Using data on 4.1 million apps at the Google Play Store from 2016 to 2019, we document that GDPR induced the exit of about a third of available apps; and in the quarters following implementation, entry of new apps fell by half. We estimate a structural model of demand and entry in the app market. Comparing long-run equilibria with and without GDPR, we find that GDPR reduces consumer surplus and aggregate app usage by about a third. Whatever the privacy benefits of GDPR, they come at substantial costs in foregone innovation.
We have five broad findings. First, GDPR sharply curtailed the number of available apps, via two mechanisms. When it took effect, GDPR precipitated the exit of over a third of available apps; and following its enactment, the rate of new entry fell by 47.2 percent, in effect creating a lost generation of apps. Second, consistent with the unpredictability of app success, the falloff in app entry prevented the launch of both ultimately-successful and ultimately-unsuccessful apps. The numbers of apps reaching ten thousand or one hundred thousand cumulative installations within, say, four quarters of birth fell nearly as much as the decline in overall entry. Third, apps became less intrusive after GDPR, although the decline in intrusiveness was partly the continuation of a pre-existing trend. Fourth, average usage per app rose for the vintages launched after the imposition of GDPR, consistent with GDPR raising app development costs. Fifth, using the structural entry model, we estimate that the depressed post-GDPR entry rate would give rise to a longrun 32 percent reduction in consumer surplus and a 30.6 percent reduction in aggregate usage and therefore revenue. Whatever the benefits of GDPR’s privacy protection, it appears to have been accompanied by substantial costs to consumers, from a diminished choice set, and to producers from depressed revenue and increased costs.
Rebecca Janßen, Reinhold Kesler, Michael E. Kummer & Joel Waldfogel
This study made some rounds on Twitter a couple of weeks ago, probably timed to coincide with the 4th anniversary of the adoption of GDPR. I haven’t read the entire 50 pages of it, but this certainly looks like GDPR working as intended, weeding out low quality apps that existed primarily to illegally harvest user data. The study unquestionably repeats the Big Tech talking point that fewer apps equal less innovation, as if anything new was necessarily innovative and value-added as well. Google is also constantly removing apps from the Play Store for breaching its rules – you don’t see anyone bemoaning that Google is stifling innovation by enforcing basic quality standards.
The arguments about decreased consumer choices are particularly laughable. There are still millions of apps in the Play Store and, according to surveys ironically cited inside the paper, an average user has only 40 apps installed on his smartphone; out of those 40 apps, 89% of the time is split between 18 apps. More than half of installed apps remain unused, so they don’t provide any ongoing value to users (they are probably used on rare occasions, when traveling for example, and could be replaced by visiting a website). Would anyone notice if some of these infrequently used apps were to disappear?
Other data points in the study show positive effects of GDPR, such as the substantial increase of the average usage per app. The authors attribute this to higher development costs and potentially lower revenue per user… with no justification whatsoever! More likely this reflects an increase in app quality and user trust, and should also reflect positively on developer revenues.
The developer survey in the appendix also undermines some of the conclusions, as the self-reported figures on app removals or non-launches are much lower than a third as cited in the study. This could indicate a developer exodus (meaning they ceased being developers in the wake of GDPR and no longer respond to such surveys), but, again, who wants developers who only launch data harvesting apps?
To shed further light on the experiences of companies who have to comply with GDPR, we conducted a survey among app developers with regard to GDPR. This offers additional information about the benefits and challenges coming with the new privacy regulation. In the following, we will provide further details on the data and results.
99.2% of respondents know about the introduction of GDPR, 60.6% of respondents see it as an effective instrument for better data protection. While more than 80% of developers do not see any changes in demand for their apps or the level of data collection, there are still quite some effects on their everyday work. 13.7% of developers have removed at least one of their apps temporarily. This may be due to necessary adaptions in order to comply with the new regulations. For 6.5% of respondents even a complete deletion of at least one of their apps was necessary. Others did not launch prepared apps due to GDPR (8.6%).
Post a Comment