Does Privacy Regulation Harm Content Providers? A Longitudinal Analysis of the Impact of the GDPR

Lefrere, Vincent; Warberg, Logan; Cheyre, Cristobal; Marotta, Veronica; Acquisti, Alessandro

doi:10.2139/ssrn.4239013

Cited by 9 publications

(11 citation statements)

References 65 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the study also reveals a lag, and potentially non-compliance, in websites that fail to update their practices to align with evolving CCPA requirements. These ndings for the CCPA mirror in some respects research on the General Data Protection Regulation (GDPR), a European Union privacy law for entities that conduct collect and process personal information of residents of the EU [9,13,25,28]. For example, as a result of GDPR, the number of websites that have privacy policies increased over time, as did the number of websites with cookie consent banners [12].…”

Section: Consumer Protection Policy Implicationsmentioning

confidence: 77%

Measuring Compliance with the California Consumer Privacy Act Over Space and Time

Tran,

Mehrotra,

Chetty

et al. 2024

Proceedings of the CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

The widespread sharing of consumers' personal information with third parties raises signicant privacy concerns. The California Consumer Privacy Act (CCPA) mandates that online businesses oer consumers the option to opt out of the sale and sharing of personal information. Our study automatically tracks the presence of the opt-out link longitudinally across multiple states after the California Privacy Rights Act (CPRA) went into eect. We categorize websites based on whether they are subject to CCPA and investigate cases of potential non-compliance. We nd a number of websites that implement the opt-out link early and across all examined states but also nd a signicant number of CCPA-subject websites that fail to oer any opt-out methods even when CCPA is in eect. Our ndings can shed light on how websites are reacting to the CCPA and identify potential gaps in compliance and optout method designs that hinder consumers from exercising CCPA opt-out rights.

show abstract

Section: Consumer Protection Policy Implicationsmentioning

confidence: 77%

Measuring Compliance with the California Consumer Privacy Act Over Space and Time

Tran,

Mehrotra,

Chetty

et al. 2024

Proceedings of the CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

show abstract

“…This helped us isolate the effects and avoid spillover effects from other publishers, but, at the same time, it only enabled us to assess the early impacts of GDPR compliance. Many publishers introduced more cookies gradually after GDPR compliance (Lefrere et al 2022), and these publishers’ strategic changes may affect the long-term outcomes of the regulation. This is something future research could examine.…”

Section: Discussionmentioning

confidence: 99%

“…Regarding tracking technology, third-party cookies decreased by 22% (Libert, Graves, and Nielsen 2018), trackers declined by 9% (Lukic, Miller, and Skiera 2021), and the use of third-party web technology providers fell by between 3.1% and 12.8% (Peukert et al 2022) in the EU relative to non-EU regions after GDPR compliance. The GDPR was related to modestly lower web traffic, e-commerce orders, and revenue (Goldberg, Johnson, and Shriver 2022; Schmitt, Miller, and Skiera 2022), lower venture capital investment in the EU (Jia, Jin, and Wagman 2019, 2021), and more search frictions (Zhao, Yildirim, and Chintagunta 2021), and it had no effect on publishers’ content (Lefrere et al 2022). The regulation also hurt small web technology vendors more than big vendors (Johnson, Shriver, and Goldberg 2023; Peukert et al 2022).…”

Section: Literature Reviewmentioning

confidence: 99%

The Early Impact of GDPR Compliance on Display Advertising: The Case of an Ad Publisher

Wang¹,

Jiang²,

Yang³

2023

Journal of Marketing Research

View full text Add to dashboard Cite

The European Union (EU)’s General Data Protection Regulation (GDPR), with its explicit consent requirement, may restrict the use of personal data and shake the foundations of online advertising. The ad industry predicted drastic loss of revenue from GDPR compliance and has been seeking alternative ways of targeting. Taking advantage of an event created by an ad publisher’s request for explicit consent from users with EU IP addresses, the authors find that for a publisher that uses a pay-per-click model, has the capacity to leverage both user behavior and webpage content information for advertising, and observes high consent rates, GDPR compliance leads to modest negative effects on ad performance, bid prices, and ad revenue. The changes in ad metrics can be explained by temporal variations in consent rates. The impact is most pronounced for travel and financial services advertisers and least pronounced for retail and consumer packaged goods advertisers. The authors further find that webpage context can compensate for the loss of access to users’ personal data, as the GDPR’s negative impact is less pronounced when ads are posted on webpages presenting relevant content. The results suggest that publishers and advertisers should leverage webpage-content-based targeting in a post-GDPR world.

show abstract

“…Our work is inspired by advances in relevant disciplines, including legal research, behavioral economics, and psychology. Legal research is relevant insofar as it examines the practical implications of the legal framework, such EU's General Data Protection Regulation, on the design of tools which provide feedback to users [5,28,51]. Behavioral economics motivates our approach since they point out real-life effects of OSN participation.…”

Section: Related Workmentioning

confidence: 99%

Raising User Awareness about the Consequences of Online Photo Sharing

Schindler

Popescu

Nguyen

et al. 2023

Proceedings of the 2023 ACM International Conference on Multimedia Retrieval

View full text Add to dashboard Cite

Online social networks use AI techniques to automatically infer profiles from users' shared data. However, these inferences and their effects remain, to a large extent, opaque to the users themselves. We propose a method which raises user awareness about the potential use of their profiles in impactful situations, such as searching for a job or an accommodation. These situations illustrate usage contexts that users might not have anticipated when deciding to share their data. User photographic profiles are described by automatic object detections in profile photos, and associated object ratings in situations. Human ratings of the profiles per situation are also available for training. These data are represented as graph structures which are fed into graph neural networks in order to learn how to automatically rate them. An adaptation of the learning procedure per situation is proposed since the same profile is likely to be interpreted differently, depending on the context. Automatic profile ratings are compared to one another in order to inform individual users of their standing with respect to others. Our method is evaluated on a public dataset, and consistently outperforms competitive baselines. An ablation study gives insights about the role of its main components.

show abstract

Does Privacy Regulation Harm Content Providers? A Longitudinal Analysis of the Impact of the GDPR

Cited by 9 publications

References 65 publications

Measuring Compliance with the California Consumer Privacy Act Over Space and Time

Measuring Compliance with the California Consumer Privacy Act Over Space and Time

The Early Impact of GDPR Compliance on Display Advertising: The Case of an Ad Publisher

Raising User Awareness about the Consequences of Online Photo Sharing

Contact Info

Product

Resources

About