Published in Economics Bulletin
Abstract: The EU General Data Protection Regulation (GDPR) is a wide ranging personal data protection regime of greater magnitude than any similar regulation previously in the EU, or elsewhere. In this paper, we outline how the GDPR impacts the value of data held by data collectors before proposing some potential unintended consequences. Given the distortions of the GDPR on data value, we propose that new complex financial products—essentially new data insurance markets—will emerge, potentially leading to further systematic risks. Finally we examine how market-driven solutions to the data property rights problems the GDPR seeks to solve—particularly using blockchain technology as economic infrastructure for data rights—might be less distortionary.