Document Type


Publication Date





Under the European Data Protection Directive, responsibility for implementation and enforcement is generally left to the member states. The exception is for transfers to third countries: a complex network of national regulators, the European Commission, and a transnational comitology committee are responsible for blocking or permitting transfers to countries without adequate privacy guarantees. This article reviews the operation of the network and then poses two questions, one causal and the other normative. First, what explains the pattern of delegation (and non-delegation) of powers to the network? Second, does the network allow for adequate participation rights and judicial review and for democratic accountability? After examining a variety of alternative explanations for delegation, the article concludes that the Directive’s bargaining history supports the credible-commitments hypothesis. On the normative question, the article argues that individual rights are generally protected but that democratic accountability is weak given the notorious difficulty of mobilizing politically across national borders.

GW Paper Series

GWU Law School Public Law Research Paper No. 565; GWU Legal Studies Research Paper No. 565

Included in

Law Commons