European Union

Study: Europe's Aggressive Privacy Regulations Are Killing App Innovation

Consumers lose out when compliance costs prevent services from ever entering the market.

|

A newly released working paper purports to show that extensive tech privacy laws implemented by the European Union in 2018 have significantly stifled app innovation and potentially deprived consumers of useful products.

The report was released by the National Bureau of Economic Research, and it attempts to calculate the consumer effects of the General Data Protection Regulation (GDPR), a far-reaching European Union privacy law that forces online sites, platforms, and phone apps to more carefully get user buy-in for collecting and sharing their data. The regulations have caused massive headaches for media outlets, online providers, app manufacturers, and really anybody attempting to provide any sort of online consumer service.

Compliance costs are high and fines for failing to do so are significant—as of April 2022, E.U. regulators have levied more than 1.6 billion euros in fines (about $1.7 billion) to rule-breakers.

Critics of the passage of the GDPR warned that the regulations would stifle innovation and entrench the dominance of the tech industry's biggest companies, who could afford the compliance costs and would therefore essentially be less threatened by potential upstarts coming for their customers.

This new paper attempts to analyze the consumer impact on the app market for an estimated 4.1 million apps in the Google Play Store. The paper's title, "GDPR and the Lost Generation of Innovative Apps," makes its conclusion clear. The working paper's four writers drilled down into the data and determined that GDPR helped push the exit of a third of available apps and  also suppressed the introduction of new apps into the market. New app introductions in the quarters following the launch of GDPR enforcement dropped by half.

"Whatever the privacy benefits of GDPR, they come at substantial costs in foregone innovation," the authors note.

The 49-page working paper has to contend with quite a few unknowns, and it's honest about them. Can we be sure that the apps that were never introduced to the market but for GDPR would have been any good or served consumer needs? Can we be sure GDPR is responsible, given that Google and Apple themselves have introduced their own privacy rules independently from GDPR that also affect who is allowed in their marketplace?

The authors do their best to nail down as much evidence as possible that GDPR is hampering innovation, but they do acknowledge some challenges. One big problem is the lack of a control group. Because of the international nature of these tech products and that the GDPR's regulations affect companies that aren't even based in the European Union, the paper's writers were not actually able to geographically separate where GDPR influenced the app market. When GDPR was first implemented, people in America got spammed with privacy notifications from websites and apps as a result of the regulations. We're all living under the impacts of GDPR no matter where we are.

But what the authors were able to calculate was that both highly successful and less successful apps saw declines following the implementation and enforcement of GDPR. Because compliance with GDPR increased costs to produce and introduce apps, developers needed to increase the number of users in order to break even. This contributed to fewer apps ever getting to the market.

Would those apps have mattered? Were consumers actually deprived of a valuable product? How does one calculate the value of what isn't created? So what the authors did was take note of the decline in the number of apps that saw a lot of downloads and compare it to the decline in the number of apps that saw few downloads. What they saw was a sharp decline in both successful and unsuccessful apps entering the market. It wasn't just bad or predatory apps being affected by GDPR.

As such, the writers logically conclude that apps that would probably have seen some sort of success and would have met some sort of consumer need never entered the marketplace because of GDPR. What these apps might have done we can't possibly know, but the data shows "GDPR's halving of entry prevents the births of as many would-be successful as would-be unsuccessful apps."

There is a cost to us users here in the form of a reduction in the consumer surplus, the excess benefit consumers get from getting more from a product than we have to pay. The report's authors calculate that the consumer surplus per quarter dropped from $45 billion to $30 billion per quarter due in the app marketplace to the impact of GDPR—about 32 percent. They also calculate that GDPR raises costs to produce apps by more than 30 percent. In all, this is just another way of saying that consumers have fewer choices due to the lack of innovation and therefore less market power.

The report's authors conclude that when the quality of a product is unpredictable (like an unknown or not-yet-existent app), the ease of entry into a marketplace is important to help determine its value to consumers. When regulatory barriers like GDPR drive up entry costs, then there can be "substantial [consumer] welfare losses" in the form of stillborn products and services we might want or need but never see.