Welfare assessment of the GDPR using discrete choice experiment

This article examines preferences for new privacy protection mechanisms on the Internet introduced by the EU General Data Protection Regulation (GDPR). The authors estimate the monetary value of the basic instruments provided by the reform and assess the potential welfare benefits. For methodological reasons, they use a discrete choice experiment with stated preferences. This approach provides ex ante insight into users’ preferences for individual privacy control mechanisms, such as the right to be forgotten, the right to object to profiling, and the portability of personal data. Their study is based on an online survey conducted among 143 students of Polish universities before the introduction of the GDPR. These data were used to estimate a mixed logit model. The main conclusion of the analysis is that the introduction of the GDPR increases consumer surplus by improving control over the sharing of personal data. The estimated value of the median consumer surplus per capita is EUR 6,5 per month. Users primarily appreciate the right to be forgotten, extended information obligations, and the objection to profiling. The role of data portability is surprisingly underestimated. Preferences for the right to be forgotten are higher among the more privacy-conscious and lower among respondents who actively use more online services. Intensive online activity increases the need for informative and user-friendly privacy policies.