Impact of GDPR on data privacy and global digital trade in the mobile app market

The creation of the internet was driven by ideals of unrestricted connectivity, enabling people worldwide to share information freely, collaborate, and engage in commerce without significant barriers. Over time, however, concerns over national security and the protection of citizens' privacy led to demands for stricter data privacy regulations. These regulations have fragmented the internet, challenging its original concept of a borderless, open network. This has sparked debate over the role and scope of such regulations, with terms like "digital nationalism," "splinternet," "data localization," and "cyberbalkanization" popping up to describe the phenomenon. 

A key element of this debate is the impact of data privacy regulation. On one hand, the rapid advancement of technology, including artificial intelligence (AI), necessitates updated regulatory frameworks to address emerging challenges. On the other hand, critics argue that stricter regulations hinder the free flow of data across borders, making it difficult for foreign companies to compete, often favoring domestic firms. This stifles global digital trade, which depends heavily on the seamless movement of data—an essential component of today's economy.

Finding the right balance between safeguarding privacy and promoting connectivity is a complex challenge, further complicated by our limited understanding of the full impact of data privacy regulations. This uncertainty motivated my team—Gunwoong Lee, T.S. Raghu, Zhan (Michael) Shi, and myself—to explore the implications of such regulations. Our study, published under the title "Impact of the General Data Protection Regulation on the Global Mobile App Market: Digital Trade Implications of Data Protection and Privacy Regulations," seeks to shed light on this topic.

Focus on the global mobile app market

In our study, we focused on mobile apps, which are digital products that rely on data transfers whenever users interact with them. Take Facebook, for example: It was created in the U.S. (the exporter country), but used globally, such as in China (the importer country), where app usage represents digital trade.

We examined the European Union's (EU) General Data Protection Regulation (GDPR), which was implemented in 2018. GDPR was created to protect EU citizens' data and privacy. Under GDPR, any entity offering goods or services to EU residents must comply with the regulation, making it a significant regulatory model for global digital trade.

 GDPR introduced stringent rules giving EU citizens greater control over their personal data. They can access, revise, delete, or withdraw consent regarding their data, creating a robust framework for privacy protection. While it seems to impose stricter requirements on app publishers, we wanted to see what the real impact is. 

Economic significance 

Our analysis showed that approximately 7% of the top 30 free apps in GDPR-regulated countries shifted from native to foreign apps. Given that the mobile app market is heavily dominated by top-performing apps, this change is economically significant.

To quantify this, we referenced data from a third-party mobile app analytics firm. In Germany, apps in the top 30 free charts of the iOS App Store generate an average annual revenue of about $6 million. With Germany accounting for 20.3% of the total EU app market, our calculation suggests that GDPR’s economic impact could amount to roughly $62 million annually within the top 30 free charts in the EU.

Understanding the supply and demand effects

Our research focused on the performance of both native (EU-based) and foreign (non-EU) mobile apps in the European app market across 30 EU countries, before and after GDPR took effect. Surprisingly, we found that, post-GDPR, the performance of foreign apps in the EU market improved, while the performance of EU-based apps declined. 

On the supply side, GDPR likely affected app performance for several reasons. First, there are compliance costs, as companies must invest in redesigning apps to adhere to the regulation. Additionally, GDPR has limited the amount of user data companies can collect. Data is critical for personalizing services, understanding consumer preferences, and targeting advertisements, so having less data can reduce app quality as well as revenue. This may have placed EU-based companies, with a larger user base in Europe, at a greater disadvantage due to higher compliance costs and less data available for optimization.

Moreover, GDPR impacted market dynamics by making it harder for smaller firms to enter or remain in the market, potentially limiting innovation and competition.

On the demand side, GDPR appears to have had the opposite effect. Prior to the regulation, users were often hesitant to engage with foreign apps due to concerns about the lack of consistent data protections. GDPR’s mandatory protections reassured users, increasing their willingness to use apps from outside the EU—a phenomenon we refer to as the "reassurance effect."

Our analysis suggests that the demand-side reassurance effect was the main driver behind the improved performance of foreign apps in the EU market. 

Smart regulation can safeguard privacy without stifling digital trade  

Smart privacy regulations, while asserting sovereign rights over the historically borderless internet infrastructure, can still be designed to foster growth without stifling innovation. Although technical infrastructure ensures global compatibility, policymakers must craft regulatory frameworks that balance economic development with privacy concerns. Our study provides valuable insights for regulators navigating this challenge. 

Understanding the broader market impacts of data and privacy regulations is essential for fostering international policy collaboration aimed at balancing economic growth and protecting fundamental privacy rights. Our findings indicate that, while there are higher compliance costs for businesses, well-crafted privacy regulations can address legitimate data concerns without severely damaging digital trade. Furthermore, such regulations may reduce consumer bias toward domestic companies, creating new opportunities for multinational firms to enter global markets.