Effective Regulation and Firm Compliance: The Case of German Privacy Policies

Jacopo  Gambato; Bernhard  Ganglmair; Julia Krämer

doi:10.3386/w32913

Effective Regulation and Firm Compliance: The Case of German Privacy Policies

Jacopo Gambato, Bernhard Ganglmair, Julia Krämer

Civil Law

Research output: Working paper › Academic

Abstract

This chapter explores the interaction between the enforcement of and compliance with difficult-to-enforce rules in the context of data regulation. We focus on the effect of the introduction of the GDPR and its transparency principle on the readability of privacy policies for a large sample of German firms. Germany has a system of state-level data protection authorities. These data regulators enforce the same rules but face diverse funding situations, allowing for an ideal setting to study the role of a regulator's capacity in firms' compliance decisions. We find that while, on average, the GDPR lead to less readable policies, firms active in industries that have in the past received more regulatory scrutiny and those active in jurisdictions of better-funded data regulators exhibit a stronger compliance with the GDPR's readability requirement. These results exemplify a more general interaction between regulators' enforcement activity and firms' regulatory compliance.

Original language	English
Number of pages	23
Volume	32913
DOIs	https://doi.org/10.3386/w32913
Publication status	Published - 1 Sept 2024

Bibliographical note

JEL Classification: D22, K20, L51

Erasmus Sectorplan

Sector plan Recht-Empirical Legal Studies
Sector plan Recht-Public and Private Interests
Sector plan SSH-Breed

Access to Document

10.3386/w32913

Cite this

@techreport{affb4e42f1c949528529d0cbffd0376f,

title = "Effective Regulation and Firm Compliance: The Case of German Privacy Policies",

abstract = "This chapter explores the interaction between the enforcement of and compliance with difficult-to-enforce rules in the context of data regulation. We focus on the effect of the introduction of the GDPR and its transparency principle on the readability of privacy policies for a large sample of German firms. Germany has a system of state-level data protection authorities. These data regulators enforce the same rules but face diverse funding situations, allowing for an ideal setting to study the role of a regulator's capacity in firms' compliance decisions. We find that while, on average, the GDPR lead to less readable policies, firms active in industries that have in the past received more regulatory scrutiny and those active in jurisdictions of better-funded data regulators exhibit a stronger compliance with the GDPR's readability requirement. These results exemplify a more general interaction between regulators' enforcement activity and firms' regulatory compliance. ",

author = "Jacopo Gambato and Bernhard Ganglmair and Julia Kr{\"a}mer",

note = "JEL Classification: D22, K20, L51",

year = "2024",

month = sep,

day = "1",

doi = "10.3386/w32913",

language = "English",

volume = "32913 ",

edition = "September 2024",

type = "WorkingPaper",

}

TY - UNPB

T1 - Effective Regulation and Firm Compliance

T2 - The Case of German Privacy Policies

AU - Gambato, Jacopo

AU - Ganglmair, Bernhard

AU - Krämer, Julia

N1 - JEL Classification: D22, K20, L51

PY - 2024/9/1

Y1 - 2024/9/1

N2 - This chapter explores the interaction between the enforcement of and compliance with difficult-to-enforce rules in the context of data regulation. We focus on the effect of the introduction of the GDPR and its transparency principle on the readability of privacy policies for a large sample of German firms. Germany has a system of state-level data protection authorities. These data regulators enforce the same rules but face diverse funding situations, allowing for an ideal setting to study the role of a regulator's capacity in firms' compliance decisions. We find that while, on average, the GDPR lead to less readable policies, firms active in industries that have in the past received more regulatory scrutiny and those active in jurisdictions of better-funded data regulators exhibit a stronger compliance with the GDPR's readability requirement. These results exemplify a more general interaction between regulators' enforcement activity and firms' regulatory compliance.

AB - This chapter explores the interaction between the enforcement of and compliance with difficult-to-enforce rules in the context of data regulation. We focus on the effect of the introduction of the GDPR and its transparency principle on the readability of privacy policies for a large sample of German firms. Germany has a system of state-level data protection authorities. These data regulators enforce the same rules but face diverse funding situations, allowing for an ideal setting to study the role of a regulator's capacity in firms' compliance decisions. We find that while, on average, the GDPR lead to less readable policies, firms active in industries that have in the past received more regulatory scrutiny and those active in jurisdictions of better-funded data regulators exhibit a stronger compliance with the GDPR's readability requirement. These results exemplify a more general interaction between regulators' enforcement activity and firms' regulatory compliance.

U2 - 10.3386/w32913

DO - 10.3386/w32913

M3 - Working paper

VL - 32913

BT - Effective Regulation and Firm Compliance

ER -

Effective Regulation and Firm Compliance: The Case of German Privacy Policies

Abstract

Bibliographical note

Erasmus Sectorplan

Access to Document

Fingerprint

Cite this