Julia Schmitt, Klaus M. Miller and Bernd Skiera
Additional contact information
Julia Schmitt: Goethe University Frankfurt
Klaus M. Miller: HEC Paris
Bernd Skiera: Goethe University Frankfurt
Abstract: Policymakers worldwide draft privacy laws that require trading-off between safeguarding consumer privacy and preventing economic loss to companies that use consumer data. However, little empirical knowledge exists as to how privacy laws affect companies’ performance. Accordingly, this paper empirically quantifies the effects of the enforcement of the EU’s General Data Protection Regulation (GDPR) on online user behavior over time, analyzing data from 6,286 websites spanning 24 industries during the 10 months before and 18 months after the GDPR’s enforcement in 2018. A panel differences estimator, with a synthetic control group approach, isolates the short- and long-term effects of the GDPR on user behavior. The results show that, on average, the GDPR’s effects on user quantity and usage intensity are negative; e.g., the numbers of total visits to a website decrease by 4.9% and 10% due to GDPR in respectively the short- and long-term. These effects could translate into average revenue losses of $7 million for e-commerce websites and almost $2.5 million for ad-based websites 18 months after GDPR. The GDPR’s effects vary across websites, with some industries even benefiting from it; moreover, more-popular websites suffer less, suggesting that the GDPR increased market concentration.
Keywords: Privacy Law; Online Privacy; Consumer Protection; GDPR; Data Privacy Regulation
JEL-codes: M31
82 pages, March 16, 2021
Full text files
papers.cfm?abstract_id=3774110 HTML file Full text
Questions (including download problems) about the papers in this series should be directed to Antoine Haldemann ()
Report other problems with accessing this service to Sune Karlsson ().
RePEc:ebg:heccah:1437This page generated on 2024-09-13 22:19:53.