The economic value of personal data is mainly extracted through online intermediation services and big data analytics. The largest providers of these services are US OTTs. These are global market players with a leading position in the European market. As a result, the personal data of European users are widely processed by these providers. The EU and the US have different approaches to personal data protection and data privacy. In the US, privacy is a property right whereas in the EU, it is a fundamental right, which must be provided by the government. The European Commission has proposed a reform of personal data protection, the General Data Protection Regulation (GDPR), aiming to ensure that European consumers are protected according to European law whenever their data are processed outside the EU by foreign companies. According to the European Commission, the reform will bring economy-wide benefits to the EU. However, several studies on the economic impact of the reform have led to opposing conclusions. They claim that the extraterritorial application of the European law will impose a regulatory cost burden on US providers. This burden would hurt transatlantic trade in services, and would be detrimental to the European economy.
Our analysis shows that the GDPR is not a protectionist policy. The extraterritorial application of the European law will neither hinder competition nor disrupt cross-border data flows. On the contrary, the extension of European law to the US OTTs that target European consumers will contribute to establishing a level playing field between European providers and their US competitors in the European market. Both EU and US providers would obey European laws when processing European consumers' personal data. Nevertheless, the literature examined provides no evidence that reinforced standards of protection would foster the competitiveness of European services in world markets. Moreover, studies also suggest that the costs of applying the GDPR in the EU might outweigh the efficiency gains. In conclusion, the optimal trade-off between incentives to provide innovative services and the obligation to protect privacy as a fundamental right has yet to be achieved by the European regulation.
Rather than increase administrative burden, an efficient data protection policy should base European users' protection on modernised, more dynamic principles, supporting the capability of European industry to compete and innovate on fair and efficient grounds for the benefit of European users and of the European economy.