On May 25, 2018, the European Union enforced the controversial General Data Protection Regulation—GDPR—with a view to “protect all EU citizens from privacy and data breaches in an increasingly data-driven world.” Advocates said it was a necessary constraint on corporate abuse of personal data but detractors called out GDPR’s potential to restrict freedom of expression and hurt businesses within and outside Europe.

Internet Governance Lab faculty fellow Dr. Saif Shahin and doctoral students Olivia Williams and Emily O'Connell examine the network of information flow about GDPR on Twitter and how the influence of particular types of social actors shapes public perceptions of the law and its implications. Drawing on the social network analysis of more than 150,000 tweets, their work demonstrates that while common users and news organizations steered the discourse at the time of GDPR’s implementation in 2018, major corporations such as Facebook and Google and smaller technology companies became dominant a year later. Structural topic modeling indicates that corresponding to this shift in influencers and brokers, the discourse about GDPR in 2019 also became much more “corporatized”—driven by the argument that GDPR was bad for business, especially U.S. business, as well as GDPR’s appropriation by cybersecurity firms for brand promotion.

Dr. Shahin and his coauthors’ analysis illustrates the power of technology companies in structuring the online information flow about data protection and draws attention to the near-absence of privacy rights activists and lawmakers from its mix of opinion leaders.