Consumer Privacy in Online Retail Supply Chains

Exploitation of consumer data allows online retailers to enhance services provided to consumers but at the risk of causing unintended privacy issues. There has been debate about whether to devise regulation policies to restrict data collection and usage by online retailers. This paper studies the implications of newly adopted privacy policies, such as the General Data Protection Regulation (GDPR), for an online retail supply chain comprising a retailer and a supplier. We find that despite the GDPR’s intention to safeguard consumer privacy, it may inadvertently hurt consumer surplus while benefiting the retailer. In fact, the GDPR may lead to an outcome detrimental to all parties involved, including the retailer, supplier, and consumers, thereby resulting in a triple-lose situation. Our results hold significant implications for consumers, supply chain firms, and policymakers alike, contributing to the existing literature on evaluating the impact of privacy regulations on technology innovation and adoption. This paper was accepted by Karan Girotra, operations management. Supplemental Material: The online appendix is available at https://doi.org/10.1287/mnsc.2022.01819 .