Skip to Content

Websites are (probably) making less money because of GDPR

July 24, 2019
An image of a person holding euros
An image of a person holding eurosMs. Tech; Original photo: Pixabay

The news: A new working paper suggests that websites are making less money because of the General Data Protection Rule (GDPR). It’s the first study of how the European privacy law affects the revenue of online businesses. 

GDPR went into effect in May 2018. The authors analyzed data from web marketing service Adobe Analytics and compared the numbers before and after GDPR in 2018 with numbers from same dates in 2017. The data covered 1,500 online firms (including 128 of the top 1,000 global sites) and included both content sites that make money through page views and e-commerce sites that make money through purchases. The data showed that recorded page views and revenue fell by about 10% for EU users. That’s about $8,000 less revenue per week for the median site. 

How could GDPR have caused this?: GDPR makes it harder for companies to collect customer data. In particular, customers now need to give permission to be tracked. The researchers speculate that this could hurt revenue in two ways. It might make people change their web habits: maybe constant pop-ups asking for permission to share data makes people worry about privacy and stop buying online. It could also reduce the amount of analytics data that businesses use to make decisions. 

The big caveat: That 10% revenue drop looks dramatic, but the actual number is probably lower. The Adobe Analytics data the researchers relied on is subject to GDPR too, meaning that just as fewer people are sharing data with other websites since May 2018, fewer are sharing data with Adobe Analytics. In other words, there might be a group of people who are browsing and buying just as much as before, but aren’t showing up in the Adobe data set. If so, they would offset some of that 10% revenue drop—probably not all of it, but the picture is incomplete. We don’t know how big the exact revenue effect is. 

Why it matters: A lot of the attention to the effects of GDPR has been around a handful of big companies that got penalized for breaking the rule. A French data protection group fined Google $57 million under GDPR back in January. Earlier this month, a UK data watchdog fined British Airways a record $230 million because of its data breach last year. But it’s also important to look at other effects. This new paper gives us a glimpse into the fates of web businesses more broadly, while another working paper suggests that the legislation has led to less venture capital investment in technology firms. 

Deep Dive


What happened to the microfinance organization Kiva?

A group of strikers argue that the organization seems more focused on making money than creating change. Are they right?

Six ways that AI could change politics

A new era of AI-powered domestic politics may be coming. Watch for these milestones to know when it’s arrived.

Cryptography may offer a solution to the massive AI-labeling problem 

An internet protocol called C2PA adds a “nutrition label” to images, video, and audio.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.