Further Reading: The Regulatory Landscape: A Global Survey

The sources below provide deeper engagement with the themes introduced in Chapter 20. They are organized by topic and include a mix of foundational texts, empirical research, accessible popular works, and policy reports. Annotations describe what each source covers and why it is relevant to the chapter's core questions.

Foundations of Data Regulation

Bradford, Anu. The Brussels Effect: How the European Union Rules the World. New York: Oxford University Press, 2020. The definitive account of how the EU exports its regulatory standards globally through market mechanisms. Bradford's framework for understanding unilateral regulatory globalization is essential for Chapter 20's analysis of why GDPR-style provisions appear in laws from Brazil to Japan. The book covers not just data protection but environmental, consumer safety, and competition regulation, providing valuable comparative context.

Schwartz, Paul M., and Karl-Nikolaus Peifer. "Transatlantic Data Privacy Law." Georgetown Law Journal 106 (2017): 115–179. A careful comparative analysis of EU and US approaches to data protection that goes beyond surface-level description to examine the historical, cultural, and constitutional foundations of each system. Essential for understanding why the two systems differ — and where they may be converging.

Cohen, Julie E. Between Truth and Power: The Legal Constructions of Informational Capitalism. New York: Oxford University Press, 2019. Cohen argues that information law — including data protection — is best understood as an ongoing struggle over the political economy of information. Her analysis of how legal categories shape (and are shaped by) market structures provides a deeper theoretical foundation for the chapter's discussion of why regulation takes the forms it does.

The GDPR and European Data Protection

Voigt, Paul, and Axel von dem Bussche. The EU General Data Protection Regulation (GDPR): A Practical Guide. 2nd ed. Cham: Springer, 2024. The most accessible and comprehensive practitioner's guide to the GDPR. Organized by topic rather than by article number, it explains the regulation's requirements with practical examples and compliance checklists. Invaluable for students who want to understand the GDPR's operational details beyond the conceptual overview in this chapter.

Lynskey, Orla. The Foundations of EU Data Protection Law. Oxford: Oxford University Press, 2015. Lynskey traces the development of EU data protection from its origins in the 1970s through the 1995 Directive to the GDPR's genesis. Her analysis of data protection as a fundamental right — distinct from privacy — is crucial for understanding the rights-based justification discussed in Section 20.1.2.

European Data Protection Board. Various guidelines and opinions. Available at https://edpb.europa.eu. The EDPB publishes authoritative interpretive guidance on the GDPR. Key documents for this chapter include guidelines on territoriality (the GDPR's extraterritorial scope), data transfers, and the consistency mechanism. These documents reveal how the regulation operates in practice, beyond the text itself.

US Data Protection

Solove, Daniel J., and Paul M. Schwartz. Information Privacy Law. 7th ed. New York: Wolters Kluwer, 2023. The leading US casebook on information privacy law, covering the full range of federal and state statutes, constitutional protections, and common law principles. Essential for understanding the sectoral model's complexity and the interplay between federal and state regulation described in Section 20.3.

Hoofnagle, Chris Jay. Federal Trade Commission Privacy Law and Policy. Cambridge: Cambridge University Press, 2016. The definitive account of the FTC's role as the US's de facto data protection regulator. Hoofnagle traces the development of Section 5 enforcement from its origins in consumer protection to its modern application to data practices. Directly relevant to understanding the FTC's strengths and limitations as described in the chapter.

International Association of Privacy Professionals (IAPP). "US State Privacy Legislation Tracker." Available at https://iapp.org. A continuously updated resource tracking the proliferation of state-level privacy legislation. Essential for understanding the dynamic landscape of US privacy law, including the California CCPA/CPRA, Virginia VCDPA, and the twenty-plus state laws that have followed.

Global Perspectives

Greenleaf, Graham. Asian Data Privacy Laws: Trade and Human Rights Perspectives. Oxford: Oxford University Press, 2014. The most comprehensive survey of data protection law in Asia, covering over twenty jurisdictions. Though pre-dating some recent developments (China's PIPL, India's DPDPA), the analytical framework Greenleaf provides for understanding how Asian jurisdictions balance trade, development, and rights remains highly relevant to Section 20.6's discussion of emerging frameworks.

Makulilo, Alex B. (ed.). African Data Privacy Laws. Cham: Springer, 2016. An edited collection examining data protection frameworks across the African continent, from the Malabo Convention to national legislation in South Africa, Kenya, Nigeria, and others. Provides context for the chapter's brief references to emerging African data protection and raises important questions about how data protection frameworks interact with development priorities.

Creemers, Rogier. "China's Approach to Data Governance." In Data Governance: Value Orders and Jurisdictional Conflicts, edited by Karolina Engelhardt and Rolf H. Weber, 293–312. Cham: Springer, 2021. A nuanced analysis of China's data governance model that avoids both uncritical acceptance and reflexive dismissal. Creemers explains the PIPL, the Data Security Law, and the Cybersecurity Law as interconnected elements of a coherent (if politically distinct) governance vision. Essential for the comparative analysis in Section 20.5.

Comparative Regulation and the Future

Bennett, Colin J., and Charles D. Raab. The Governance of Privacy: Policy Instruments in Global Perspective. 2nd ed. Cambridge, MA: MIT Press, 2006. Though published before the GDPR, this remains one of the best comparative analyses of privacy governance instruments — from legislation to self-regulation, from privacy commissioners to privacy-enhancing technologies. The framework Bennett and Raab develop for comparing governance approaches is directly applicable to Chapter 20's typology of regulatory models.

Voss, W. Gregory. "Cross-Border Data Flows, the GDPR, and Data Governance." Washington International Law Journal 29, no. 3 (2020): 485–532. An analysis of how the GDPR's cross-border data transfer provisions interact with other jurisdictions' data governance frameworks. This article bridges the topics of Chapter 20 and Chapter 23, examining how regulatory differences create practical challenges for international data flows.

World Bank. Data for Development: An Evaluation of World Bank Support for Data and Statistical Capacity. Washington, DC: World Bank, 2022. A report that examines data governance from a development perspective — asking not just how data should be regulated but how data governance frameworks can support economic development, public service delivery, and democratic accountability in lower-income countries. Provides an important counterpoint to the chapter's focus on developed-world regulatory models.

These readings are starting points. As subsequent chapters examine the EU AI Act (Chapter 21), organizational data governance (Chapter 22), cross-border flows (Chapter 23), sector-specific governance (Chapter 24), and enforcement (Chapter 25), the further reading sections will narrow from the global survey presented here to specific governance domains.