IESET.
Movements·eu_gdpr_regulatory_stack_2018

EU General Data Protection Regulation and data-protection regulatory stack

DEU, FRA, ITA, ESP, NLD, BEL, POL, SWE, IRL, AUT·2016present·European Parliament + Council (rapporteur Jan Philipp Albrecht, Greens)
Leaders: Věra Jourová (Justice Commissioner) · Jan Philipp Albrecht (MEP rapporteur)
positionsordoliberalaustrianempirical_pragmatist

Doctrine — stated goals and content

Harmonised EU-wide data-protection framework replacing the 1995 Data Protection Directive. Core instruments: GDPR (Regulation 2016/679, applicable 25 May 2018), ePrivacy Directive revisions, Data Governance Act 2022, Data Act 2023. Stated goals: fundamental-rights grounding for personal-data control, one-stop-shop enforcement via national DPAs coordinated by the EDPB, extraterritorial application to any processor targeting EU residents. Penalty ceiling of 4% of global turnover. Framework codes this as a mixed-direction movement: data-subject protections strengthen one dimension of consumer welfare, while compliance architecture imposes fixed costs that disproportionately burden small and mid-sized firms and that empirically raised measured concentration in ad-tech and hosting markets post-2018.

Policy-content fingerprint — how the framework codes this movement on its axes

~
product market competition
regulatory.product_market_competition
Product-market regulation, entry barriers, licensing burdens, network-industry regulation, price controls.
mixed · moderate
Stated pro-user intent; observed outcome includes a compliance moat benefiting incumbents in ad-tech and hosting (Johnson/Shriver/Du 2023; Peukert et al. 2022).
sectoral licensing
regulatory.sectoral_licensing
Sector-specific licensing regimes, concentration / quota allocation, state-controlled entry (energy, telecoms, healthcare, banking).
increased · moderate
tighter sectoral licensing / more state gating
DPO appointment, DPIA, records-of-processing, and breach-notification obligations function as de facto licensing burden on data-processing activity.
trade openness
regulatory.trade_openness
Trade policy openness — tariffs, non-tariff barriers, FTAs, industrial protection.
decreased · weak
more protectionist
Adequacy-decision regime restricts cross-border data flows absent matching standards (Schrems II invalidated Privacy Shield 2020).

Policies enacted

What the data says — linked outcome hypotheses

The movement's outcome claims are tied to these hypotheses. Verdicts update as models run.

not yet written
gdpr_compliance_cost_smb_exit
not yet written
gdpr_adtech_concentration_effect

Schools of thought aligned or opposed

aligned
ordoliberal
Rule-based framework for a contested market with consumer externalities.
opposed
austrian
Argues the regulation creates barriers to entry and disproportionately favours incumbents.

References

Notes

Honest coding: the framework accepts both the stated fundamental-rights rationale and the empirical concentration evidence. Both are policy content. Rationale text records the mechanism rather than a normative judgement.