Economists & Regulators Examine GDPR’s Economic Impact at Paris Event

Key Takeaways

• Economic Impacts Under Review: CNIL and the French Treasury convened economists and regulators to evaluate how GDPR influences market outcomes, innovation, and consumer welfare.
• Benefits vs Costs: Experts stressed that compliance costs must be weighed against long-term gains in trust, legal certainty, and economic integration across the EU Single Market.
• Innovation Dynamics: GDPR imposes constraints on data access but is also driving the development of privacy-enhancing technologies and more trusted digital services.
• Competition and Data Power: Regulators underscored the need to address dominant data-driven business models and support a more level competitive environment.
• Global Reach: Discussions reaffirmed the “Brussels effect,” noting GDPR’s growing influence on international data standards and cross-border service trade.

Deep Dive

An international forum hosted in Paris this spring brought together more than 450 participants to scrutinize how the EU’s landmark data protection law, the General Data Protection Regulation (GDPR), is shaping innovation, competition, and economic outcomes across Europe and beyond.

The event, GDPR: What Economic Impact?, was organized by France’s data protection authority, the CNIL, alongside the French Treasury. With economists and regulators from the European Commission, the UK Information Commissioner’s Office, academia, and international institutions, the conference marked one of the most comprehensive policy-economics deep dives into GDPR since its enforcement seven years ago.

Opening the day, CNIL Chair Marie-Laure Denis underscored that GDPR compliance costs should not be assessed in isolation. The regulation also aims to support the EU Single Market by enabling trusted cross-border data flows, a goal rooted in both economic integration and fundamental rights protections.

While recent European Commission proposals explore targeted simplifications of the GDPR, Denis cautioned against oversimplifying the policy debate. With a substantial body of economic literature now available, she noted, regulators must understand how their interventions influence market behavior, even if they are not competition authorities in the traditional sense.

Innovation, Consumer Welfare, and AI’s Role

Dorothée Rouzet, Chief Economist at the French Treasury, presented three channels through which GDPR generates economic effects: consumer awareness and welfare, data market structure, and innovation. Although costs are easier to quantify than benefits, Rouzet stressed the importance of evaluating both to understand long-term outcomes.

On artificial intelligence, Nobel laureate Philippe Aghion highlighted the competitive dynamics shaping AI development. He argued that data access, and the GDPR rules that govern it, can either reinforce dominant positions or help level the playing field through tools such as data portability.

Privacy economics expert Alessandro Acquisti challenged the long-standing belief that privacy protection must be traded off against economic efficiency. Failures to safeguard data, he warned, can have devastating social consequences, while privacy-enhancing technologies can enable data use and protection simultaneously.

Mixed Market Effects, Evolving Methodologies

Researchers presenting at the event pointed to a highly varied economic impact across industries, markets, and firm sizes:

• Some studies identify short-term innovation frictions linked to reduced access to user-level data, particularly for smaller firms.
• Others show gains tied to streamlined data governance and increased consumer trust, with U.S. companies exposed to GDPR seeing improvements in operating results.
• Online behavior appears to have shifted toward a smaller number of trusted platforms.

Methodological challenges remain. Identifying control groups, measuring long-term effects, and analyzing smaller companies, where data is limited, continue to complicate robust evaluation. The panel encouraged caution against the so-called “lamp post effect,” in which analysts focus only on easily measurable outcomes.

Privacy as a Competitive Parameter

A recurring theme was the role of GDPR in shaping competition in the digital economy. Strong enforcement mechanisms, including deterrent sanctions, were viewed as critical for managing information asymmetries and reinforcing trust. However, the growth of the privacy-enhancing technologies sector has taken place largely outside Europe, raising questions about the EU’s innovation competitiveness.

To close such gaps, speakers highlighted strengthened cooperation between data protection and competition authorities. Joint work between the CNIL and France’s Autorité de la concurrence, for example, is intended to manage data-driven market power while sustaining consumer privacy.

Discussion also touched on the “Brussels effect”, the concept that the GDPR has exported European data protection norms globally. Far from creating non-tariff trade barriers, speakers argued that GDPR-based trust improves international service trade by reducing perceived digital risk.

Researchers emphasized that the economics of privacy is still an emerging field. Questions remain on the long-term effects of GDPR on market structure, innovation incentives, and how consumers ultimately benefit from increased control over their personal data.

As Acquisti concluded, developing a more empirical and holistic economic framework will be essential to fully understand the regulation’s enduring role in Europe’s digital economy.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.