Consumer Privacy in Online Retail Supply Chains

Exploitation of consumer data allows online retailers to enhance services provided to consumers, but at the risk of causing unintended privacy issues. There has been debate about whether to devise regulation policies to restrict data collection and usage by online retailers. This paper studies the implications of newly adopted privacy policies such as the GDPR (General Data Protection Regulation) for online retail supply chains consisting of a retailer and a supplier. We find that, although the GDPR is designed to protect consumer privacy, it may actually hurt consumer surplus while benefiting the retailer. In fact, the GDPR may even lead to a triple-lose situation for the retailer, supplier, and consumers. We further explore two coordinated supply chain arrangements, i.e., agency selling and vertical integration. We show that the GDPR always enhances the social welfare under these two arrangements, but it may still decrease the consumer surplus. Our results have significant implications for consumers, supply chain firms, and policymakers, and contribute to the literature evaluating the impact of privacy regulation on technology innovation and adoption.