Date:
Location:
Abstract
The role of regulatory intermediaries hold within the regulatory regimes increasingly attracts theoretical and empirical attention across many fields (Abbott, Levi-Faur, & Snidal, 2017a, 2017b; Levi-Faur & Starobin, 2014; Talesh, 2015). To better understand the politics of the regulatory intermediaries’ emergence and the increased reliance on them by both rule-makers and rule-takers, this paper focuses on the European data protection regime’s increasing reliance on data protection officers (DPOs). This paper raises three questions: First, how did the role of data protection officers evolve in the European data protection regime between the old data protection regime (1995-2018) and the new data protection regime (2018)? Second, what are the differences in the reliance on data protection officers within the old data protection regime and the new data protection regime? And third, what are the explanations for the increasing reliance on data protection officers within the new data protection regime? The research finds that within a regime that requires DPOs to have both legal and technological skill-sets, DPOs are regulatory intermediaries that European policymakers rely on for monitoring and advice to ensure data protection compliance within private and public rule-takers. Interestingly, many European states varied in their decision whether or not to require the mandatory appointment of DPOs and how to regulate their interaction vis-a-vis the national data protection supervisory authorities (DPAs). In contrast, the new data protection regime mandates the appointment of DPOs within broad categories of regulated firms and governmental bodies that are facing the challenges of innovative information and telecommunication technologies and emerging smart algorithms. The research is expected to inform both the literature on privacy and internet policy and the regulatory intermediaries literature.