Strange Bedfellows: Consumer Protection and Competition Policy in the Making of the EU Privacy Regime

Abstract

AbstractHow was the European Union's privacy regime built? Drawing on regime theory and carrying out qualitative document analysis, we present the evolution of the privacy regime across the three decades from the 1995 European Data Protection Directive to the 2016 General Data Protection Regulation, the 2022 Data Governance Act and finally the 2022 Digital Markets package. Our analysis focuses on the European Commission and suggests that the privacy regime emerged out of the seemingly conflicting interplay between the (digital) single market whose power draws on the network effects of expanding data resources and concerns for personal privacy that seek limiting data gathering itself. Contrary to expectations, potential tensions between competition law and consumer protection have not hindered or decelerated the formation of the regulatory regime. In fact, these tensions have proven to be surprisingly productive.