06/06/2019 - By Guest Brussels Bubble

The GDPR Was Supposed to Boost Consumer Trust. Has it Succeeded?

By Daniel Castro and Eline Chivot

According to recently released survey data that was collected in November 2018, European trust in the Internet is at its lowest in a decade. These results show that the General Data Protection Regulation (GDPR)—which the EU has touted as the gold standard for data protection rules—has had no impact on consumer trust in the digital economy since it came into force last May. Moreover, these findings suggest that the conventional wisdom among EU policymakers—that more regulation is necessary to spur consumer trust and innovation in the digital economy—is fundamentally flawed and should be abandoned.

According to the Eurobarometer, a series of regular public opinion polls conducted on behalf of the European Commission, online consumer trust has declined in Europe over the past year. In November 2018—six months after the GDPR went into effect—only 32 percent of EU respondents indicated that they “tend to trust” the Internet, down 2 percentage points from a year earlier. As shown in Figure 1, this was the lowest level of consumer trust in over a decade. These findings suggest that the EU’s approach to regulating the digital economy has been largely ineffective in achieving one of its primary goals.

Figure 1: Percent of EU respondents who “Tend to Trust” the Internet, 2009-2018

These survey results are significant because the GDPR was intended to solve the problem of online consumer trust. The day before the GDPR went into effect, Vice-President for the Digital Single Market Andrus Ansip stated, “The new rules ensure that citizens can trust in how their data is used and that the EU can make the best of the opportunities of the data economy.” Vĕra Jourová, Commissioner for Justice, Consumers and Digital Economy echoed this point and said, “Beyond that, the new rules are beginning to set a global standard for privacy. They will help to bring back the trust we need to be successful in a global digital economy.”

Indeed, EU policymakers have been adamant that the GDPR would increase consumer trust because this allows them to deflect the criticism that astronomical regulatory costs—the GDPR will likely cost the private sector hundreds of billions—will significantly negatively impact businesses and consumers. They argue that rising levels of consumer trust lead to greater adoption of digital technologies, creating growing markets and more innovation. While this may sound like a plausible theory, the evidence overwhelmingly shows that beyond a minimum baseline level of trust, greater regulation of has little to no impact on consumer adoption and use of the Internet.

Yet this same message—that additional regulation is necessary to promote consumer trust and thus unlock innovation—is the basis for a slew of proposed European regulation demanding additional oversight of digital platforms, social networks, and other Internet companies. In addition, it has been the dominant talking point among EU policymakers about AI. For example, Mariya Gabriel, European Commissioner for the Digital Economy and Society, has argued, “Trusted AI can be a significant competitive advantage for European companies. Ethics and business must go hand in hand, since without trust, citizens will not go for the new technology.” And in response to the release of new proposals for building consumer trust in AI, Vice-President Ansip stated, “It is only with trust that our society can fully benefit from technologies.”

The EU’s efforts thus far seem to have had zero impact on online consumer trust at best and have been counterproductive at worst. Going forward, EU policymakers should consider the evidence before blindly continuing down this same tired and fruitless path.

Disclaimer: The views and opinions expressed in this article are those of the authors and do not represent the views of the platform.