Policy innovation,convergence and divergence: Considering the policy transfer regulating privacy and data protection in three European countries

This article examines policy activity surrounding the implementation of privacy regulations in three European countries, Denmark, Sweden and the UK, following the ratification of the 1995 European Union Directive on Data Protection. It highlights the convergence and divergence of policy embedded in the policy transfer process and stresses not only the complexity of policy transfer, but also the degree to which policy innovation is shaped by existing institutional settings and the processes associated with policy implementation. The article uses Dolowitz and Marsh's 'Policy Transfer Model' as an analytical tool to unpack the regulatory environment surrounding the governance of privacy. This illuminates the main features of the policy process in each of the three case study countries and also the tendency to focus on policy formation at the expense of policy implementation. In the case of the 1995 European Union Directive on Data Protection the three cases examined here demonstrate that multiple regulatory regimes and policy divergence are embedded in the harmonisation (or convergence) process, and that different countries approach the regulation of privacy and data protection in quite different ways.