Christian Peukert, Stefan Bechtold, Michail Batikas, Tobias Kretschmer, 30 September 2020

The EU’s General Data Protection Regulation came into effect in 2018 to tackle issues of privacy and personal data. Looking at over 110,700 websites before and after the introduction of the regulation, this column examines its effect on non-EU-based websites and on other policy domains, such as competition or trade policy. Both EU-based and non-EU-based websites switched to more privacy-sensitive technologies following GDPR, but only in the short term. The market for web tracking technologies became more concentrated, with Google gaining the most market share among large providers. Privacy regulations can function as nonpecuniary barriers to trade, especially if enacted by a large economic area.

Dirk Bergemann, Alessandro Bonatti, Tan Gan, 26 August 2020

The rise of large digital platforms — from Facebook, Google, and Amazon in the US to JD, Tencent, and Alibaba in China — has led to the unprecedented collection and commercial use of individual data. This column argues that a central, underappreciated feature of those data is their social aspect: data captured from an individual user describe not only that individual, but other users with similar characteristics or behaviours. The policy implications of this insight include the need for privacy regulations focused less on personalised prices, and more on group-based price discrimination.


CEPR Policy Research