will likely persist, extending the EU’s regulatory hegemony into the foreseeable future, thereby challenging the notion of Europe’s inevitable wholesale decline.