ICLE White Paper



It’s hardly an overstatement to claim that data is (or is fast becoming) the lifeblood of the modern economy. As new business models built on innovative uses of data emerge in the economy, these businesses are confronted with increasing regulatory constraints that may work to limit both the scope of their operation as well as their corporate structure.

Nominally in the name of consumer protection, largely in response to foreign government surveillance threats, but also significantly as a form of protectionism, many countries
around the world have adopted various and differing data localization laws — what Chander and Le aptly call “data nationalism” — that either preclude or make more difficult the removal of data from a particular country.

Multinational data platforms (e.g., search engines, product review sites, electronic payment services (including credit cards), data brokers, and the like) that process data in a central location and/or that combine data across borders in order to improve their predictive algorithms are particularly affected by such rules.

Regulatory and legal approaches that make the collection and use of data more expensive along certain dimensions must, at least marginally, induce some companies to alter their behavior to avoid those costs and, consequently, to eschew potentially more beneficial business arrangements in favor of ones that correlate with lower regulatory risk, lower regulatory cost, and/or greater regulatory predictability. “However, regulation often influences behavior in ways that differ from the initially stated rationale.” By disrupting organizational structures designed to work with data, firms will respond to these regulations not only by altering their data collection and use practices, but also the organizational structures that complement them.

Data (information) regulation (as opposed to other types of regulation) is particularly likely to affect institutional structure. As Luis Garicano notes:

Organizations exist, to a large extent, to solve coordination problems in the presence of specialization. As Hayek pointed out, each individual is able to acquire knowledge about a narrow range of problems. Coordinating this disparate knowledge, deciding who learns what, and matching the problems confronted with those who can solve them are some of the most prominent issues with which economic organization must deal.

Regulations that affect how firms can collect, store, use and disseminate information may
thus have significant effect on firm governance and organization.

Faced with costly regulations, firms engage in something akin to regulatory arbitrage. They face a tradeoff between incurring (or reducing) regulatory costs on the one hand, and increasing transaction costs on the other and, when regulatory costs are high enough relative to transaction costs, will rationally choose the latter over the former:

[Firms] face a tension between reducing regulatory costs on the one hand and increasing Coasean transaction costs on the other. Deal lawyers routinely depart from the optimal transaction-cost-minimizing structure even though restructuring the deal reduces its (nonregulatory) efficiency. A corporation that needs cash might minimize transaction costs by entering into a secured loan, but instead, in order to improve the cosmetics of the balance sheet, enters into an economically similar transaction to securitize the assets. A company that would minimize agency costs by incorporating in Delaware decides that, to save on taxes, it will instead incorporate in Bermuda. So long as the regulatory savings outweigh the increase in transaction costs, such planning is perfectly rational.

Unlike the theory of regulatory arbitrage, however, what I am suggesting here is not simply that firms exploit imperfectly drafted laws and regulations in order to opt-in to more preferable legal regimes (although that is certainly part of it). Instead, I am also suggesting that firms will structure their businesses in part to minimize the impact of legal rules, even where they still apply.

While many data and related privacy regulations are nominally aimed at consumer protection, efforts to avoid stricter consumer protection per se, in order to “exploit” consumers may not be the primary or even significant impetus behind firms’ efforts to arbitrage such rules. Instead they may be driven more significantly by efforts to evade the broader consequences of such laws for how their businesses innovate and experiment, what business models they employ, and how they are structured.

A related point is that effective use of data often (always?) requires implementation of complementary organizational structures. Rules affecting the collection and use of data may under-appreciate the inter-relatedness of data (technology) and its internal implementation (organization), such that their enactment and enforcement will engender not just technological responses, but organizational ones, as well.

Regulation imposes costs and rational actors seek to avoid those costs. But the situation here isn’t binary. Sometimes, when parties avoid costs, they merely seek to avoid a higher expense, and substitute for something more affordable — a substitution that is, by definition,
a second-best (or worse) outcome.

This dynamic could manifest itself as companies simply choosing to collect and use less data, but it could mean a lot of other things as well. It could affect corporate organization (e.g., deterring vertical integration or creating “data firewalls” between different divisions of a company), encourage limits on the geographic scope of data collection or operation, affect the mechanisms for determining executive compensation, or (further) encourage jurisdictional considerations to dictate incorporation and principal place of business
decisions. While choosing second-best options is rational from the perspective of regulated parties, it is nevertheless costly to society, both in terms of the firm’s efficient operation relative to its operation in a viable alternative regulatory regime and to consumer welfare generally.

Data regulations may also deter entry, thereby indirectly affecting business and organizational decisions of incumbent firms in the market.

Such consequences are often unobserved and unintended. The hypothesis presented here is that the actions of over-eager regulatory agencies will have a host of unintended effects not just on data use directly, but on how firms are organized, how business is done, and on corporate governance more broadly. The goal of this project is to discover and elucidate as much of this unseen ground as possible, and to determine the extent to which particular information regulation rules affect these outcomes.