Governing the shadow of hierarchy: enhanced self-regulation in European data protection codes and certifications

This paper addresses how European policymakers have delegated the responsibility of protecting European values inside transnational data flows to private bodies acting as regulatory intermediaries. The paper uses a process-tracing methodology to argue that by accrediting private bodies to monitor codes of conduct and to assess conformity with certification schemes, policymakers have allowed enhanced self-regulation to exist in the shadow of European and national hierarchies. The paper process-traces how the two sub-regimes have evolved and then asks what the similarities and differences between the two sub-regimes are. The paper thereafter draws conclusions about how regulators can impact self-regulation that exists in their shadow through regulating via intermediaries instead of using direct modes of regulation.