Skip to Content

Websites are (probably) making less money because of GDPR

July 24, 2019
An image of a person holding euros
An image of a person holding eurosMs. Tech; Original photo: Pixabay

The news: A new working paper suggests that websites are making less money because of the General Data Protection Rule (GDPR). It’s the first study of how the European privacy law affects the revenue of online businesses. 

GDPR went into effect in May 2018. The authors analyzed data from web marketing service Adobe Analytics and compared the numbers before and after GDPR in 2018 with numbers from same dates in 2017. The data covered 1,500 online firms (including 128 of the top 1,000 global sites) and included both content sites that make money through page views and e-commerce sites that make money through purchases. The data showed that recorded page views and revenue fell by about 10% for EU users. That’s about $8,000 less revenue per week for the median site. 

How could GDPR have caused this?: GDPR makes it harder for companies to collect customer data. In particular, customers now need to give permission to be tracked. The researchers speculate that this could hurt revenue in two ways. It might make people change their web habits: maybe constant pop-ups asking for permission to share data makes people worry about privacy and stop buying online. It could also reduce the amount of analytics data that businesses use to make decisions. 

The big caveat: That 10% revenue drop looks dramatic, but the actual number is probably lower. The Adobe Analytics data the researchers relied on is subject to GDPR too, meaning that just as fewer people are sharing data with other websites since May 2018, fewer are sharing data with Adobe Analytics. In other words, there might be a group of people who are browsing and buying just as much as before, but aren’t showing up in the Adobe data set. If so, they would offset some of that 10% revenue drop—probably not all of it, but the picture is incomplete. We don’t know how big the exact revenue effect is. 

Why it matters: A lot of the attention to the effects of GDPR has been around a handful of big companies that got penalized for breaking the rule. A French data protection group fined Google $57 million under GDPR back in January. Earlier this month, a UK data watchdog fined British Airways a record $230 million because of its data breach last year. But it’s also important to look at other effects. This new paper gives us a glimpse into the fates of web businesses more broadly, while another working paper suggests that the legislation has led to less venture capital investment in technology firms. 

Deep Dive


A brief, weird history of brainwashing

L. Ron Hubbard, Operation Midnight Climax, and stochastic terrorism—the race for mind control changed America forever.

Why the Chinese government is sparing AI from harsh regulations—for now

The Chinese government may have been tough on consumer tech platforms, but its AI regulations are intentionally lax to keep the domestic industry growing.

Eric Schmidt: Why America needs an Apollo program for the age of AI

Advanced computing is core to the security and prosperity of the US. We need to lay the groundwork now.

AI was supposed to make police bodycams better. What happened?

New AI programs that analyze bodycam recordings promise more transparency but are doing little to change culture.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.