Christian Peukert, Stefan Bechtold, Michail Batikas, Tobias Kretschmer, 30 September 2020

The EU’s General Data Protection Regulation came into effect in 2018 to tackle issues of privacy and personal data. Looking at over 110,700 websites before and after the introduction of the regulation, this column examines its effect on non-EU-based websites and on other policy domains, such as competition or trade policy. Both EU-based and non-EU-based websites switched to more privacy-sensitive technologies following GDPR, but only in the short term. The market for web tracking technologies became more concentrated, with Google gaining the most market share among large providers. Privacy regulations can function as nonpecuniary barriers to trade, especially if enacted by a large economic area.

Joshua P. Meltzer, 05 August 2020

The Court of Justice of the European Union recently delivered its verdict in the Schrems II case, ruling that the EU-US Privacy Shield is invalid. This column addresses the implications for adequacy and standard contractual clauses as well as the broader issue of how to balance national security and privacy goals. It concludes with observations about the potential impact of the decisions for the US and beyond and suggests some ways forward.   

Ran Zhuo, Bradley Huffaker, KC Claffy, Shane Greenstein, 01 March 2020

The internet comprises thousands of independently operated networks, where bilaterally negotiated interconnection agreements determine the flow of data between networks. This column examines the impact of the EU’s General Data Protection Regulation on the interconnection behaviour of network operators. It finds no measurable effects of GDPR on interconnection topology at the network level, with networks in the EEA growing at a rate similar to networks in non-EEA OECDcountries and only economically small effects on the entry and the number of networks. 

Jian Jia, Ginger Jin, Liad Wagman, 07 January 2019

The EU’s General Data Protection Regulation was a landmark piece of legislation stipulating how businesses approach consumers’ privacy with regards to data. Using EU and US data, this column explores how the legislation impacted technology venture investment. The implementation of GDPR had an immediate, pronounced, and negative effect on investment. However, these results do not necessarily constitute a welfare loss, and the long-term effects of GDPR remain to be seen. 

Aaditya Mattoo, Joshua P. Meltzer, 23 May 2018

The EU’s privacy regulation threatens developing country exports of data-based services by making data transfers more difficult. Traditional trade rules and regulatory cooperation cannot resolve this conflict. The column argues that the way forward would be to design trade rules that reflect the bargain struck in the EU-US Privacy Shield. Data destination countries would promise to protect the privacy of foreign citizens in return for source countries promising not to restrict data flows.

Susan Ariel Aaronson, 14 July 2014

The internet promotes educational, technological, and scientific progress, but governments sometimes choose to control the flow of information for national security reasons, or to protect privacy or intellectual property. This column highlights the use of trade rules to regulate the flow of information, and describes how the EU, the US, and their negotiating partners have been unable to find common ground on these issues. Trade agreements have yet to set information free, and may in fact be making it less free.

Laurits Christensen, Federico Etro, 24 March 2013

The EU is planning to harmonise data protection. This column balances the benefits of harmonisation against the estimated costs to business – especially small and medium-sized enterprises – and the macroeconomic costs more generally. The net compliance costs will perhaps be larger than the EU predicts.

Events

CEPR Policy Research