HEC Research Papers Series,
HEC Paris

Abstract: Policymakers worldwide draft privacy laws that require trading-off between safeguarding consumer privacy and preventing economic loss to companies that use consumer data. However, little empirical knowledge exists as to how privacy laws affect companies’ performance. Accordingly, this paper empirically quantifies the effects of the enforcement of the EU’s General Data Protection Regulation (GDPR) on online user behavior over time, analyzing data from 6,286 websites spanning 24 industries during the 10 months before and 18 months after the GDPR’s enforcement in 2018. A panel differences estimator, with a synthetic control group approach, isolates the short- and long-term effects of the GDPR on user behavior. The results show that, on average, the GDPR’s effects on user quantity and usage intensity are negative; e.g., the numbers of total visits to a website decrease by 4.9% and 10% due to GDPR in respectively the short- and long-term. These effects could translate into average revenue losses of $7 million for e-commerce websites and almost $2.5 million for ad-based websites 18 months after GDPR. The GDPR’s effects vary across websites, with some industries even benefiting from it; moreover, more-popular websites suffer less, suggesting that the GDPR increased market concentration.

Keywords: Privacy Law; Online Privacy; Consumer Protection; GDPR; Data Privacy Regulation

JEL-codes: M31

82 pages, March 16, 2021

Full text files

papers.cfm?abstract_id=3774110 HTML file Full text

Download statistics

• HEC Paris
• Ordering Working Papers
• Home page for this series

Questions (including download problems) about the papers in this series should be directed to Antoine Haldemann ()
Report other problems with accessing this service to Sune Karlsson ().

RePEc:ebg:heccah:1437This page generated on 2024-09-13 22:19:53.