Privacy Regulation and Transatlantic Venture Investment
In the past decade, venture capital activity in the European Union (EU) has lagged that in the United States, with annual venture capital investments averaging 0.2 percent of GDP compared to 0.7 percent in the US. Since 2013, US-based venture capital funds have out-raised their EU partners by about $800 billion. European entrepreneurship relies on cross-border investment inflows from US investors to close the gap.
In How Does Privacy Regulation Affect Transatlantic Venture Investment? Evidence from GDPR (NBER Working Paper 33909), Jian Jia, Ginger Zhe Jin, Mario Leccese, and Liad Wagman examine how the EU’s General Data Protection Regulation (GDPR) has affected venture investment flows between the US and the EU. The GDPR, enacted in April 2016 and enforced since May 2018, is a comprehensive privacy law that imposes strict conditions on data collection, processing, and storage. It requires companies to obtain explicit consent for data use and imposes significant penalties for violations.
The researchers utilize data on 97,717 investment deals across 24 EU member states and the 50 US states as well as the District of Columbia for the 2014–19 period. They analyze temporal variation in the investment environment associated with GDPR's enactment and enforcement as well as cross-sectional variation in the geographical location of ventures and investors.
Following the regulation's rollout in May 2018, the average number of EU deals each month led by US investors fell by 21 percent relative to US deals, while the amount invested fell by 13 percent. In contrast, the researchers did not find a statistically significant decline in the number of or amount invested in EU deals completed by EU investors. They estimate that US investment flows to the EU fell by about $1.6 billion per year. Over time, the post-GDPR pullback of US investors from EU deals moderated, suggesting partial market adaptation to the new regulatory environment.
The impact of GDPR’s rollout varied by venture type. Data-related ventures, which faced heightened compliance costs, saw the sharpest decline. New ventures that had never previously raised capital also faced disproportionately larger funding reductions compared to follow-on investments, perhaps because information asymmetries between investors and ventures are typically lower in follow-on deals.
Geographic proximity became increasingly important post-GDPR, suggesting that investors sought to reduce screening and monitoring costs by partnering with closer, more familiar ventures. The average distance between lead investors’ headquarters and the location of EU ventures decreased by 14 percent after the regulation's rollout.
Deal syndication became more common after GDPR. The share of European deals that involved a syndicate including both US and EU investors rose by 37 percentage points following GDPR implementation. This increase was primarily driven by US investors participating as non-lead partners alongside EU investors in financing EU ventures—a strategy that allowed US investors to access local regulatory expertise while sharing compliance risks. The average syndicate size for EU deals increased by 10 percent, with the growth in investment concentrated among EU-based rather than US-based syndicate participants.
Liad Wagman and Jian Jia gratefully acknowledge support from the Data Catalyst Institute.