Skip links

Europe’s data protection laws cut data storage by making information-wrangling pricier

Europe’s General Data Protection Regulation (GDPR) has led European firms to store and process less data, recent economic research suggests, because the privacy rules are making data more costly to manage.

In a paper titled “Data, Privacy Laws and Firm Production: Evidence from the GDPR,” distributed this week via the National Bureau of Economic Research (NBER), monetary boffins explore the cost of privacy. They start by analyzing corporate cloud computing, citing previous research that suggests the cost of GDPR compliance ranges from $1.7 million for SMBs to $70 million for large organizations.

GDPR was enacted in 2016 and affects more than 20 million firms in dozens of countries. And since then, other countries have followed suit with their own privacy rules – all of which have economic implications.

The consequence of Europe’s privacy regime, according to the researchers, is that “EU firms decreased data storage by 26 percent and data processing by 15 percent relative to comparable US firms, becoming less ‘data-intensive.'”

Four economists – Mert Demire (MIT Sloan School of Management), Diego J Jiménez Hernández (Federal Reserve Bank of Chicago), Dean Li (MIT), and Sida Peng (Microsoft) – contributed to the report.

To comply with GDPR, EU firms have had to adopt measures that are the equivalent of a 20 percent increase on average in the cost of data. For businesses in data-intensive industries, the cost increases were larger: 24 percent in the software sector, compared to 18 percent for manufacturing and services.

GDPR and associated compliance measures have also increased the cost to produce information – though not to the same degree as data storage or computation costs.

“We find that the GDPR resulted in a 4 percent increase in the cost of producing information, a significantly smaller impact than the increase in the cost of data,” the paper asserts. “This is primarily because data is significantly cheaper than computation and therefore accounts for only a small share of the information cost.”

The authors stop short of determining whether the privacy provided by GDPR is worth the cost. The paper, they explain, doesn’t address the benefits consumers may derive from GDPR protections.

Past research suggests that the privacy afforded consumers under GDPR is mostly beneficial, but can be detrimental when a monopoly is involved. ®