Press Release

GDPR may increase personal data sharing, Warwick Business School study reveals

Tue 21 Nov 2023

A recent study by Warwick Business School has uncovered an unexpected consequence of online privacy regulations like GDPR in Europe: an increase in the sharing of personal data.

The study’s findings are counterintuitive to the goals of such regulations, which are designed to protect online privacy.

Lead author Ram Gopal, Professor of Information Systems Management at Warwick Business School, explained the paradox: “Widespread privacy abuses have prompted calls for governments to protect consumer rights. But our research found that these policies led to an increase in third-parties and data sharing. This will remain the case as long as some Internet users are willing to accept higher data sharing in order to avoid paying for content.”

The study revealed that regulations requiring websites to disclose data-sharing practices and obtain user consent actually led to an increase in the number of third parties engaged, thus widening the scope of personal data distribution.

Gopal further highlighted the challenges in finding the right balance in privacy regulations: “Subsidising websites that follow stricter privacy guidelines is like using a scalpel, allowing policymakers to sculpt around target markets. Consent-based policies are more like a sledgehammer, hitting everyone equally. However, both approaches could drive some websites out of business due to a loss of revenue. This would reduce competition, which would be detrimental to Internet users and society in general.”

The study also discussed alternative regulatory approaches. ‘Consent-based’ regulation like GDPR is still relatively rare, with most countries, including all US states except California, adopting a non-intervention approach. However, there have been trials in subsidising websites in specific sectors like news and healthcare in the US for not sharing user data excessively.

Gopal concluded by emphasising the need for careful consideration in policymaking: “Policymakers need to be aware of these unintended consequences when making regulations.”

This study sheds light on the complex implications of online privacy regulations, suggesting that while the intent is to protect consumer rights, the outcome may be more nuanced, potentially leading to increased data sharing rather than curtailing it.

The research, in collaboration with Haskayne School of Business in Canada and Miami Herbert Business School in the US, was published in the journal Information Systems Research. Researchers used an automated tool to visit and analyse 100,000 top-ranked websites daily, observing the number of third parties involved and assessing the impact of regulatory policies.

Hungry for more tech news?

Sign up for your weekly tech briefings!

Send us a correction Send us a news tip