Empowered but Challenged?

Empowered but Challenged? A Comparative Analysis of Agencies’ Horizontal and Vertical Relationships in Data Protection Regulation

Research project funded by the Swiss National Science Foundation – Directed by Martino Maggetti

Short summary

Against the background of the growing importance of data protection agencies (DPAs) in the contemporary era of digitalisation, this project examines the two key relationships of these regulators: their cooperative or conflictual relations with sectoral co-regulators; and their potential control by the elected politicians or, respectively, capture by the regulated industries. Addressing these two questions is crucial to gauge the “new role” of DPAs as independent regulatory agencies (IRAs) in regulatory regimes. On the one hand, DPAs are starting to work as transversal regulators, that is, as independent public authorities that hold investigation, supervision, enforcement, and sanctioning powers in many policy sectors, which exhibit data protection issues following the process of digitalisation. On the other hand, they are emerging as increasingly salient politico-administrative actors, which are however at risk of becoming politically controlled or captured by those being regulated. The consequences of these developments are massive, as these interactions unfolding within regulatory regimes – around DPAs – can reshape regulatory governance, e.g., by creating new bureaucratic and political conflicts, but also by enabling new patterns of cross-sectoral cooperation with lasting consequences on the regulated fields. An inquiry into the role of DPAs is particularly needed in a (public health) crisis period, wherein these regulators are extending their regulatory reach to tackle complex regulatory issues, such as trying to strike a balance between the protection of civil liberties and the attainment of public health goals. To examine these questions, this project mobilizes a theoretical framework for the study of regulation in practice to examine how they actually interact horizontally within their organizational environment and the nature of their vertical relationships with elected politicians and the regulatory industries in a post-delegation context. The research design comprises a comparative empirical analysis examining French, German, Swiss, and British data protection agencies and their co-regulators in three sectors: medicine, telecom, and energy. This design allows for operationalizing our expectations on the country- and sector-level determinants of the variations in their relationships, and to investigate the mechanisms behind these expectations. The empirical analysis relies on comparative cases studies and on process-tracing using document analysis and interviewing techniques, and it will be ultimately systematized through Qualitative Comparative Analysis (QCA). In doing so, this project will show what are the implications of the empowerment and challenges experienced by data protection agencies operating as transversal regulators and crucial political-administrative actors. Such developments are likely to ultimately shape not only data protection regulation, but, ultimately, regulatory governance as a whole, redefining the scholarship on regulatory studies from both a theoretical and substantial point of view – pointing to the emergence of a new regulatory order with DPAs at the centre.