It has been four years since the GDPR, the EU’s flagship data protection law, came into force. Plenty of empirical work shows that the GDPR imposes substantial costs on Europe‘s economy. It is unsurprising, therefore, that after departing from the EU, the British government has signaled its intention to loosen some of the GDPR’s more burdensome features. The EU, by contrast, defiantly broadcasts the message that the law is working well. Unfortunately, a new study provides further evidence that the GDPR has inflicted a lasting blow to the European digital economy.
The study’s authors collected data on millions of Android apps before and after the EU enacted the GDPR. Their findings are two-fold: on the one hand, GDPR caused the number of available apps to fall by about one-third. This outcome almost surely decreased consumer welfare as users could no longer access apps previously available. However, the impact was likely limited: these were apps that didn’t reach the privacy thresholds required by the new law, meaning they were likely not successful or popular enough to warrant software updates to ensure GDPR compliance. The real damage is caused by the dog that didn’t bark: the creation of new apps.
One of the appeals of the digital economy is that it empowers small teams of software developers and entrepreneurs to create new services and tools for Internet users. It takes very little by way of capital and skills to build digital businesses that attain a vast global user base. Take, for instance, Citymapper, a free transport planning app that covers over 80 cities worldwide and serves 50 million users—with less than 50 employees. One way for such a service to monetize its user base would be to process and sell the data it collects. However, privacy activists’ successful spread of the “surveillance capitalism” meme has made it exceedingly difficult for apps like Citymapper to turn a profit.
This brings us to the second and far more worrisome finding of the study: GDPR caused the number of new apps entering the market to drop by nearly 50 percent. The authors also studied the effect on apps that eventually become successful (defined as gaining more than 100,000 users after three quarters) and found, similarly, that their numbers declined by half. The significance of this should not be understated. Because of a badly designed law, it has become costlier and more difficult to build new apps. The fact that the rate of new app entries has fallen by one-half in 2018 is a significant loss for jobs, income, growth and consumer welfare. It is hard to quantify the amount of potential economic value lost as a result, since counterfactuals are unmeasurable. But the finding comes at the heel of widespread evidence of Europe’s relative economic decline.
It is increasingly clear that the costs of GDPR—pooh-poohed by the law’s fanatical promoters when concerns were initially raised—are substantial. The EU is proud to tout its ambitions for a Digital Decade. Given the dire performance of the EU’s digital sector, these pronouncements sound increasingly quixotic. The EU continues its contradictory strategy of setting grand aims for digital growth while imposing laws and regulations are strangling the very industry it wants to support. What supporters of a strong EU can only hope for is that this study will provide the impetus for a more open and fact-based discussion about digital regulation in the EU.