The Competitive Effects of the GDPR
Journal of Competition Law and Economics (2020)
37 Pages Posted: 16 Mar 2020 Last revised: 24 Mar 2020
Date Written: March 4, 2020
The GDPR is the Magna Carta of data protection, the importance of which cannot be overstated. Yet, as this article shows, the price of data protection through the GDPR is much higher than previously recognized. The GDPR creates two main harmful effects on competition and innovation: it limits competition in data markets, creating more concentrated market structures and entrenching the market power of those who are already strong; and it limits data sharing between different data collectors, thereby preventing the realization of some data synergies which may lead to better data-based knowledge.
To illustrate its claims, the article analyzes the competitive dynamics created by the GDPR, focusing on how it affects the options available to firms for amassing the data necessary for their operations, and their resultant ability to realize economies of scale and scope in data analysis. It identifies seven main parallel and cumulative market dynamics that may limit data collection and data sharing, only some of which have been recognized so far. As shown, under some market conditions the GDPR has unintended and so far unrecognized effects on competition, efficiency, innovation, and the resultant welfare.
The dynamics identified in this article offer partial explanations for some of the troubling empirical evidence regarding investment in EU data-driven markets following the adoption of the GDPR. Furthermore, the analysis enables us to identify which effects are short-term and which are here to stay.
The effects on competition and innovation identified may justify a reevaluation of the balance reached to ensure that overall welfare is increased. The article suggests some means of reducing harmful competitive effects, while still protecting the vital goal of privacy, including reaching a better balance between data protection and competition law, reducing uncertainty in the GDPR, creating certification mechanisms for GDPR compliance, and structuring of mandatory data-sharing obligations under other laws in a way which is sensitive to the dynamics of data markets.
Keywords: GDPR, Competition, Data Protection, Privacy, CCPA
Suggested Citation: Suggested Citation