Joshua P. Meltzer, 05 August 2020

The Court of Justice of the European Union recently delivered its verdict in the Schrems II case, ruling that the EU-US Privacy Shield is invalid. This column addresses the implications for adequacy and standard contractual clauses as well as the broader issue of how to balance national security and privacy goals. It concludes with observations about the potential impact of the decisions for the US and beyond and suggests some ways forward.   

Eiichi Tomiura, Banri Ito, Byeongwoo Kang, 14 March 2020

Cross-border data flows are becoming increasingly important in the modern economy. In response, many countries have introduced regulations to control data transfers. This column discusses the firm-level response to such regulations using a recent survey of Japanese firms. Firms react by changing the location of data storage and processing, as well as by tightening data protection. However, these responses vary significantly depending on where the regulations originate. 

Ran Zhuo, Bradley Huffaker, KC Claffy, Shane Greenstein, 01 March 2020

The internet comprises thousands of independently operated networks, where bilaterally negotiated interconnection agreements determine the flow of data between networks. This column examines the impact of the EU’s General Data Protection Regulation on the interconnection behaviour of network operators. It finds no measurable effects of GDPR on interconnection topology at the network level, with networks in the EEA growing at a rate similar to networks in non-EEA OECDcountries and only economically small effects on the entry and the number of networks. 

Maria Savona, 17 January 2020

Personal data have value, and economists failed to predict that this value would become concentrated in the hands of digital platforms. The column presents a novel data-rights approach to redistributing data value while not undermining the ethical, legal and governance challenges of doing so. This can be done by giving individuals authorship rights to their personal data.

Jian Jia, Ginger Jin, Liad Wagman, 07 January 2019

The EU’s General Data Protection Regulation was a landmark piece of legislation stipulating how businesses approach consumers’ privacy with regards to data. Using EU and US data, this column explores how the legislation impacted technology venture investment. The implementation of GDPR had an immediate, pronounced, and negative effect on investment. However, these results do not necessarily constitute a welfare loss, and the long-term effects of GDPR remain to be seen. 

Aaditya Mattoo, Joshua P. Meltzer, 23 May 2018

The EU’s privacy regulation threatens developing country exports of data-based services by making data transfers more difficult. Traditional trade rules and regulatory cooperation cannot resolve this conflict. The column argues that the way forward would be to design trade rules that reflect the bargain struck in the EU-US Privacy Shield. Data destination countries would promise to protect the privacy of foreign citizens in return for source countries promising not to restrict data flows.

Events

CEPR Policy Research