Regulating Privacy Online: An Economic Evaluation of the GDPR
51 Pages Posted: 18 Jul 2019 Last revised: 29 Mar 2021
Date Written: July 17, 2019
Modern websites rely on personal data to design better content and to market themselves. The European Union’s General Data Protection Regulation (GDPR) was intended to make access to such personal data much more difficult, with the goal of protecting user privacy. We examine the GDPR's impact on website pageviews and revenue for 1,084 diverse online firms using data from Adobe's website analytics platform. Using a panel differences approach, we find a reduction of approximately 12% in both EU user website pageviews and website e-commerce revenue recorded by the platform after the GDPR's enforcement deadline. To understand the policy's impact, we must separate the GDPR's effects on real outcomes from its impact on data recording. We derive informative bounds on both components by first examining site-usage patterns of selected users that we continue to observe post-GDPR. We bound changes to data recording, attributed to users opting-out of data collection, to be between 4% and 15%. This implies that at least 7% of our GDPR estimates (0.8% of total) arise from the consent effect on data recording. We then find larger effects on traffic from email and display ad marketing channels—specific targets of the GDPR. We conclude that at least 8% of our GDPR estimates (0.4% of total) arise from the GDPR's real effect on marketing alone. However, we do not find evidence that consent interfaces dissuade users from browsing sites.
Keywords: Privacy, Regulation, EU, GDPR
JEL Classification: D04, K20, L50, L51, L86, M31, M38, O38
Suggested Citation: Suggested Citation