Description
The global debate on cyber governance largely hinges upon the distinctions made between the multi-stakeholder model supported by the U.S. and its allies and the multilateral approach favoured by China and Russia (Cai 2018). While there is significant research on the clear differences between these two models, less is known about conceptual points of overlap between them when they are put into practice and why these similarities exist. In this way, the EU’s General Data Protection Regulation (GDPR) and China’s Personal Information Protection Law (PIPL) offer a novel opportunity for understanding the intersections of and diversions between different approaches to cyber governance, as the two laws share many similarities, despite also having key differences. As such, this research utilises a policy diffusion framework and learnings from Shipan and Volden’s (2008) ideas on the four mechanisms of policy diffusion to compare the EU’s GDPR and China’s PIPL. It looks at patterns between ideas about personal information protection between the EU and China and considers at what point(s) governments intervene in order to protect personal and sensitive data.
