The introduction of the GDPR reheated the ongoing debate about the extraterritorial effect of European data protection law. In this debate, Anu Bradford argued that European data protection law affects global markets through the so-called "Brussels Effect", according to which policies diffuse primarily through market mechanisms. Specifically, this phenomenon operates even when the laws of non-EU countries, which set the rules for companies operating in those markets, have not changed to adopt provisions which equal those of EU law. In this paper we investigate empirically whether the introduction of the GDPR has initiated a “Brussels Effect”, improving compliance with data protection law and exporting GDPR standards outside of Europe. By measuring compliance with the right of access for residents of the EU and Canada, we find that this is indeed the case. We suggest that the GDPR’s stronger enforcement provisions are the key driver of this effect, which allows the EU to de facto unilaterally affect companies' behavior globally
