The civic transformation of data privacy implementation in Europe

Recent data protection laws in the EU institutionalise NGO engagement with regulators and enable new mechanisms for bottom-up policy implementation. The article studies thirteen European NGOs and maps their contribution to policy implementation based on a novel typology for understanding their scope (national vs. transnational) and goals (direct vs. strategic) of actions. The article asks: (1) how do NGOs vary in their contribution to data privacy implementation in Europe? and (2) what are the implications of those variations for differentiated policy implementation? Through analyses of NGOs’ informational activities and GDPR complaints, the article finds that NGOs converge towards privileging a transnational strategic civic-enforcement model, prioritising pan-European privacy cases to alter policy implementation, over individual citizen advocacy and empowerment at the national level. Civic engagement has served to mitigate cross-border policy implementation disparities, while preserving considerable regulatory discretion nationally. Integrating NGOs into the analysis of differential privacy policy implementation helps in highlighting the evolving nature of EU civil liberties.