GDPR and the Importance of Data to AI Startups

Privacy and Security, Artificial Intelligence and Innovation and Economic Growth

Article Snapshot


James Bessen, Stephen Michael Impink, Lydia Reichensperger and Rob Seamans


NYU Stern School of Business


Artificial intelligence (AI) requires data for product development. Privacy regulation makes it harder for AI startups to collect and manage data.

Policy Relevance

Privacy regulation may hinder AI innovation.

Main Points

  • Regulations intended to protect privacy hinder the growth of firms that use data.
    • Europe's General Data Protection Regulations (GDPR) reduced the number of small web technology vendors compared to larger firms.
    • After GDPR, venture capital funding of startups in the EU declined compared to the United States.
    • Websites became less willing to share data with web technology firms.
  • AI systems use large quantities of data to train algorithms; data is a key ingredient for success in developing innovative systems such as a chatbot that uses natural language.
  • Large firms that acquire data through their normal business operations may have an advantage in accessing data over smaller firms.
  • A survey of 187 AI startups based in the United States, Canada, Europe, and other parts of the world found that 80% had customers in the US, and 65% had customers in Europe; many would be affected either by Europe’s GDPR or by the California Consumer Privacy Act
  • Firms with customers in Europe and those without customers in Europe did not differ in their use of different methods of data protection, such as encryption, password protections, and other measures.
  • About 42% of the AI startups reported that training data was most important to their firms success, compared to computing resources (4%) or access to highly skilled data scientists (54%); firms developing neural networks or ensemble learning algorithms, which help systems complete tasks as well as a human, were most likely to respond that data is most important.
  • A large proportion of the firms reported making changes in response to the GDPR, with smaller firms with European customers being most affected.
    • 69% reported creating a new position to handle GDPR issues;
    • 63% reported having to reallocate resources due to GDPR;
    • Almost three quarters have deleted data due to GDPR.
  • Data deletion, hiring, and resource shifting could be detrimental to the firms’ success and could seriously dampen AI progress.
  • Privacy regulation may result in fewer startups competing against established firms; small firms may choose to focus growth in markets outside Europe.

Get The Article

Find the full article online

Search for Full Article