This unexpected externality of GDPR

GDPR has complex effects on the exploitation of users' personal data

Since its implementation, GDPR requires companies to obtain the consent of users to collect and use their personal data. What are its effects on the exploitation of personal data?

Trust indicator
- Reading depth: superficial reading (1/3)
- Scientific proximity: average scientific proximity (2/3)
Learn more β†’

In a recent article published in the RAND Journal of Economics, Guy Aridor, Yeon-Koo Che and Tobias Salz measure several effects using data, including the following two:

  1. 12.5% of users refuse to allow tracking cookies to be placed in their browser.
  2. Paradoxically, users who accept cookies are easier to track.

These two effects suggest that GDPR could have created a new externality: users who refuse tracking cookies could make other users easier to track.

The effects of this externality are not clear. It could have two main ones:

  1. The externality improves the experience of users who accept cookies, by offering them advertisements and product suggestions better suited to their taste.
  2. The externality reduces the well-being of these same users, if companies manage to use the data they collect to increase their prices in a targeted way (up to the marginal willingness to pay of the tracked users). In this case, users who accept cookies experience a welfare reduction, as the price of some of the goods and services they buy online increase, without any other benefit.

Results from the article that I did not quote suggest that for the moment at least, it is probably the first effect that dominates.


Aridor, Guy, Yeon-Koo Che, and Tobias Salz. 2023. β€œThe Effect of Privacy Regulation on the Data Industry: Empirical Evidence from GDPR.” The RAND Journal of Economics 54 (4): 695–730.