Monday, June 27, 2022
General Data Protection Regulation (GDPR) aims to protect consumer data privacy, however, its adverse effects have been widely documented. We present a new model for the analysis of consumer data acquisition under privacy regulation. We treat both data and analytics as separate strategic variables and consider the heterogeneity of privacy costs across consumers. Using this model to examine the impact of GDPR, we identify a market failure before GDPR and find that GDPR activates a market for data acquisition by imposing consent requirements on data acquisition. We further study the optimal design of the mechanism for consumer data acquisition and deliver important policy implications for implementing the social optimum.