ABSTRACT In April 2016, the European Union adopted the General Data Protection Regulation (GDPR), significantly expanding privacy protections for personal data handled by firms. I examine the regulation’s impact on U.S. firms’ internal information quality (IIQ) and operational efficiency. Although privacy regulations target one subset of firms’ information assets (i.e., personal data), they may spur broad improvements in firms’ information governance practices and systems, resulting in higher quality information available for decision-making and, by extension, more efficient operations. Using a difference-in-differences design, I find that U.S. firms with European operations (i.e., treated firms) exhibit improvements in IIQ around the adoption of the GDPR. Furthermore, although the GDPR’s regulatory burden is overall costly to firms, GDPR-induced improvements in IIQ contribute positively to operational efficiency. These findings highlight that privacy regulation can act as a catalyst for firms to improve IIQ, yielding operational benefits that may partially offset the regulation’s costs. Data Availability: All data are available from public sources discussed in the text. JEL Classifications: L51; M40; M41; K24.
Steven A. Maex (Fri,) studied this question.