European Data Protection Officers as Regulatory Intermediaries: The Politics of Intermediation in the New European Data Protection Regime

Abstract

The role of regulatory intermediaries increasingly attracts theoretical and empirical attention (Abbott et al. 2017). This paper focuses on the emergence of European data protection officers (DPOs) as regulatory intermediaries in the new European data protection regime. It asks how and why rule-makers and rule-takers rely on DPOs as intermediaries. Using process tracing, we find that unlike that ‘old’ regime that considered DPOs as a simplifying exemption to the broad requirement to update the already empowered data protection supervisory authorities (DPAs), the ‘new’ regime mandates the designation of DPOs within broad categories of regulated public and private bodies for monitoring and guidance on implementation. Functional and supranational theories of regulation are applied to explain that the new regime increased and strengthen the role of DPOs as one of the major mechanism of the new privacy regime. However, due to European-level political pressures, DPOs’ institutional design and consequential regulation in the context of information, platform, and surveillance capitalism are softer than initially suggested.