Regulatory border effects in digital trade: Estimating the GDPR’s asymmetric impact on EU enterprises’ cross-border e-commerce through a triple difference-in-differences design
Juliano Heinen — International Review of Economics & Finance
Full text
The General Data Protection Regulation (Regulation (EU) 2016/679; GDPR) created a structural asymmetry between intra-EEA and extra-EEA digital transactions, since Articles 44 to 49 imposed compliance burdens on transfers to third countries that have no analogue within the European Economic Area. This paper introduces and operationalises the regulatory border effect (RBE), the wedge between intra-EU and extra-EEA digital sales attributable to the differential cost structure of GDPR Chapter V, and estimates it using harmonised Eurostat enterprise survey data covering the EU-27, Iceland, Norway, and the United Kingdom over 2014–2024. The empirical strategy combines a triple difference-in-differences (DDD) estimator with a synthetic difference-in-differences specification (Arkhangelsky et al., 2021), exploiting two orthogonal sources of treatment intensity: sectoral data intensity, classified ex ante by reference to Article 9 GDPR exposure, and country-level pre-existing data protection enforcement capacity, measured through a composite index that combines the Worldwide Governance Indicator for Regulatory Quality with national Data Protection Authority operational indicators for the period 2014–2017. The post-treatment period is partitioned into three sub-windows reflecting the sequential evolution of the international transfer regime: 2019 (initial GDPR phase); 2020–2022 (post-Schrems II, with Privacy Shield invalidation and mandatory Transfer Impact Assessments, and with COVID-19 stringency controls); and 2023–2024 (post-EU-US Data Privacy Framework). The empirical specification reports three transformations of the dependent variable in parallel (log-with-correction, inverse hyperbolic sine, and Poisson Pseudo-Maximum Likelihood) and three clustering schemes for inference. The identifying contribution is complemented by a partial decomposition of intensive and extensive margins constructed from auxiliary Eurostat datasets. The paper reports four pre-registered hypotheses, a ten-point robustness protocol, and a conditional interpretive framework specified before data extraction. By delivering the first application of harmonised Eurostat enterprise survey microdata to the question of GDPR-induced cross-border e-commerce distortions, the paper provides a replicable empirical instrument for the assessment of digital-trade regulatory effects and offers a substantive contribution to the debate on the welfare implications of European data protection law.