A New Delhi Effect
The “Brussels Effect” is the phenomenon where other countries adopt regulation similar to the EU’s and as a result ends up extending Europe’s regulatory dominance. However, regulations like the GDPR have faced criticism for its burdensome compliance requirements. India’s DPI approach offers a new data governance model. But in order for this approach to be globally successful, strong regulatory institutions and a commitment to techno-legal governance are necessary.
This article was first published in The Mint. You can read the original at this link.
The European Union’s (EU) General Data Protection Regulation (GDPR) was enacted in 2016. Since then, over 150 countries have enacted laws that incorporate its principles into their legislative frameworks with next to no effort on the part of European legislators. This phenomenon—where Europe is able to influence the shape and direction of global regulation by doing little more than putting in place a bespoke domestic regulatory regime—has come to be known as the Brussels Effect.
How is Europe able to pull this off?
Size, Regulations and Institutions
In the first place, the EU as a single market is so large that global companies can ill afford to ignore it. No single European nation would have been able to exert this level of influence, but since the EU is an amalgamation of nations that, in aggregate, has a population of over 450 million people and a GDP per capita of over $44,000, Brussels has turned more important than Belgium ever could have been.
But Europe’s regulatory dominance is not merely on account of the attractiveness of its market. It has, over the years, cleverly designed its regulations to apply to activities being performed outside of its geographical borders. For instance, the GDPR applies to the processing of personal data of European residents whether such processing takes place within the EU or outside its territorial jurisdiction. Since consumers want to avail these digital services within the comfort of their own home jurisdiction, global tech companies have little option but to ensure that their operations conform to the requirements of applicable European laws. This is what Anu Bradford refers to as inelastic regulatory targeting—the design of regulation to ensure that companies that are its target are incapable of circumventing its applicability by trying to provide the regulated offering from a different jurisdiction.
But, by far, the single biggest reason why Europe has evolved into such a dominant regulatory powerhouse is its impressive regulatory infrastructure. Over the course of over half a century, it has put in place, bit by bit, a set of powerful regulatory institutions and imbued them not only with the administrative capacity required to enact new laws and regulations as and when necessary, but also a deep commitment to further the vision of an economic union. This has resulted in a remarkably strong and internally consistent framework. These institutions are manned by an experienced and highly competent bureaucracy vested with powerful sanctioning authority that allows them to enforce compliance with the regulatory framework through the imposition of steep financial penalties and the threat of a withdrawal of market access.
In this, Europe is unique in the world. While China has a much larger market and is thus probably more commercially significant than Europe, even if its GDP per capita is lower, it lacks the regulatory infrastructure that Europe has. And even though the US has both a large as well as commercially significant market and strong regulatory institutions, it lacks the political will that is necessary to enact laws and ensure that they are consistently enforced across the country. This is the primary reason why European regulation has become the benchmark for countries around the world.
Coming Under Strain
That said, the European approach to data governance has in recent times begun to come under fire. Five years after the GDPR came into force, concerns are being expressed about how inconvenient it is that everyone who has anything to do with Europe, no matter how remote, still has to comply with its provisions. What’s more, even though it was originally designed to keep big technology companies in check, it is now abundantly clear that compliance with these regulations requires pockets so deep that it is only those very companies whose activities it was supposed to constrain that can afford to remain in compliance with all that it demands.
Over its G20 presidency, India made a big push for wider global adoption of its Digital Public Infrastructure (DPI) approach, a framework that, as I argue in my new book, presents a brand new approach to data governance. It embeds regulatory principles directly into the code of the digital infrastructure, assuring compliance through the very act of participation. Not only does this reduce costs, it lowers the regulatory burden on nations that adopt this approach.
New Regulatory Institutions
While there is no doubt that India is a large and commercially significant market (for many of the world’s largest technology companies, it is already the largest customer base by volume), market size alone will not result in this new data governance approach being widely accepted. What’s needed are strong regulatory institutions empowered to consistently deploy the DPI approach across different sectors with an eye to ensuring that each such deployment adheres to consistent governance principles.
This requires a commitment to the notion of techno-legal governance and a clear appreciation of all that it can achieve. It will require regulators adept at the art of policy formulation as well as equipped with the level of technical understanding required to be able to design and deploy the many technical artefacts that lie at the core of this governance approach—the consent framework, data exchange protocols and open networks for digital commerce.
This is a tough ask for any government. But a necessary one if this approach is to be globally successful.
