China Is Building an Alternative to the Brussels Effect on Data
As the EU tries to simplify its rules, Beijing is promoting a state-centred model of data governance shaped by industrial strategy, technological control and national security. A commentary by Francesco Decarolis
For more than a decade, the European Union has tried to shape international markets through regulation. The clearest example has been the General Data Protection Regulation, the GDPR, which entered into force in 2018 and set stringent standards for the collection and use of personal data by companies and public institutions.
The GDPR was an ambitious piece of legislation, rooted in broadly shared values. For several years, it served as an international reference point. Large digital platforms adapted to it, many countries incorporated significant parts of it into their own legislation, and European regulators acquired unprecedented centrality.
This is what scholars have called the Brussels Effect: the EU’s capacity to turn internal rules into global standards by inducing companies and states to adapt in order to operate in the European market.
Today, however, that model shows two clear weaknesses. One is internal to Europe. The other is external.
The first concerns the implementation of the GDPR, which has proved costly, fragmented and often inconsistent, especially for smaller firms. The Draghi report makes this point explicitly, citing studies according to which the regulation has increased the cost for European companies of accessing and using data by around 20 per cent compared with the United States.
Other research has identified negative effects on innovation and venture capital investment, while the benefits for individuals remain uncertain, not least because it is structurally difficult to assign a value to privacy. This is the context in which the so-called privacy paradox emerges: the discrepancy between the importance people say they attach to privacy and their actual behaviour, which is often characterised by a relatively casual sharing of personal data.
The second difficulty concerns the geopolitical and economic environment in which the GDPR was born. That environment no longer exists. Ten years ago, Europe accounted for more than one fifth of global GDP. Today its share is around 14 per cent.
Over the same period, the United States and China have consolidated their dominance in technology, access to capital and control of digital infrastructure. In this new balance, the capacity to impose standards no longer derives only from regulatory power. It depends on a combination of economic scale, industrial strength and innovation capacity.
Europe Simplifies as China Builds a New Model
Europe is trying to respond to these difficulties. This is the context for the Digital Omnibus, a European Commission proposal to revise the GDPR and other pieces of digital legislation as part of a broader process of simplification and rationalisation of the regulatory framework.
The reform aims to correct some of the rigidities that have accumulated over the years. Precisely because it is a highly technical intervention, but one that is also likely to affect fundamental rights and technological architectures, the Omnibus does not lend itself easily to simplified political readings.
Yet, despite the relevance of the Digital Omnibus, the European debate remains largely trapped in ideological categories, feeding a sterile opposition between “more rules” and “fewer rules”. This is misleading. The central question is not whether to deregulate, but how to regulate better, reconciling rights protection with innovation and competitiveness in a global context that has changed profoundly.
Meanwhile, it is necessary to look at what is happening in the rest of the world, which is moving along increasingly autonomous trajectories and is less and less interested in what happens in Europe.
One apparently distant, but particularly significant, signal is China’s decision to promote the World Digital Organization, or WDO, a multilateral initiative designed to define rules and standards on data governance, artificial intelligence and digital trade.
The WDO now brings together more than 200 members from over 40 countries, including companies, universities, think tanks and financial institutions. It is not a replica of the European model. It is its conceptual opposite: a form of regulation explicitly oriented towards industrial development, controlled interoperability and the protection of the state’s strategic interest.
Collective Interest, Not the Individual
The creation of the WDO is another component of China’s broader and more articulated data strategy. It follows the path opened by the Personal Information Protection Law, or PIPL, adopted in 2021, a law that has a structure and several legal features similar to those of the GDPR. It is the result of an evident process of borrowed regulation.
The logic of implementation, however, is profoundly different. The European model is based on directly enforceable individual rights. The Chinese model remains anchored in an administrative governance of data, oriented towards national security and industrial policy objectives.
Even where there is apparent convergence, the difference remains. The GDPR keeps the protection of the individual at its centre. The Chinese model reflects a conception of data subordinated to the collective interest.
Two profoundly different visions therefore emerge. Europe continues to rely on independent authorities tasked with preserving the balance between rights and markets. China offers a model of data governance in which regulation becomes a direct instrument of industrial policy.
Europe Needs a Dose of Realism
Two main conclusions follow from this comparison, corresponding to the two weaknesses identified above.
The first concerns the international context. Rather than asking, in abstract terms, which model of data and digital governance is best, Europe should recognise that the world no longer automatically converges towards its regulatory architecture.
The second concerns the need for urgent reforms, both at EU level, through the Digital Omnibus, and at national level. Data protection authorities have acquired considerable power over time. They now need a clearer framework of accountability, coordination and, above all, assessment of the economic effects of their decisions.
The fundamental question is not whether Europe should abandon the protection of privacy or fundamental rights. The real question is whether it can afford to continue treating regulation, by itself, as a strategy for economic and social development.
The world is no longer waiting for Brussels. Defending the European idea of regulation now requires less moral rhetoric and more economic realism. Otherwise, the price may be paid by the European social model itself.
A previous version of this article was published by the Italian monthly ECO
IEP@BU does not express opinions of its own. The opinions expressed in this publication are those of the authors. Any errors or omissions are the responsibility of the authors.
