The civic transformation of data privacy implementation in Europe

Abstract: Recent data protection laws in the EU institutionalize NGO engagement with regulators and enable new mechanisms for bottom-up policy implementation. We study thirteen European NGOs and map their contribution to policy implementation based on a novel typology for understanding their scope (national vs. transnational) and goals (direct vs. strategic) of actions. We ask how NGOs vary in their contribution to data privacy implementation in Europe? What are the implications of those variations for differentiated po… Show more

“…Based on examples emerging from Europe, civil society actors are essential in bringing strategic market surveillance gaps in front of regulatory agencies. NGOs were found to inject technical expertise, legal knowledge, and organizational capacities to the privacy enforcement process, contributing to the efforts of regulators in creating a culture of compliance across market actors (Borohovich et al, 2022;Jang & Newman, 2022). In addition to reacting to more obvious harms, privacy focused NGOs can perform dedicated research and proactively identify issues and harms that individuals or more traditional consumer rights organizations might miss, including in sectors where descrimination might be prevalent but not widely known.…”

“…Just as privacy NGOs in Europe have increasingly worked transnationally (Borohovich et al, 2022), bringing NGOs into the fold in the US could enable cases that address issues spanning the patchwork of state, federal, and international data privacy laws and regulations. Importantly, such a network of privacy focused, cooperative, proactive NGOs in Europe did exist before GDPR's Article 80, but their impact on the enforcement process was rather indirect as they were fighting for attention from regulators and tech companies.…”

Public Comment for FTC's Commercial Surveillance ANPR

“…Based on examples emerging from Europe, civil society actors are essential in bringing strategic market surveillance gaps in front of regulatory agencies. NGOs were found to inject technical expertise, legal knowledge, and organizational capacities to the privacy enforcement process, contributing to the efforts of regulators in creating a culture of compliance across market actors (Borohovich et al, 2022;Jang & Newman, 2022). In addition to reacting to more obvious harms, privacy focused NGOs can perform dedicated research and proactively identify issues and harms that individuals or more traditional consumer rights organizations might miss, including in sectors where descrimination might be prevalent but not widely known.…”

“…Just as privacy NGOs in Europe have increasingly worked transnationally (Borohovich et al, 2022), bringing NGOs into the fold in the US could enable cases that address issues spanning the patchwork of state, federal, and international data privacy laws and regulations. Importantly, such a network of privacy focused, cooperative, proactive NGOs in Europe did exist before GDPR's Article 80, but their impact on the enforcement process was rather indirect as they were fighting for attention from regulators and tech companies.…”

Public Comment for FTC's Commercial Surveillance ANPR