Novelty and the demand for private regulation: Evidence from data privacy governance

Abstract

AbstractPrivate regulations are often presented as low-cost and flexible institutions that can act as policy incubators. In this article, I question under which conditions they go beyond legal compliance and experiment with new rules. Based on a content analysis of 126 data privacy regulations adopted between 1995 and 2016 in the European Union and the United States and thirty-five semistructured interviews, I show that most private regulations include no regulatory novelties. By disaggregating the temporal and spatial distribution of the few novelties, I add nuance to this overall finding and show that private regulations adopted in the United States before 2000 experimented more than others. I argue that this variation reflects the different demands for private regulation in the two jurisdictions and their evolution over time. In the European Union, the early adoption of privacy laws led public regulators and businesses to look for private regulations to reduce transaction costs and thus limited their interest in experimenting with new requirements. In the United States, businesses hoped to gain a first-mover advantage by including new data privacy rules in their private regulations. However, the growing use of private regulations to ease transnational data flows also led to their use as tools to reduce transaction costs.