GDPR and the Importance of Data to AI Startups

Article Source: NYU Stern School of Business
Publication Date:
Time to Read: 2 minute read
Written By:

 Lydia Reichensperger

Lydia Reichensperger



Artificial intelligence (AI) requires data for product development. Privacy regulation makes it harder for AI startups to collect and manage data.


Policy Relevance:

Privacy regulation may hinder AI innovation.


Key Takeaways:
  • Regulations intended to protect privacy hinder the growth of firms that use data.
    • Europe's General Data Protection Regulations (GDPR) reduced the number of small web technology vendors compared to larger firms.
    • After GDPR, venture capital funding of startups in the EU declined compared to the United States.
    • Websites became less willing to share data with web technology firms.
  • AI systems use large quantities of data to train algorithms; data is a key ingredient for success in developing innovative systems such as a chatbot that uses natural language.
  • Large firms that acquire data through their normal business operations may have an advantage in accessing data over smaller firms.
  • A survey of 187 AI startups based in the United States, Canada, Europe, and other parts of the world found that 80% had customers in the US, and 65% had customers in Europe; many would be affected either by Europe’s GDPR or by the California Consumer Privacy Act
  • Firms with customers in Europe and those without customers in Europe did not differ in their use of different methods of data protection, such as encryption, password protections, and other measures.
  • About 42% of the AI startups reported that training data was most important to their firms success, compared to computing resources (4%) or access to highly skilled data scientists (54%); firms developing neural networks or ensemble learning algorithms, which help systems complete tasks as well as a human, were most likely to respond that data is most important.
  • A large proportion of the firms reported making changes in response to the GDPR, with smaller firms with European customers being most affected.
    • 69% reported creating a new position to handle GDPR issues;
    • 63% reported having to reallocate resources due to GDPR;
    • Almost three quarters have deleted data due to GDPR.
  • Data deletion, hiring, and resource shifting could be detrimental to the firms’ success and could seriously dampen AI progress.
  • Privacy regulation may result in fewer startups competing against established firms; small firms may choose to focus growth in markets outside Europe.



James Bessen

About James Bessen

James Bessen is Lecturer in Law at the Boston University School of Law. His studies focus on the economics of innovation and patents; he has done research on whether patents promote innovation, why innovators share new knowledge, and how technology affects jobs, skills, and wages. Mr. Bessen serves as Executive Director of the Technology & Policy Research Initiative at Boston University School of Law; and he is Director and Founder of Research on Innovation.

Rob Seamans

About Rob Seamans

Robert Seamans is an Associate Professor at New York University’s Stern School of Business where he teaches courses in game theory and strategy. Professor Seamans’ research focuses on how firms use technology in their strategic interactions with each other, and also focuses on the economic consequences of AI, robotics and other advanced technologies.