Europe's Data Protection Laws Cut Data Storage By Making Information-wrangling Pricier

Europe's General Data Protection Regulation (GDPR) has led European firms to store and process less data, recent economic research suggests, because the privacy rules are making data more costly to manage.

In a paper titled "Data, Privacy Laws and Firm Production: Evidence from the GDPR," distributed this week via the National Bureau of Economic Research (NBER), monetary boffins explore the cost of privacy. They start by analyzing corporate cloud computing, citing previous research that suggests the cost of GDPR compliance ranges from $1.7 million for SMBs to $70 million for large organizations.

GDPR was enacted in 2016 and affects more than 20 million firms in dozens of countries. And since then, other countries have followed suit with their own privacy rules – all of which have economic implications.

The consequence of Europe's privacy regime, according to the researchers, is that "EU firms decreased data storage by 26 percent and data processing by 15 percent relative to comparable US firms, becoming less 'data-intensive.'"

Four economists – Mert Demire (MIT Sloan School of Management), Diego J Jiménez Hernández (Federal Reserve Bank of Chicago), Dean Li (MIT), and Sida Peng (Microsoft) – contributed to the report.

• Staff say Dell's return to office mandate is a stealth layoff, especially for women
• Europe's datacenter dilemma is that hyperscalers are hogging them all
• Days after half a billion Asians went to the polls, Big Tech promises to counter 2024 election misinformation
• Europe loosens the straps tying Apple and Microsoft to tough antitrust rules

To comply with GDPR, EU firms have had to adopt measures that are the equivalent of a 20 percent increase on average in the cost of data. For businesses in data-intensive industries, the cost increases were larger: 24 percent in the software sector, compared to 18 percent for manufacturing and services.

GDPR and associated compliance measures have also increased the cost to produce information – though not to the same degree as data storage or computation costs.

"We find that the GDPR resulted in a 4 percent increase in the cost of producing information, a significantly smaller impact than the increase in the cost of data," the paper asserts. "This is primarily because data is significantly cheaper than computation and therefore accounts for only a small share of the information cost."

The authors stop short of determining whether the privacy provided by GDPR is worth the cost. The paper, they explain, doesn't address the benefits consumers may derive from GDPR protections.

Past research suggests that the privacy afforded consumers under GDPR is mostly beneficial, but can be detrimental when a monopoly is involved. ®