Emerging Data Indicates Potential Long-term Harm to the EU's Digital Economy due to GDPR
The European data protection law, GDPR, has been in effect for four years, and a new study provides further evidence that it has inflicted a lasting blow to the European digital economy. After its implementation, the rate of new app development for platforms like the Google Play Store in Europe dropped by about 47.2%, while investment in European tech startups declined by over 20%, and revenues of European tech companies fell by 2%.
The strict data protection requirements of GDPR, such as the need for privacy by design, robust user consent mechanisms, data minimization, and comprehensive data rights management, have increased development time and costs, dampening innovation incentives, particularly for smaller startups and app developers. The costs of GDPR compliance can range widely, often between $30,000 and over $300,000 depending on project scope.
GDPR requires strict data mapping and classification, limits data collection to what is necessary, mandates rights for users to access, correct, erase, restrict, and port their data, and demands data security measures including encryption and breach notification. These regulatory burdens increase development time and costs and compound challenges, such as managing third-party services and data transfers across borders.
The impact of GDPR was likely limited to apps that didn't reach the privacy thresholds required by the new law. However, the decline in new app entries has resulted in significant loss for jobs, income, growth, and consumer welfare. The number of successful apps (gaining more than 100,000 users after three quarters) also decreased by half due to the GDPR.
The EU continues to impose laws and regulations that are strangling the digital industry it wants to support. The British government has signaled its intention to loosen some of the GDPR's more burdensome features. The "law's fanatical promoters" dismissed concerns about GDPR's costs when they were initially raised. However, the costs of GDPR are substantial and have a negative impact on the EU's digital sector.
In the broader European strategy context, GDPR is seen as a critical but double-edged regulation. It protects individual privacy strongly, but it also constitutes a form of overregulation that can stifle innovation and economic growth compared with more innovation-friendly regimes elsewhere. Moreover, GDPR now increasingly intersects with other regulatory frameworks, such as the EU AI Act, which adds further compliance layers for apps utilizing AI technologies, necessitating technical and organizational measures to ensure legal AI use, further impacting app development complexity.
The EU defiantly broadcasts that the GDPR is working well. However, the significant reduction in app development and investment in tech startups within the EU due to GDPR's compliance costs and complexity presents a major challenge to the region’s digital economy growth and innovation capacity. The EU's ambitions for a Digital Decade are increasingly quixotic given the negative impact of GDPR on the digital sector. The spread of the "surveillance capitalism" meme by privacy activists has made it difficult for apps to turn a profit, and the study may provide the impetus for a more open and fact-based discussion about digital regulation in the EU.
- The GDPR, a European data protection law, has inflicted a lasting blow on the European digital economy by increasing development time and costs, dampening innovation incentives, particularly for smaller startups and app developers.
- The costs of GDPR compliance can range widely, often between $30,000 and over $300,000 depending on project scope, leading to substantial costs that have a negative impact on the EU's digital sector.
- The EU's Digital Decade ambitions are increasingly quixotic given the negative impact of GDPR on the digital sector, as the significant reduction in app development and investment in tech startups within the EU due to GDPR's compliance costs and complexity presents a major challenge to the region’s digital economy growth and innovation capacity.
- The GDPR now increasingly intersects with other regulatory frameworks, such as the EU AI Act, which adds further compliance layers for apps utilizing AI technologies, necessitating technical and organizational measures to ensure legal AI use, further impacting app development complexity.
- The spread of the "surveillance capitalism" meme by privacy activists has made it difficult for apps to turn a profit, and the study may provide the impetus for a more open and fact-based discussion about digital regulation in the EU.
