The General Data Protection Regulation (GDPR), effective since 2018, is the world's most influential data protection law. Through the Brussels Effect — where the EU's regulatory standards become global defaults because multinationals find it easier to comply globally than maintain separate systems — GDPR has been adopted or closely emulated by over 160 countries.
Brazil's LGPD, Japan's APPI amendments, South Korea's PIPA revisions, India's DPDP Act, and dozens of other national privacy laws are modeled on GDPR principles: lawful basis for processing, data minimization, right to erasure, data portability, and mandatory data protection officers. Even US state-level privacy laws (California's CCPA/CPRA) draw on GDPR concepts.
The Brussels Effect in privacy is a technology export: Europe exported a regulatory framework that reshapes how the global technology industry handles personal data. Companies like Apple, Google, and Meta redesigned their global data practices to comply with GDPR, effectively imposing European privacy standards on users worldwide.