The Impact of Privacy Laws on Websites and Users

Policymakers worldwide draft privacy laws to increase user privacy by imposing strict legal requirements. At the same time, policymakers grant websites a degree of freedom in implementing these requirements. However, the effects of privacy laws and the granted implementation freedom on websites and users remain unclear. Yet, when drafting privacy laws, policymakers need to trade-off between increasing user privacy and limiting the harm to websites’ ability to earn revenue with the collected user data. Similarly, websites need to anticipate such effects, e.g., on their revenues, when deciding how to implement privacy laws. This dissertation encompasses three articles to shed light on the effects of privacy laws and their granted implementation freedom on websites’ revenues and user privacy, using the enforcement of the EU’s General Data Protection Regulation (GDPR). The articles show that while the GDPR has average negative effects on websites’ revenues, these effects vary across websites’ chosen implementation of GPDR. The dissertation further shows that the different implementations of the legal requirements impact user privacy. Thereby, this dissertation provides an empirical foundation of privacy laws’ effects on websites’ revenues and user privacy, aiding policymakers in evaluating or drafting privacy laws and websites in deciding how to implement them.