Effective Regulation and Firm Compliance: The Case of German Privacy Policies
This chapter explores the interaction between the regulation of and compliance with difficult-to-enforce rules in the context of data regulation. We focus on the effect of the introduction of the GDPR and its transparency principle on the readability of privacy policies for a large sample of German firms. Germany has a system of state-level data protection authorities. These data regulators enforce the same set of rules but face diverse funding situations, allowing for an ideal setting to study the role of a regulator's capacity in firms' compliance decisions. We find that while, on average, the GDPR lead to less readable policies, firms active in industries that have in the past received more regulatory scrutiny and those active in jurisdictions of better-funded data regulators exhibit a stronger compliance with the GDPR's readability requirement. These results exemplify a more general interaction between regulators' enforcement activity and firms' regulatory compliance.