GDPR and the Lost Generation of Innovative Apps∗

The General Data Protection Regulation (GDPR), enacted with the goal of protecting user privacy, imposed compliance costs on app developers and may have inhibited revenue generation. Using data on 4.1 million apps at the Google Play Store from 2016 to 2019, we document that GDPR induced the exit of about a third of available apps. Moreover, in the quarters following implementation, entry of new apps fell by over half. While the exiting apps had very little usage, the reduction in entry was more consequential for consumers. Because app success is unpredictable at launch, the missing apps would have been nearly as useful, on average, as those that still entered: Post-GDPR entry cohorts, less than half as large as their preGDPR counterparts, account for just over half as much usage as average pre-GDPR cohorts at the same ages. After documenting these descriptive facts, we estimate a structural model of demand and entry in the app market. Comparing equilibria with and without GDPR, we find that GDPR reduces consumer surplus by 32 percent and aggregate app usage by 26 percent. We conclude that, whatever the privacy benefits of GDPR, they come at substantial costs to consumers and producers. JEL Classification: O31, L51, L82