Abstract
We study the impact of the EU's General Data Protection Regulation (GDPR) on US Fortune 500 credit intermediaries and payment networks and find that corporations more exposed to the regulation due to higher market shares in Europe experienced larger increases in revenues and operating incomes after the regulation was introduced. Post-hoc analyses of survey data suggest that firms more exposed to the GDPR have higher levels of data standardization, technical investments in machine learning and artificial intelligence (ML/AI), and revenue-enhancing (but not cost-cutting) ML/AI innovations five years after GDPR introduction. Firms' investments in GDPR compliance may have catalyzed organization-wide transformation of data systems and routines. Our findings suggest that data regulation may incentivize large old corporations to commit to changing inertial and complex internal processes despite incurring short-run costs, which delivers long-run benefits by enabling more effective ML/AI innovations that rely on high-quality data as inputs.