19 September 2016


'Do privacy laws affect the location decisions of internet firms? Evidence for privacy havens' by Fabrice Rochelandet and Silvio HT Tai in (2016) 42(2) European Journal of Law and Economics 339–368 comments
This paper empirically studies the location decisions of internet firms when they face high legal standards of privacy protection. Many factors might influence them: technological spillovers, lower taxation, and so on. Internet firms can also arbitrate national differences and many of them actually locate their activity in order to escape from national laws they consider over-stringent. In the current stage of development of the internet – the so-called Web 2.0 – the ease of access to personal data proved to be strategic input. So the more a jurisdiction makes collecting and using these data easy, the more attractive the country is, if all other things remain constant. One way for a firm to avoid such legal restrictions is to locate or to expand its business in less privacy protective countries. Our empirical results support this ‘no-privacy haven’ hypothesis. In particular, we highlight a new privacy paradox according to which the more stringent certain online privacy laws are, the more they induce firms to locate their business in less stringent countries, and finally the weaker actual privacy protection on the internet is.
The authors state
Privacy regulation is one of the most important debates in internet policy. For instance, Goldfarb and Tucker (2011) suggest that the EU’s e-Privacy Directive affects the performances of online advertising but more generally internet-based activities because of the importance of advertising revenues in supporting the development of the digital economy. A delicate compromise is to be found concerning legal restrictions on the commercial use of personal data. On the one hand, many online businesses are suspected of invading the privacy of individuals causing them various forms of harm. On the other hand, over-stringent rules can impede innovation on the web—targeted marketing, online customization—and perhaps impact internet firms’ location decisions in favor of less protective countries. In turn, this could entail a race to the bottom leading to laxer privacy to the detriment of internet users. This may be a new privacy paradox, i.e. stronger local privacy laws entail a reduction in global privacy protection for internet users. This new paradox can be explained by the contrast between national jurisdictions and the ‘global village’ nature of the internet.
In this paper, we pay particular attention to this dimension. We focus on privacy laws and ask how they affect the location decisions of internet firms in an international setting. In particular, we focus on the Web 2.0 services as the biggest users of personal data. Thus, our main question is whether more stringent privacy laws in one country can lead firms to locate or to expand their business into less protective countries.
One na├»ve approach might consist in considering the digital economy as a space where geography does not matter (Choi and Suh 2005). As a consequence, no significant physical or technological barriers would prevent online activities from expanding into digital networks while remaining located in their respective country of origin. Our first observations about the location of internet firms suggest that they tend to locate their business in countries that are often different from their national origin. Many factors may influence their location decisions: high-skilled and cheaper workers, spillovers and agglomeration effects, more favorable taxation, innovation policies, cluster development programs, and so on. Differences in national jurisdictions can also play an important role. Internet firms are often purported to locate their business overseas in order to exempt themselves from the jurisdiction of local law and thus benefit from a ‘legal haven’. For instance, illegal file-sharing networks often locate their servers in copyright-free countries (‘copyright havens’ or ‘copyright hells’). In the field of privacy, Facebook located its European headquarters in countries like Ireland but not in France, where legal protection of personal data is more stringent.
This paper shows that privacy and the legal protection of personal data explain the location decisions of internet firms. This result suggests a ‘no-privacy haven’ effect that induces them to locate their business in more privacy lax countries.
The rest of this paper is organized into five sections. The next section provides a brief survey of the literature that seeks to explain firms’ location decisions. The third section presents our hypotheses. Section 4 describes the method: variables used and the econometric model. Section 5 presents the main results. Section 6 envisages some policy implications.
The offer "Two legal implications"
 (1) The effectiveness of privacy regulation on the internet—as a ‘global’ network of networks—could justify a significant effort on the part of states to harmonize their privacy laws. Such an international agreement could be settled according to well-specified minimum standards as with the Berne Convention for the Protection of Literary and Artistic Works and the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) in the field of intellectual property. However, unlike these agreements, it seems that the governments that are the most likely to enable the prisoner dilemma underlying the ‘new privacy paradox’ to be overcome are also those which fully benefit from the locations of internet firms in terms of comparative advantages. So individuals might suffer for a long time from this race to the bottom. In addition, legal harmonization can have two negative effects: first, internet firms would be deprived of an opportunity to innovate by arbitrating between different legal orders; second, the harmonized standards could be fixed according to the "relative weights of interest groups asking for legal standards that benefit themselves, which can create inefficiencies if those standard rules prove to be unbalanced and generate losses of welfare due to legal irreversibilities over time" Ribstein and Kobayashi (2006). In the case of privacy, this risk seems to be prevalent because this social norm is currently moving and gqsit gives rise to many counter-claims from civil society, telemarketers, internet firms, and so on.
(2) The impact of privacy reinforcement and/or harmonization in terms of social welfare seems to be very tricky to evaluate. On the one hand, governments look for comparative advantages. Privacy protection level might be one of them if softening it can lead to greater benefits from more innovative services. On the other hand, individuals act as if they do not care anymore about their information privacy or as if they value it on a different basis than the sole protection of their intimacy over the internet. What constitutes an ideal privacy as a social norm under the context of Web 2.0? What is the actual impact of an improved preservation of privacy on individuals’ welfare if they do not care about it? How can a balance be found between (more certain) welfare gains in terms of innovation and (more uncertain) welfare losses in terms of a reduction of privacy? To some extent, government should soften the legal standards for the protection of personal data in order to attract more internet firms and stimulate innovations in online services. A major political challenge is then to be able to rank national priorities including privacy and competitiveness.