Impact of GDPR on AI Startups: Surveys, Challenges & Compliance

This research delves into how GDPR regulations impact AI startups, highlighting challenges faced, compliance measures taken, and the evolving landscape of data protection. Surveys conducted among startups reveal insights on resource reallocation, data handling, and customer demographics affected by GDPR.

• GDPR Impact
• AI Startups
• Data Protection
• Compliance
• Surveys

jaydalyn Follow

Uploaded on Feb 27, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Impact of GDPR on AI Startups James Bessen, Boston University, Technology & Policy Research Initiative Stephen Michael Impink, New York University, Stern School of Business Lydia Reichensperger, Boston University, Technology & Policy Research Initiative Robert Seamans, New York University, Stern School of Business

2. Surveys of AI Startups Survey 3, Fall 2020 Survey 3, Fall 2020 Survey 1, Summer 2018 Survey 1, Summer 2018 Survey 2, Fall 2019 Survey 2, Fall 2019 Contacted 2,000+ Firms ~200 Responses Upcoming Contacted 1,200+ Firms New sections on the ethics in AI and COVID-19 160 Responses 31 repeat firms

3. Survey Questionnaire Firm Demographics Firm Demographics (size, location) Customer Demographics (size, location, industry, occupation) Technology Technology (speech recognition, image recognition, etc.) Algorithm Algorithm(neural network, ensemble learning, etc.) Data Type Data Type (transactions, unstructured text, images), Source Protections Protections (legal contracts, APIs, data encryption, etc.) Data Protections Data Protections (legal contracts, encryption, password, logged access, etc.) General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR) questions Customer Demographics Source(proprietary, customer, public) and

4. GDPR as a competitive barrier? GDPR and regulations that protect consumer privacy may also reduce data availability. Cost of collecting and using customer data may asymmetrically impact smaller firms in some industries (Johnson & Shriver 2020, Bessen et al. 2020), especially in Europe (Jia et al. 2018). Enforcement of GDPR has led to a reduction in the number of smaller web technology vendors used by larger firms, leading to increased concentration of more established, larger firms in this industry (Johnson & Shriver 2020). Online sales revenues dropped for EU firms by 10 percent in 2018 due to the impact of GDPR (Goldberg et al. 2019), and there are additional concerns that GDPR adversely affects entrepreneurial ventures in Europe.

5. Data Protection by Cust & HQ Location % of participants that use a type of data protection 100% EU Customers No EU Customers 75% 50% 25% 0% 100% EU Based Startup Non-EU Based Startup 75% 50% 55% of firms have customers in Europe 25% 0%

6. GDPR Questions Have you created a new Have you reallocated reallocatedresources Have you deleted deleteddata newposition positionto handle GDPR compliance? 39 resources to handle GDPR compliance? 49 datain order to comply with GDPR? 37 39% % of of total 49% % of of total totalrespondents respondents (Yes) totalrespondents respondents (Yes) total respondents respondents(Yes) (Yes) (Yes) (Yes) 37% % of of total Responded "Yes" by Customer Location 60% 40% 20% 0% New Positon Reallocated Resources Deleted Data EU Customers No EU Customers

7. Takeaways Substantial entry/entrepreneurship around AI (several thousand new AI -tagged startups in Crunchbase emerged last year). But, possibly, data availability creates a barrier to growth, not entry (Lambrecht & Tucker 2015, Sokol & Comerford 2016). Variation in data protections and GDPR response by customer and firm location. AI startups that are not located in Europe and do not have customers in the EU are still impacted by GDPR. Lack of compliance with GDPR could impact VC funding options. Impact of other data privacy regulation could also be broader (i.e., California Consumer Privacy Act (CCPA) in California impacting other states). Given that the average size of these startups is small (<50 employees), reallocation of resources and hiring a new compliance-focused employee could be costly.

8. Impact of GDPR on AI Startups James Bessen, Boston University, Technology & Policy Research Initiative Stephen Michael Impink, New York University, Stern School of Business Lydia Reichensperger, Boston University, Technology & Policy Research Initiative Robert Seamans, New York University, Stern School of Business