By regulating how firms collect, store, and use data, privacy laws may change the role of data in production and alter firm demand for information technology inputs. We study how firms respond to privacy laws in the context of the EU's General Data Protection Regulation (GDPR) by using seven...

This paper reviews the economic literature on the European Union's General Data Protection Regulation (GDPR). I highlight key challenges for studying the regulation including the difficulty of finding a suitable control group, variable firm compliance and regulatory enforcement, as well as the...

Thanks to big data, artificial intelligence (AI) has spurred exciting innovations. In the meantime, AI and big data are reshaping the risk in consumer privacy and data security. In this essay, I first define the nature of the problem and then present a few facts about the ongoing risk. The bulk...

Many platforms deploy data collected from users for a multitude of purposes. While some are beneficial to users, others are costly to their privacy. The presence of these privacy costs means that platforms may need to provide guarantees about how and to what extent user data will be harvested...

The Internet comprises thousands of independently operated networks, where bilaterally negotiated interconnection agreements determine the flow of data between networks. The European Union's General Data Protection Regulation (GDPR) imposes strict restrictions on processing and sharing of...

The General Data Protection Regulation (GDPR) came into effect in the European Union in May 2018. We study its short-run impact on investment in new and emerging technology firms. Our findings indicate negative post-GDPR effects on EU ventures, relative to their US counterparts. The negative...

This paper derives a preference for data privacy from consumers' temptation utility. This approach facilitates a welfare analysis of different data privacy regulations, such as the GDPR enacted by the European Union and the CCPA enacted by the state of California, when a fraction of the...

This paper investigates whether larger quantities of historical data affect a firm's ability to maintain market share in Internet search. We study whether the length of time that search engines retained their server logs affected the apparent accuracy of subsequent searches. Our analysis...

Using data on 4.1 million apps at the Google Play Store from 2016 to 2019, we document that GDPR induced the exit of about a third of available apps; and in the quarters following implementation, entry of new apps fell by half. We estimate a structural model of demand and entry in the app...

We develop a novel firm-level measure of cybersecurity risk using textual analysis of cybersecurity-risk disclosures in corporate filings. The measure successfully identifies firms extensively discussing cybersecurity risk in their 10-K, displays intuitive relations with quantitative measures of...