Business Report

Privacy Laws Turn Europe into Economic Laboratory

Is Europe’s strict stance on protecting people’s data costing it business—or creating new opportunities?

In the tradition of printed newspapers, most news websites reserve the prime real estate “above the fold” for their biggest headlines. Since late May, however, sites including the Financial Times and the Economist have instead been greeting visitors with a text box warning them that they are being tracked.

The notifications explain to readers that the publications have placed a cookie in their browsers—a bit of code that allows the sites to record what pages they visit. Cookies are hardly unusual: many websites (including Technology Review’s) place a half-dozen in visitors’ machines. What is unusual is that a website would bother to tell anyone.

But both these news sites are based in Europe, where legislators seeking to put individual rights ahead of advertisers’ interests have enacted a series of tough rules about protecting data online. The cookie warnings stem from a 2009 ruling by the European Parliament requiring that sites ask permission before placing a tracking cookie. That rule is only taking effect now, but even tougher ones are planned. In January, European legislators proposed a far-reaching data protection law that would allow people to demand copies of any information companies store about them and even give them a “right to be forgotten,” or to demand that such data be deleted.

At a time when stricter online privacy controls are being debated in the United States, Europe offers a laboratory for studying their economic impact. In the U.S., few rules control what data companies can collect online or how they can use Internet tracking technology. Recently, the U.S. Congress and agencies like the Federal Trade Commission have begun calling for mechanisms that would let consumers have more say over who tracks them.

Advertisers say such privacy controls would hobble investment and innovation, bolstering their argument by pointing to studies showing that Europe’s privacy rules have had negative effects on technology investment and on the eurozone’s €20.9 billion online advertising sector.

Economist Catherine Tucker of MIT, for instance, examined the effectiveness of online ads in 10 countries both before and after Europe began enforcing the 2002 e-Privacy Directive, an earlier rule that, among other controls, limited companies’ ability to target advertisements on the basis of a viewer’s past browsing history.

Tucker’s study, published in Management Science in 2010, found that in European countries that implemented the directive, the effectiveness of online ads (as measured by a survey of consumers’ interest in buying advertised items) dropped 65 percent. Among the sites most affected were news outlets, Tucker found, leading her to conclude that privacy regulation could have “sizable effects for the advertising-supported Internet.” Although Tucker didn’t measure the effect on publishers’ revenues, advertisers generally pay less for less effective forms of advertising.

Cookie alert: A warning tells Financial Times readers that they are being tracked. The disclosures are the result of European privacy laws.

Other recent research finds that Europe’s regulations have scared off some investors. Economist Joshua Lerner at Harvard Business School studied the effect of European legislation on venture capital investments in online advertising firms. In an industry-funded paper published this year, Lerner estimated that investment in European companies dropped about 73 percent following the implementation of the 2002 directive.

Overall, Lerner calculated that over a period of eight years, venture capitalists invested around $249 million less than expected. Europe’s privacy stance, he says, “seems to have had a substantial impact in terms of the willingness of investors to invest in certain sectors.”

Some industries, however, are finding that Europe’s rules have actually given business a boost. Entrepreneur Jason Currill, an expert in cloud computing, remembers how German companies began telling him they needed to store their data locally instead of on servers in the U.S. They were worried about the USA Patriot Act, antiterrorism legislation that gives the U.S. government wide latitude to demand access to types of data that European laws protect.

So Currill decided to launch a company, Ospero, to help Europeans store their data locally. The company he started now provides cloud computing services in 19 countries and touts the importance of “data sovereignty” in its marketing materials.

Such marketing strategies are evidence that data laws can act as trade barriers, just as tariffs do for industries such as manufacturing. In the short term, that means tougher policies could promote investment, as companies that might otherwise have hosted data outside Europe rush to install local data centers. Building and managing those facilities keeps money, just like data, in Europe.

Even so, the net economic effect of Europe’s data philosophy is difficult to pin down, and many companies contend that trying to legislate fast-moving technology is a bad idea. In a February position paper, Microsoft’s director of privacy in Europe, Jean Gonié, said the region’s challenge is “how to protect Europeans’ privacy while also encouraging innovation and facilitating the productivity and cost-efficiency offered by new computing paradigms.” Although Gonié praised aspects of Europe’s latest privacy proposals, which simplify some requirements, he complains that legislators risk “designing technology and business processes” by force of law.

Tucker says that as long as European and American privacy rules continue to differ, the situation may constitute “the perfect natural experiment” for studying the effects of privacy controls on Internet businesses. She predicts, however, that U.S. rules may drift toward Europe’s privacy-weighted system in the long run “because we think it’s something consumers want.”

It’s even possible that Europe’s stricter requirements may end up becoming de facto global policies for companies that serve audiences in many jurisdictions. That is the case for the Financial Times, says Kristina Eriksson, a spokeswoman for the newspaper. She says the site now displays the same cookie warning in the United States and Europe so that the publication’s audience has a “consistent experience” worldwide; the newspaper hasn’t seen any negative effects on traffic.

Weren't able to make it to EmTech? We've got you covered.
Read coverage
Watch video

Uh oh–you've read all five of your free articles for this month.

Insider Online Only

$19.95/yr US PRICE

Next in this Business Report

The Value of Privacy

Internet advertising is the global $70 billion business that powers services like Google and Facebook. But has tracking of Web users gone too far?

You've read of free articles this month.