Abstract
We document short-run changes in websites and the web technology industry with the introduction of the European General Data Protection Regulation (GDPR). We follow more than 110,000 websites and their third-party HTTP requests for 12 months before and 6 months after the GDPR became effective and show that websites substantially re-duced their interactions with web technology providers. Importantly, this also holds for websites not legally bound by the GDPR. These changes are especially pronounced among less popular websites and regarding the collection of personal data. We document an increase in market concentration in web technology services after the introduction of the GDPR: Although all firms suffer losses, the largest vendor—Google—loses relatively less and significantly increases market share in important markets such as advertising and analytics. Our findings contribute to the discussion on how regulating privacy, artificial intelligence and other areas of data governance relate to data minimization, regulatory com-petition, and market structure.
Original language | English |
---|---|
Pages (from-to) | 318-340 |
Number of pages | 23 |
Journal | Marketing Science |
Volume | 41 |
Issue number | 4 |
DOIs | |
Publication status | Published - 1 Jul 2022 |
Externally published | Yes |
Keywords
- Brussels effect
- GDPR
- Antitrust
- Competition policy
- Compliance risk
- Cookies
- Data governance
- Data minimization
- Internet regulation
- Privacy
- Regulatory competition
- Web tracking