BRUSSELS—Sonos Inc., the Santa Barbara, Calif., wireless speaker company, recently sent a notice to users world-wide that wasn’t about another software update. It covered the European Union’s new internet-privacy rule.
The EU’s General Data Protection Regulation, or GDPR, takes effect later this month, and “because we believe all Sonos owners should have the right to these protections, we are implementing these updates globally,” the company said.
also say they have updated their global privacy rules in anticipation of the new law.
GDPR is the latest sign of the EU’s growing power in global regulation. With increasing frequency, EU rules targeting industries within the bloc—from consumer products to financial services—have set international benchmarks. Some are taken piecemeal, as with GDPR, from which non-EU companies are cherry-picking elements. Other rules have become de facto world-wide references.
The EU’s Undertakings for Collective Investment in Transferable Securities, or UCITS V, which in 2016 updated a financial directive first adopted in 1985, “is clearly regarded as a global standard,” said
chief investment officer at asset manager Sarasin & Partners in London.
California’s electronic-waste recycling act of 2003, updated last year, specifically cites a broader EU law passed in 2002. Several other U.S. states, including New York, followed California’s example and cite EU law.
The EU’s 2006 Registration Evaluation, Authorization and Restriction of Chemicals law, or REACH, has spawned copycat chemical-safety legislation in China, South Korea, Turkey and other countries, though few are as sweeping as the EU law, industry officials say.
More than 120 countries have adopted privacy laws based on Europe’s regulations over recent decades, according to
a professor of law and information systems at Australia’s University of New South Wales.
Europe’s international influence stems from a confluence of factors, starting with its market size. Companies wanting access to the EU’s 500 million potential consumers—one of the world’s richest markets for products and services—must play by EU rules.
While some companies complain about EU regulations, in today’s globalized markets many also seek to standardize internationally, for scale economies or other reasons.
Sonos never considered implementing GDPR only for EU customers, said spokeswoman
“Preparing for GDPR was, of course, a substantial time investment but a worthwhile one,” she said.
EU influence on regulation and business conduct far from its borders is so widespread that Columbia Law School Professor
in 2012 dubbed it the “Brussels Effect.” The term nods to the previously noted “California Effect,” in which the state’s strict laws in areas such as the environment and consumer protection lifted regulatory standards in the rest of the U.S.
Prof. Bradford, who is now writing a book on the Brussels effect, said GDPR exemplifies “even stronger manifestations” of the phenomenon over recent years. She said Facebook and
Google follow EU standards on expunging hate speech globally despite lack of obligation to do so.
Until the 1980s, the U.S. led the world on business regulation but has since been eclipsed by the EU, Prof. Bradford said. Over that time, the EU has standardized many rules across its 28 members, often making them stricter in the process.
European countries have long imposed extensive and often costly regulations on firms operating domestically, and critics see the same in EU rules. Many business leaders say Europe’s labor codes, consumer protections and environmental laws put it at a competitive disadvantage against foreign rivals.
REACH, for example, shifts the burden of proof in Europe regarding chemicals’ safety from regulators to the industry and increases the volume of data that companies must provide watchdogs. REACH’s restrictions risk closing markets and impeding innovation, say officials at trade groups including the American Chemistry Council and the American Chamber of Commerce to the European Union.
Not all EU rules resonate globally. The bloc’s emissions-trading system, set up in 2005, was envisioned as inspiring similar environmental programs in other countries, but few have copied it.
Enforcement of EU rules outside the bloc varies. American companies touting adherence to GDPR only face its potentially huge fines for business inside the EU.
For some businesses, tight EU regulation can prove appealing.
fund manager at BlueBay Asset Management in London, said the firm sees “overwhelming customer preference for well-regulated UCITS hedge funds” in Asia and Latin America, compared with other available fund types.
As GDPR shows, online businesses are particularly susceptible to the Brussels effect.
“There are a whole series of actors in the U.S. and Asia who will now be subject to the law,” said
head of France’s privacy regulator. “GDPR is an important signal that Europe has influence in this digital society.”
—Sam Schechner in Paris contributed to this article.
Write to Daniel Michaels at [email protected]
Source : WSJ