GDPR and the Lost Generation of Innovative Apps. Rebecca Janßen, Reinhold Kesler, Michael E. Kummer & Joel Waldfogel. NBER Working Paper 30028. May 2022. DOI 10.3386/w30028
Using data on 4.1 million apps at the Google Play Store from 2016 to 2019, we document that GDPR induced the exit of about a third of available apps; and in the quarters following implementation, entry of new apps fell by half. We estimate a structural model of demand and entry in the app market. Comparing long-run equilibria with and without GDPR, we find that GDPR reduces consumer surplus and aggregate app usage by about a third. Whatever the privacy benefits of GDPR, they come at substantial costs in foregone innovation.
7 Conclusion
GDPR has had substantial effects on Google’s app market. In the year following its
implementation, about a third of existing apps exited the market; and following GDPR’s
enactment, the rate of app entry fell by more than half. Moreover, GDPR-diminished entry cohorts account for 41 percent less app usage than their pre-GDPR counterparts,
indicating that the missing apps would have been valuable. Finally, apps entering after
GDPR have higher average usage per app, suggesting increased development costs. We
incorporate these patterns into a structural model of app demand and entry, and we
find that GDPR reduces consumer surplus, app usage, and – if revenue per user did not
change – developer revenue by about a quarter.
We have two broad conclusions, one about innovation in general and the other about
GDPR in particular. First, we conclude that GDPR, whatever its beneficial impacts on
privacy protection, also produced the unintended consequence of slowing innovation. It
is possible that privacy is valuable to consumers in ways that do not manifest themselves
in usage choices. Indeed, this is the “privacy paradox” that others (Acquisti et al., 2016;
Norberg et al., 2007) have documented: Citizens clamor for privacy protections in ways
that belie their behavior as consumers. We are hesitant to draw policy conclusions about
the advisability of GDPR from our results alone. A full evaluation of GDPR requires a
tallying of the potential beneficial effects on privacy, along with its various unintended
consequences such as increases in market concentration (Batikas et al., 2020; Johnson et
al., 2020), undermining revenue models for content production (Lefrere et al., 2020), and
– here – reducing beneficial innovation.
Second, we take our findings as additional evidence that when product quality is
unpredictable, the ease of entry is an important determinant of the ex post value of the
choice set to consumers. Factors reducing entry costs deliver large welfare benefits, while
factors hindering entry – such as GDPR – can deliver substantial welfare losses.