Consumer consent and firm targeting after GDPR: the case of a large telecom provider

Research output: Contribution to journalArticlepeer-review

24 Citations (Scopus)


The general data protection regulation (GDPR) represents a dramatic shift in global privacy regulation. We focus on GDPR’s enhanced consumer consent requirements that aim to provide transparent and active elicitation of data allowances. We evaluate the effect of enhanced consent on consumer opt-in behavior and on firm behavior and outcomes after consent is solicited. Utilizing an experiment at a large telecommunications provider with operations in Europe, we find that opt-in for different data types and uses increased once GDPR-compliant consent was elicited. However, consumers did not uniformly increase data allowances and continued to generally restrict permissions for more sensitive or tangential uses of their personal information. We also find that sales, the efficacy of marketing communications, and contractual lock-in increased after consumers provided new data allowances. Additional analysis suggests that these gains to the firm emerged because new data allowances enabled them to increase their use of targeted marketing for households that were amenable to these marketing efforts. These results have significant implications for firms and policymakers and suggest that enhanced consent provided via GDPR may be effective for increasing consumer privacy protection while also allowing firms reliant on consumers’ personal information to improve outcomes.
Original languageEnglish
Pages (from-to)3175-3973
Number of pages49
JournalManagement Science
Issue number5
Publication statusPublished - May 2022


  • Consent
  • Field experiment
  • General data protection regulation
  • Instrumental variables
  • Panel data
  • Privacy


Dive into the research topics of 'Consumer consent and firm targeting after GDPR: the case of a large telecom provider'. Together they form a unique fingerprint.

Cite this