[OP-ED] Adopt a GDPR-like data regime and watch growth sink, venture investment decline and consumer prices surge

December 06, 2018

Many governments, including in the U.S., are wrestling with how to govern the collection and use of personal data. Most characterize the issue as privacy or consumer protection, and some policymakers suggest that executives be imprisoned for commercial misuse of digital data. These issues are very important for individuals and our protection, but it is critical that policies also recognize the importance of digital data to our 21st Century Economy and the risk that too much “privacy” could hinder economic opportunity.

In economics it is unusual to have perfect conditions for real-time experimentation, but the European Union’s recent enactment of the General Data Protection Regulation (GDPR) provides a near-perfect laboratory that is already generating remarkable results. Our team’s initial studies comparing post-GDPR Europe and the U.S. strongly indicate that GDPR is connected to a double-digit reduction in venture investment, financing, and the total number of deals closed; a reduction in growth and hiring; and an increase in prices for consumers whom lawmakers intended to protect.

As I recently shared in a public hearing of the Federal Trade Commission, we found the economic effect of GDPR on investment and growth among small and early stage companies was immediate, pronounced, and negative. The concerns that drove these regulations are real and the goals they pursue are admirable, but as an economist who studies privacy I think the evidence is guiding us to regulate with more care and precision.

Policymakers are being asked to set new rules that govern data, the predominant driver of the modern digital economy. This is no small undertaking and it is worth taking a breath and the time necessary to appreciate the complexity of the challenge. For its part, GDPR is an ambitious and far-reaching data governance framework and should be instructive to policymakers globally, but in the case of the newly elected 116th Congress, the FTC, and even a handful of state governments considering state data policies, GDPR should be a cautionary tale rather than an inspiration.

Three times in the past few years I have investigated the impact of broad-based data regulations like GDPR. Every time I found evidence that regulations’ broad scope and one-size-fits-all approaches negatively impact businesses and consumers.

Early indicators suggest that Europe moved too aggressively. Even if the impact was not entirely due to GDPR, Congress should not ignore a 17 percent decline in venture funding for EU technology firms as compared to US firms following GDPR’s enactment in May. The impact was particularly negative – far worse than average – for Europe’s newest companies. Less investment always equals fewer jobs – and one estimate suggests that tens of thousands of jobs were not created.

In a second study, we compared how opt-in and opt-out data-sharing policies impact consumers in the mortgage market. GDPR requires opt-in policies for all categories of data, but America’s Gramm-Leach-Bliley Act permits U.S. banks to default to opt-out data sharing policies. When three counties in California enacted local opt-in requirements, another perfect laboratory was created and our team studied the effects – and the results are clear.

In the home mortgage market that is so important for our national economy and for homeownership opportunity, the three counties’ opt-in data-sharing policies created inefficiencies that produced mismatched loans and consumers and very harmful impact. Mismatched loans meant higher prices (interest rates), higher default rates and more foreclosures. This is a heavy price to pay for reducing data-sharing.

In a third study we documented that less data-sharing often leads to diminished consumer welfare, for similar reasons to the mortgage market inefficiency noted above. Basic economic principles assume that full information maximizes efficiency, including lower prices. Applying these principles to data-sharing models demonstrates that opt-out regimes typically — though not always — produce lower prices and more consumer welfare as compared to opt-in models.

The lesson of these studies is that higher standards or more rigorous data protection is not always absolutely better. When it comes to adopting new policies about data restrictions, we should embrace nuance. We should seek dynamic solutions, tailored to meet the individual needs of each market, each country, and each jurisdiction. We should avoid approaches that place a disproportionate cost on smaller businesses or risk limiting some consumers’ access to market, and we should never be afraid to take the time required to get it right. The price for rushing this process is far too high.

Liad Wagman is Associate Professor of Economics at Illinois Institute of Technology’s Stuart School of Business in Chicago and Visiting Associate Professor of Executive Education at Northwestern University’s Kellogg School of Management.​