How Data Privacy Rules Affect U.S. Companies: Costs and Benefits

What is it about?

We develop a novel approach to study the effects of the EU's General Data Protection Regulation (GDPR) on U.S. firms. Our method compares firms exposed to GDPR with those not exposed, allowing us to isolate the regulation's impact while controlling for other factors. We examine how GDPR affects stock prices, sales growth, and data breach likelihood. Our findings show that GDPR-exposed firms experience negative stock returns and slower sales growth. However, these firms also invest more in cybersecurity and become less likely to report data breaches, particularly those related to hacking and malware. This suggests GDPR may be achieving its goal of enhancing data protection, potentially preventing millions of records from being breached annually. Our study provides some of the first evidence on both the costs and benefits of data privacy regulation, contributing to the ongoing debate about similar laws being considered worldwide.

Featured Image

Photo by Markus Spiske on Unsplash

Photo by Markus Spiske on Unsplash

Why is it important?

It examines the real-world effects of a major data privacy law (GDPR) on U.S. companies. We look at both the costs to businesses and the benefits for data security. Our findings show that while the law hurts companies financially, it also improves data protection. This is crucial information for policymakers and businesses as more countries consider similar laws. Our study is one of the first to show concrete evidence of both the downsides and upsides of strict data privacy rules. This balanced view can help shape better policies in the future. Additionally, our method for studying these effects is new and could be used to examine other regulations, making it valuable for future research.