The "Data Protection Festival" is widely reported by the media, and is celebrated by social networks such as conferences, speeches and twitter, which reflects indirectly the high sanction and enforcement of the GDPR regulations. For example, GDPR allows a company to be fined up to 4% of its global revenue or 20 million euros, and will take the greater one. On the day of "Data Protection Festival", the Washington Postreported that privacy protection organizations take this advantage to accuse technology giants such as Amazon, Facebook and Google of "improper processing of consumers' personal data". The people are fully enjoying their "new power". In addition, academic literature also has consistent views on the breakthrough impact of EU privacy law.

In the global data privacy law survey, Professor Graham Greenleaf of Australia found that 120 countries have enacted EU style data privacy laws. He pointed out that at least more than 30 countries have developed official bills of such laws. In his assessment, some data privacy laws reasonably described as 'European standards' are becoming the norms of data privacy laws in most parts of the world. In addition, the principles in GDPR, such as "data portability" and "the right to be forgotten", are already affecting laws outside Europe.

Various legal disciplines have studied why and how legal principles and norms are disseminated among jurisdictions. Firstly, this paper examines the research of Jack Goldsmith and Tim Wu on the impact of EU privacy law on the global dissemination. Then it analyzes the valuable academic achievements of Anu Bradford. Goldsmith and Wu believe that EU’s dominant power in this field is the result of the joint action of Europe's huge market forces and its extraordinary concern for citizens' privacy. EU is a very important market for multinational corporations, so many companies do not "completely withdraw from the European market". In addition, the EU attaches great importance to the right to privacy and participates in this legislation for a long time, its regulations have extraterritorial effect: As long as the information is transmitted outside the EU, EU laws will protect the personal data of EU residents. Bradford further developed the concept of EU unilateral legislation. In her article The Brussels effect, she tries to explain why EU can implement its rules globally. She pointed out that EU regulations have had a real impact on the daily lives of citizens all over the world. Brussels effect is in fact "unilateral regulatory globalization", that is, a country can externalize its laws and regulations through market mechanism. Although EU only regulates its internal market, multinational corporations often have the motivation to standardize production globally and abide by a single rule.

First of all, the EU is a rich consumer market, which is important for large companies outside the EU. EU is the world's second largest economy and the world's second largest consumer market. More specifically, EU consumers are early adopters of a series of information technologies, and EU has always been in a leading position in key areas such as broadband Internet services. Secondly, EU has established a considerable capacity for privacy supervision. At the level of Member States, there is a data protection agency in each country. The GDPR lists the necessary tasks of these institutions, including assisting individuals to protect their rights and advising legislative bodies on the operation of existing regulations. There are also important independent EU privacy entities, including the European data protection regulator and the European Data Protection Commission under the global data protection regulations. Finally, with regard to the tendency to impose strict rules on inelastic markets, Bradford believes that the EU usually prefers preventive regulatory action. If services are customized according to geographical location, they may no longer "expand" to a profitability sufficient to meet global Internet demand. If customers in some non-EU countries feel that their privacy level is low, there may be a political rebound. Global standards arise when a company's production or behavior is indivisible in different markets, or the benefits of uniform standards due to economies of scale outweigh the practice of reducing production costs in less regulated markets. Overall, according to Bradford, personal data seems to be consistent with the factual unilateral Brussels effect.

Data can be transmitted around the world in a basically frictionless manner. EU has therefore attached its data protection system to all personal information from the EU, and has granted the EU authorities the "data embargo right" to prevent the export of data to countries that fail to meet EU privacy requirements. For a long time, the out-of-domain transmission standard of personal data has been the "adequacy" of data protection in foreign jurisdictions. In 1995, as the predecessor of the global data protection regulations, the Directive on Data Protection established the adequacy requirements for international data transmission. The adequacy requirement indicates that "the third state concerned will be allowed for international transfers only when they ensure an adequate level of protection". The decision on adequacy will be taken by regulators at the level of Member States, although the committee itself is mandated to negotiate with countries with insufficient data protection. The Directive requires the Commission to maintain a white list of countries with adequate data protection. EU can transmit data to entities on this list and send information to countries on the white list without any further requirements, which is equivalent to transmission within EU. Today, the determination of adequacy requires a formal proposal by the Committee, is given views by European Data Protection Commission composed of representatives of data protection agencies of Member States, approved by representatives of member states of the "European Commission System" and finally got the adequacy decision of the members of the Council of Europe.

On January 23, 2019, EU and Japan reached a mutually sufficient arrangement to allow the free flow of personal data between the two economies. The top management of both partners of the agreement regards it as a policy priority and as the integration of the two legal orders. Japan is now on the coveted list of EU appropriate countries, which is a surprising development. How did Japan occupy a place on the European Commission's white list with only four-years effort from an illusory data privacy system in 2014? The key changes began in 2015, when Japan made extensive revison to the Amended Act on the Protection of Personal Information (APPI). This has changed Japan's law and brought it much closer to the EU system. These measures include expanding the definition of sensitive data, increasing individual rights, strengthening restrictions on the use of personal data provided to third parties, and enhancing the law enforcement power of the personal information protection committee (PPC) of the Japan data protection agency. The revised APPI includes the protection of the international transmission of personal data in Japan and contains a large number of EU data protection concepts. EU and Japan have made a decision on adequacy to recognize each other's data protection systems. This reciprocity represents that the EU data protection model has spread to a new high point. According to EU practice, Japan will not allow the data to be transmitted from its borders to countries without sufficient data protection. To this end, Japan has also established the right of data embargo in the national privacy administration. Data-driven economic sectors in both Japan and EU can now benefit from trade agreements. As personal data is a key element of the economy in the 21st century, Japan and EU have adopted normative practices in trade and data protection. Obviously, data protection is also a basic element for international business.