GDPR induced the exit of about a third of available apps in the Google Play Store from 2016 to 2019; and in the quarters following implementation, entry of new apps fell by half

GDPR and the Lost Generation of Innovative Apps. Rebecca Janßen, Reinhold Kesler, Michael E. Kummer & Joel Waldfogel. NBER Working Paper 30028. May 2022. DOI 10.3386/w30028

Using data on 4.1 million apps at the Google Play Store from 2016 to 2019, we document that GDPR induced the exit of about a third of available apps; and in the quarters following implementation, entry of new apps fell by half. We estimate a structural model of demand and entry in the app market. Comparing long-run equilibria with and without GDPR, we find that GDPR reduces consumer surplus and aggregate app usage by about a third. Whatever the privacy benefits of GDPR, they come at substantial costs in foregone innovation.

7 Conclusion

GDPR has had substantial effects on Google’s app market. In the year following its implementation, about a third of existing apps exited the market; and following GDPR’s enactment, the rate of app entry fell by more than half. Moreover, GDPR-diminished entry cohorts account for 41 percent less app usage than their pre-GDPR counterparts, indicating that the missing apps would have been valuable. Finally, apps entering after GDPR have higher average usage per app, suggesting increased development costs. We incorporate these patterns into a structural model of app demand and entry, and we find that GDPR reduces consumer surplus, app usage, and – if revenue per user did not change – developer revenue by about a quarter. 

We have two broad conclusions, one about innovation in general and the other about GDPR in particular. First, we conclude that GDPR, whatever its beneficial impacts on privacy protection, also produced the unintended consequence of slowing innovation. It is possible that privacy is valuable to consumers in ways that do not manifest themselves in usage choices. Indeed, this is the “privacy paradox” that others (Acquisti et al., 2016; Norberg et al., 2007) have documented: Citizens clamor for privacy protections in ways that belie their behavior as consumers. We are hesitant to draw policy conclusions about the advisability of GDPR from our results alone. A full evaluation of GDPR requires a tallying of the potential beneficial effects on privacy, along with its various unintended consequences such as increases in market concentration (Batikas et al., 2020; Johnson et al., 2020), undermining revenue models for content production (Lefrere et al., 2020), and – here – reducing beneficial innovation.

Second, we take our findings as additional evidence that when product quality is unpredictable, the ease of entry is an important determinant of the ex post value of the choice set to consumers. Factors reducing entry costs deliver large welfare benefits, while factors hindering entry – such as GDPR – can deliver substantial welfare losses.