This new chapter for the 3rd edition of Paul Craig and Gráinne de Búrca’s Evolution of EU Law conceptualizes European data law as an area of EU law that gravitates around but transcends data protection law. It traces the origins of the EU’s data protection law to national and international antecedents, stresses the significance of recognizing data protection and privacy in the EU’s Charter of Fundamental Rights, and explores the gradual institutionalization of data protection law through exceptionally independent data protection authorities, firmly embedded data protection officers, and emergent structures for supranational coordination. It then contrasts the EU law on personal data with the EU law on non-personal data and scrutinizes two other domains of European data law that intersect in complicated ways with data protection law: data ownership laws and access to data laws. European data protection law has been globally diffused through extraterritorial application, conditionalities for transfers of personal data, international agreements, and the “Brussels Effect” but whether the EU will retain its role as global data regulator is far from certain. As the European Commission is executing its data strategy, it needs to move beyond simplistic understandings of data as a resource, recognize the salience of data infrastructures, and confront the reality that data is more than a regulatory object.
The chapter draws on ideas from Guarini Global Law & Tech’s Global Data Law project.