NO WEAL WITHOUT WOE: IMPLEMENTATION OF PERSONAL DATA PROTECTION SYSTEMS AND CORPORATE VALUE

Chen, Wanyi

doi:10.1590/S0034-759020230406

ABSTRACT

The commercial exploitation of personal information has raised concerns regarding privacy, illegal data use, and information security, among others. Therefore, personal data protection systems (PDPS) play a significant role, and corporations are the primary enforcers of these systems’ regulation. However, PDPS require significant investment from companies, and there is no consensus regarding the economic outcomes of establishing these systems. This study investigates whether the establishment of PDPS affects short-term financial performance and long-term corporate value. After applying the propensity score matching method, a dataset comprising 912 firm-year observations of e-commerce companies listed on the Shanghai and Shenzhen Stock Exchanges from 2008 to 2020 was selected. The results show that PDPS implementation can improve a company’s short-term financial performance by a) exploring markets and strengthening internal control and b) increase long-term corporate value by strengthening corporate social responsibility. This study offers insights for companies to proactively implement PDPS and strengthen their management of personal data, thereby boosting the overall corporate value. In addition, this study can help governments to develop legislation on national information security and enhance international cooperation, especially for emerging markets.

Keywords:
personal data protection; financial performance; corporate value; corporate soial responsibility; internal control

RESUMEN

La información personal se explota comercialmente para crear valor. Sin embargo, surgen problemas como las filtraciones de la privacidad personal, el uso ilegal de los datos y la preocupación por la seguridad de la información. Las empresas son las principales encargadas de aplicar la normativa de los sistemas de protección de datos personales (PDPS). Sin embargo, como el establecimiento de los PDPSs requieren una inversión significativa, muchas empresas tienen dificultades para establecer estos sistemas por iniciativa propia. No existe una conclusión unificada sobre las consecuencias económicas del establecimiento de los PDPSs. Este trabajo investiga si el establecimiento de los PDPSs afecta a los resultados financieros a corto plazo y al valor de la empresa a largo plazo. Después de aplicar el método de emparejamiento de puntuación de propensión, se seleccionó un conjunto de datos que comprende observaciones anuales de 912 empresas de comercio electrónico que cotizan en las bolsas de Shanghái y Shenzhen desde 2008 hasta 2020. Los resultados muestran que la implementación del PDPS puede mejorar el rendimiento financiero a corto plazo de una empresa mediante la exploración de los mercados y el fortalecimiento del control interno, y aumentar el valor corporativo a largo plazo mediante el fortalecimiento de la responsabilidad social corporativa. Este estudio presenta importantes aclaraciones para que las empresas implementen proactivamente los PDPSs y refuercen su gestión de los datos personales, impulsando así el valor corporativo global. Además, para los gobiernos, este estudio puede facilitar activamente la conceptualización de la legislación para mantener la seguridad de la información nacional y mejorar la cooperación internacional, especialmente para los mercados emergentes.

Palabras clave:
protección de datos personales; resultados financieros; valor de la empresa; responsabilidad social de la empresa; control interno

RESUMO

A exploração comercial de informações pessoais tem levantado questões como privacidade, uso ilegal de dados e segurança da informação. Nesse sentido, os sistemas de proteção de dados pessoais (SPDP) têm um papel relevante e as empresas são as principais responsáveis pela aplicação das regras que governam esses sistemas. Os SPDP, entretanto, demandam investimentos significativos por parte das empresas, e ainda não há uma conclusão unificada sobre seus impactos econômicos. Assim, este estudo investiga se a implementação de SPDP nas empresas afeta seu desempenho financeiro em curto prazo e seu valor corporativo em longo prazo. Após a aplicação do método de pareamento por escore de propensão, um conjunto de dados composto por 912 empresas de comércio eletrônico listadas nas bolsas de valores de Xangai e Shenzhen entre 2008 e 2020 foi selecionado. Os resultados mostram que a implementação do SPDP pode melhorar o desempenho financeiro de uma empresa em curto prazo, explorando mercados, fortalecendo o controle interno e aumentando o valor corporativo em longo prazo por meio do fortalecimento da responsabilidade social corporativa. Este estudo apresenta esclarecimentos importantes para que as empresas implementem os SPDP de maneira proativa e fortaleçam sua gestão de dados pessoais, aumentando, assim, o valor da empresa como um todo. Além disso, os resultados dessa pesquisa pode ajudar governos a elaborar legislação voltada a segurança da informação nacional e a melhoria da cooperação internacional, especialmente para os mercados emergentes.

Palavras-chaves:
proteção de dados pessoais; desempenho financeiro; valor corporativo; responsabilidade social corporativa; controle interno

INTRODUCTION

As Big Data gradually becomes an important tool, massive personal data has been mined by various industries for economic value, leading to the rise of the digital economy. On the one hand, the data and information elements efficiently used based on networking transform traditional production and operation processes and significantly boost economic efficiency, thus promoting industrial productivity. On the other hand, the Big Data era brought severe and frequent incidents of personal privacy data leakages, violating personal privacy rights and imposing huge losses on companies (Chen et al., 2021Chen, Y. H., Zhang, Z. G., & Huang, L. (2021). Exploring the mechanisms and paths of manufacturing digital enablement on business model innovation. Chinese Journal of Management, 18(5), 731-740. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=GLXB202105012&DbName=CJFQ2021
https://kns.cnki.net/kcms/detail/detail.... ).

At present, many laws and regulations have been enacted across the world to protect personal data. For example, the European Union (EU) formally promulgated the General Data Protection Regulation (GDPR) in 2018, India announced the Personal Data Protection Act in 2018, the United States presented the California Consumer Privacy Act in 2018, Thailand implemented the Personal Data Protection Law in 2020, and China introduced the Personal Information Protection Law in 2021. The GDPR in particular raises the level of data protection, gradually becoming a global standard (Buttarelli, 2016Buttarelli, G. (2016). The EU GDPR as a clarion call for a new global digital gold standard. International Data Privacy Law, 6(2), 77-78. doi:10.1093/idpl/ipw006
https://doi.org/10.1093/idpl/ipw006... ).

Regarding the economic consequences of personal data protection systems (PDPS), at the macro level, the EU has set strict restrictions on the transfer of personal data from non-EU countries that lack adequate privacy protection. This leads to difficulties in the cross-border flow of data, thus inhibiting international trade (Schwartz & Peifer, 2017Schwartz, P. M., & Peifer, K. N. (2017). Transatlantic data privacy law, The Georgetown Law Journal, 106(1), 146-147.). Therefore, improving and developing a PDPS will help enhance competitiveness in the data-outsourcing business (Ball, 2010Ball, K. (2010). Data protection in the outsourced call center: An exploratory case study. Human Resource Management Journal, 20(3), 294-310. https://doi.org/10.1111/j.1748-8583.2010.00129.x
https://doi.org/10.1111/j.1748-8583.2010... ). At the micro level, some scholars have explored the problems posed by PDPS in the business development process. The GDPR imposes the same high standards on all EU companies, exposing them to high business costs and barriers vis-à-vis cross-border trade, thereby complicating market promotion (Mattoo & Meltzer, 2018Mattoo, A., & Meltzer, J. P. (2018), International data flows and privacy: The conflict and its resolution, Journal of International Economic Law, 21(4), 769-789.). Additionally, implementing PDPS allows companies to disclose the uses and channels of their information to consumers, which addresses the problem of discriminatory pricing of Big Data (Steppe, 2017Steppe, R. (2017). Online price discrimination and personal data: A general data protection regulation perspective. Computer Law & Security Review, 33(6), 768-785. https://doi.org/10.1016/j.clsr.2017.05.008
https://doi.org/10.1016/j.clsr.2017.05.0... ). The system protects personal information from being over-dissected by advanced technologies and enables accountability and transparent services (Politou et al., 2019Politou, E., Alepis, E., & Patsakis, C. (2019). Profiling tax and financial behaviour with big data under the GDPR. Computer Law & Security Review, 35(3), 306-329.). However, most of the existing literature focuses on the impact of the GDPR and lacks evidence from emerging markets.

This study chose Chinese enterprises as the research sample representative. This is because, first, China’s digital economy is developing rapidly and is globally representative. It is typical to study personal data protection in its digital economy development. The China Internet Development Report in 2022 shows that China has taken a new step in infrastructure with strategic network power. By the end of 2021, China had built and opened 1.425 million 5G base stations, representing the world’s largest 5G network. Meanwhile, China’s total IPv6 address resources ranked first in the world, and its scale of computing power ranked second globally. Second, China has been investing in the national cyberspace security, and the market for network security services is expanding rapidly, with an industry growth rate of approximately 15.8%. Therefore, it provides the foundation and conditions for personal data protection. The Chinese experience provides a reference for other developing countries to develop cybersecurity. Finally, China has been promoting the creation of a digital world led by mutual trust and cooperative governance and has achieved innovative results in network governance. It has been actively promoting international cooperation with the consensus of building a community of destiny in cyberspace. Therefore, studying the impact of personal data protection on enterprise value in China has important implications for other developing countries to build cyber cooperation, especially between the BRIC countries. Studying China’s PDPS can lead to global cooperation around personal data protection.

This study identifies the impact of the implementation of PDPS on corporate financial performance and long-term value at the micro-enterprise level by selecting e-commerce companies listed in China’s A-share markets from 2008 to 2020 as the research samples. After screening the samples via the propensity score matching (PSM) method and examining the impact of PDPS implementation on economic consequences, this study finds that such implementation can effectively improve enterprises’ short-term profits and enhance their long-term value. The impact on the company’s short-term performance is particularly evident through the widening of the market and the strengthening of internal control. The impact on the company’s long-term value is mainly through strengthening corporate social responsibility.

This study contributes in two main aspects: first, it expands on the PDPS’ economic outcomes. Previous research focused on analyzing the macro impact of PDPS, discussing legal systems (Demetzou, 2019Demetzou, K. (2019). Data protection impact assessment: A tool for accountability and the unclarified concept of ‘high risk’ in the General Data Protection Regulation. Computer Law & Security Review, 35(6), 105342. https://doi.org/10.1016/j.clsr.2019.105342
https://doi.org/10.1016/j.clsr.2019.1053... ; Ong, 2012Ong, R. (2012). Data protection in Malaysia and Hong Kong: One step forward, two steps back? Computer Law & Security Review, 28(4), 429-437. https://doi.org/10.1016/j.clsr.2012.05.002
https://doi.org/10.1016/j.clsr.2012.05.0... ; Sullvian, 2019Sullvian, C. (2019). EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era. Computer Law & Security Review, 35(4), 380-397. https://doi.org/10.1016/j.clsr.2019.05.004
https://doi.org/10.1016/j.clsr.2019.05.0... ), and analyzing the economic consequences in terms of macro data flows (Ball, 2010Ball, K. (2010). Data protection in the outsourced call center: An exploratory case study. Human Resource Management Journal, 20(3), 294-310. https://doi.org/10.1111/j.1748-8583.2010.00129.x
https://doi.org/10.1111/j.1748-8583.2010... ; Schwartz & Peifer, 2017Schwartz, P. M., & Peifer, K. N. (2017). Transatlantic data privacy law, The Georgetown Law Journal, 106(1), 146-147.). However, these studies mainly focus on the GDPR and lack empirical evidence for developing countries. From a micro viewpoint, some scholars argue that PDPS create cost pressure on firms (Mattoo & Meltzer, 2018Mattoo, A., & Meltzer, J. P. (2018), International data flows and privacy: The conflict and its resolution, Journal of International Economic Law, 21(4), 769-789.; Politou et al., 2019Politou, E., Alepis, E., & Patsakis, C. (2019). Profiling tax and financial behaviour with big data under the GDPR. Computer Law & Security Review, 35(3), 306-329.; Taufick, 2021Taufick, R. D. (2021). The underdeterrence, underperformance response to privacy, data protection laws, Technology in Society, 67, 101752. https://doi.org/10.1016/j.techsoc.2021.101752
https://doi.org/10.1016/j.techsoc.2021.1... ; Zhao, 2021Zhao, Y. (2021). The impact of EU GDPR on China-EU digital economy cooperation and its response. Practice in Foreign Economic Relations and Trade, 2, 22-25. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=DWJW202102007&DbName=CJFQ2021
https://kns.cnki.net/kcms/detail/detail.... ), thus increasing firm risk (Adjerid et al., 2016Adjerid, I., Acquisti, A., Telang, R., Padman, R., & Adler-Milstein, J. (2016). The impact of privacy regulation and technology incentives, the case of health information exchanges, Management Science, 62(4), 1042-1063. https://doi.org/10.1287/mnsc.2015.2194
https://doi.org/10.1287/mnsc.2015.2194... ; Yu & Zhao, 2019Yu, X. L., & Zhao, Y. (2019). Dualism in data protection: Balancing the right to personal data and the data property right. Computer Law & Security Review, 35(5), 105318. https://doi.org/10.1016/j.clsr.2019.04.001
https://doi.org/10.1016/j.clsr.2019.04.0... ). The counter argument is that PDPS enhance corporate governance (Politou et al., 2019Politou, E., Alepis, E., & Patsakis, C. (2019). Profiling tax and financial behaviour with big data under the GDPR. Computer Law & Security Review, 35(3), 306-329.), maintain customer relationships (Steppe, 2017Steppe, R. (2017). Online price discrimination and personal data: A general data protection regulation perspective. Computer Law & Security Review, 33(6), 768-785. https://doi.org/10.1016/j.clsr.2017.05.008
https://doi.org/10.1016/j.clsr.2017.05.0... ), and generate competitive advantage (Gal & Aviv, 2020Gal, M. S., & Aviv, O. (2020). The competitive effects of the GDPR. Journal of Competition Law & Economics, 16(3), 349-391. https://doi.org/10.1093/joclec/nhaa012
https://doi.org/10.1093/joclec/nhaa012... ; Steppe, 2017Steppe, R. (2017). Online price discrimination and personal data: A general data protection regulation perspective. Computer Law & Security Review, 33(6), 768-785. https://doi.org/10.1016/j.clsr.2017.05.008
https://doi.org/10.1016/j.clsr.2017.05.0... ; Tsai et al., 2011Tsai, J. Y., Egelman, S., Cranor, L., & Acquisti, A. (2011). The effect of online privacy information on purchasing behavior: An experimental study. Information Systems Research, 22(2), 254-268. https://doi.org/10.1287/isre.1090.0260
https://doi.org/10.1287/isre.1090.0260... ). This study expands the micro perspective in the field of financial performance and corporate value in emerging markets.

Second, this study offers important insights for companies to proactively implement personal data protection mechanisms and strengthen their management of personal privacy, thereby boosting the overall corporate value. In addition, this study can help governments to improve legislation to guarantee national information security. As the legal framework for PDPS in developing countries is not yet well developed, this research may be a reference to accelerate the regulation of PDPS and strengthen international cooperation.

LITERATURE REVIEW AND HYPOTHESIS DEVELOPMENT

Literature review

The existing literature has formed two main research paradigms related to PDPS. The first stems from the perspective of law, focusing on the concept of privacy, rights system, protection status, and countermeasures. Its research methodologies mainly include comparative, case, and normative studies (Ong, 2012Ong, R. (2012). Data protection in Malaysia and Hong Kong: One step forward, two steps back? Computer Law & Security Review, 28(4), 429-437. https://doi.org/10.1016/j.clsr.2012.05.002
https://doi.org/10.1016/j.clsr.2012.05.0... ; Sullvian, 2019Sullvian, C. (2019). EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era. Computer Law & Security Review, 35(4), 380-397. https://doi.org/10.1016/j.clsr.2019.05.004
https://doi.org/10.1016/j.clsr.2019.05.0... ). Over recent years, many scholars have concentrated their attention on the GDPR (Demetzou, 2019Demetzou, K. (2019). Data protection impact assessment: A tool for accountability and the unclarified concept of ‘high risk’ in the General Data Protection Regulation. Computer Law & Security Review, 35(6), 105342. https://doi.org/10.1016/j.clsr.2019.105342
https://doi.org/10.1016/j.clsr.2019.1053... ), claiming it will increase the compliance costs of overseas companies operating in Europe, thus hindering the advancement of the EU market. However, Sheng and Yang (2020)Sheng, X., & Yang, S. (2020). Analysis on the applicabilities and functions of GDPR to personal data protection in open sharing of scientific data. Library and Information Service, 64(22), 48-57. believe that it will establish a link for the management of personal data in the open sharing of scientific data in other countries.

The second research paradigm derives from the perspective of the credit investigation system and conducts normative discussions and case studies on financial privacy protection and information disclosure systems. For public interest, privacy protection should give way to credit information sharing; in other words, the disclosure of privacy information is more important than its protection (Bostic & Calem, 2003Bostic, R.B., Calem, P.S., 2003. Privacy restrictions and the use of data at credit repositories. In: Miller, M. J. (Ed.), Credit Reporting Systems and the International Economy. MIT Press. pp. 311–334. Hunt, R. M., 2002; Kallberg & Udell, 2003Kallberg, J. G., & Udell, G. F. (2003). The value of private sector business credit information sharing: The US case. Journal of Banking & Finance, 27(3), 449-469. https://doi.org/10.1016/S0378-4266(02)00387-4
https://doi.org/10.1016/S0378-4266(02)00... ). Financial groups may violate consumers’ privacy rights, so systems for protecting and using consumers’ privacy information in financial groups’ operations should be strengthened (Yan & Zhang, 2013Yan, H., & Zhang, T. (2013). The protection and utilization of consumers’ private information in the operation of financial groups-U.S. legislative experience, evaluation and reference. Financial Theory & Practice, 44, 76-79. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=JRLS201304016&DbName=CJFQ2013
https://kns.cnki.net/kcms/detail/detail.... ). Ramos and Blind (2020)Ramos, F. E., & Blind, K. (2020). Data portability effects on data-driven innovation of online platforms: Analyzing Spotify. Telecommunications Policy, 44(9), 102026. https://doi.org/10.1016/j.telpol.2020.102026
https://doi.org/10.1016/j.telpol.2020.10... have explored the impact of data portability on online platforms via public data transfer and transaction methods. Although these studies offer a useful reference for depicting a panoramic view of personal data protection from the legal perspective, few deeply explore the economic consequences on enterprises. This study focuses on the micro-enterprise levels to identify the impact of the implementation of PDPS on corporate financial performance and value.

Hypothesis development

The most direct impact of PDPS on companies refers to the systems’ implementation costs (Krämer & Stüdlein, 2019Krämer, J., & Stüdlein, N. (2019). Data portability, data disclosure and data-induced switching costs: Some unintended consequences of the General Data Protection Regulation. Economics Letters, 181, 99-103. https://doi.org/10.1016/j.econlet.2019.05.015
https://doi.org/10.1016/j.econlet.2019.0... ; Libaque-Sáenz et al., 2016Libaque-Sáenz, C. F., Wong, S. F., Chang, Y., Ha, Y. W., & Park, M. C. (2016). Understanding antecedents to perceived information risks: An empirical study of the Korean telecommunications market. Information Development, 32(1), 91-106. https://doi.org/10.1177/0266666913516884
https://doi.org/10.1177/0266666913516884... ), particularly on the organization of internal processes and mechanisms related to obtaining users’ permission to use personal information (such as contacting them via e-mail or preparing, printing, and sending disclosure notices) (Seo et al., 2018Seo, J., Kim, K., Park, M., Park, M., & Lee, K. (2018). An analysis of economic impact on IoT industry under GDPR. Mobile Information Systems, vol. 2018 6792028. https://doi.org/10.1155/2018/6792028
https://doi.org/10.1155/2018/6792028... ). As for organizing internal processes, the need of communicating data protection authorities, the lack of specialized professionals in the job market, and cost related to training personnel, are elements that raise costs significantly. Although the deployment of PDPS may impose high costs on companies, they may face even bigger fines and higher corporate compliance risks if a personal data breach occurs (Allen, 2018Allen, K. (2018). GDPR: Time to reap the opportunities for customer acquisition and management. EContent, 41(4), 26-27. https://www-proquest-com.ezproxy.lib.uts.edu.au/docview/2124417585?pq-origsite=primo
https://www-proquest-com.ezproxy.lib.uts... ; Wilson, 2018Wilson, S. (2018). A framework for security technology cohesion in the era of the GDPR. Computer Fraud & Security, 2018(12), 8-11. https://doi.org/10.1016/S1361-3723(18)30119-2
https://doi.org/10.1016/S1361-3723(18)30... ). For example, the GDPR stipulates a fine of up to 20 million euros or 4% of a company’s total global operating income in the previous fiscal year.

Meanwhile, PDPS can help boost corporate profits. First, establishing PDPS is conducive to companies exploring international markets (Negrouk & Lacombe, 2018Negrouk, A., & Lacombe, D. (2018). Does GDPR harm or benefit research participants? An EORTC point of view. The Lancet Oncology, 19(10), 1278-1280. https://doi.org/10.1016/S1470-2045(18)30620-X
https://doi.org/10.1016/S1470-2045(18)30... ) because such systems have become one of the prerequisites for internationalization (Lachaud, 2020Lachaud, E. (2020). ISO/IEC 27701 standard: Threats and opportunities for GDPR certification. Eur. Data Prot. L. Rev, 6(2), 194-210. https://heinonline.org/HOL/LandingPage?handle=hein.journals/edpl6÷=32&id=&page=
https://heinonline.org/HOL/LandingPage?h... ). Generally, developing overseas markets is conducive to improving corporate financial performance. According to the theory of comparative advantage and internalization, expanding international markets can reduce transaction costs (Forsgren & Holm, 2021Forsgren, M., & Holm, U. (2021). Controlling without owning – owning without controlling: A critical note on two extensions of internalization theory. Journal of International Business Studies, 1, 1-13. https://doi.org/10.1057/s41267-021-00416-3
https://doi.org/10.1057/s41267-021-00416... ) and facilitate enterprises to avoid structural and transactional market failures. Internationalization helps enterprises transfer their resources to other countries and maximize the use resources received from parent companies to increase overall profits . Meanwhile, PDPS can enhance customers’ trust in enterprises, encouraging information subjects to actively share personal data legally, which companies can use for Big Data analytics and bring more earnings.

Second, PDPS are conducive to strengthening internal control. While paying attention to the supervision of the internal personnel of enterprises, PDPS require that, during the process of collecting and processing personal data, enterprises disclose the relevant identity information of data controllers, the use of data, and the legal basis for future accountability (Nyi et al., 2018Nyi, N. H., Martin, H., & Lynne, B. (2018). Beyond traditional collaborative search: Understanding the effect of awareness on multi-level collaborative information retrieval. Information Processing & Management, 54(1), 60-87. https://doi.org/10.1016/j.ipm.2017.09.003
https://doi.org/10.1016/j.ipm.2017.09.00... ). Therefore, improving internal control is conducive to addressing the problem of information asymmetry, reducing agency costs, and finally, driving up corporate financial performance (Skaife et al., 2008Skaife, H. A., Colins, D. W., Kinney, W. R., & Lafond, R. (2008). The effect of SOX internal control deficiencies and their remediation on accrual quality. The Accounting Review, 83(1), 217-250. https://doi.org/10.2308/accr.2008.83.1.217
https://doi.org/10.2308/accr.2008.83.1.2... ). Although PDPS bring increased costs in the short term, they simultaneously bring more hidden revenue than costs due to market expansion, increased customer trust, and improved corporate governance. Therefore, we form hypothesis H1:

H1: The implementation of PDPSs can improve corporate profit.

Notably, PDPS concretely manifest corporate social responsibility. At present, personal data leakage has become a public hazard and a common issue. Such leakage can cause damage to citizens’ reputations and property by identity theft and reselling and fraudulent use of personal information, resulting in social problems. Meanwhile, the leakage of personal data allows various businesses to analyze massive amounts of messages, obtain unique personal portraits, and finally classify consumers, hence creating consumer discrimination. Stakeholder theory maintains that a company’s focus should be on maximizing the interests of shareholders and building good relationships with various stakeholders, such as employees, users, external investors, and governments (Nguyen et al., 2021Nguyen, N. T., Nguyen, N. P., & Hoai, T. T. (2021). Ethical leadership, corporate social responsibility, firm reputation, and firm performance: A serial mediation model. Heliyon, 7(4), 1-9. https://doi.org/10.1016/j.heliyon.2021.e06809
https://doi.org/10.1016/j.heliyon.2021.e... ). As a typical stakeholder-oriented behavior of enterprises, actively assuming social responsibility (Chen et al., 2020Chen, X., Wang, Y., & Yang, Z. (2020). Corporate social responsibility and firm value: The moderating effect of organizational inertia and industry sensitivity. Journal of Technology Economics, 39(7), 140-146+158. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=JSJI202007018&DbName=CJFQ2020
https://kns.cnki.net/kcms/detail/detail.... ) helps enhance corporate value (Li et al., 2020Li, Z., Ruan, D., & Zhang, T. (2020). Value creation mechanism of corporate social responsibility: A study based on internal control. Accounting Research, 11, 112-124. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=KJYJ202011009&DbName=CJFQ2020
https://kns.cnki.net/kcms/detail/detail.... ).

First, from the consumers’ viewpoint, companies’ active assumption of social responsibility is conducive to establishing a good corporate reputation (Özcan & Elçi, 2020Özcan, F., & Elçi, M. (2020). Employees’ perception of CSR affecting employer brand, brand image, and corporate reputation. SAGE Open, 10(4). https://doi.org/10.1177/2158244020972372
https://doi.org/10.1177/2158244020972372... ; Vázquez et al., 2013Vázquez, J. L., Lanero, A., & Licandro, O. (2013). The added value of corporate social responsibility: Some insights from a research in Uruguay. International Review on Public and Nonprofit Marketing, 10(3), 187-200. https://doi.org/10.1007/s12208-013-0099-3
https://doi.org/10.1007/s12208-013-0099-... ), enhancing brand loyalty (Lombart & Louis, 2012Lombart, C., & Louis, D. (2012). Consumer satisfaction and loyalty: Two main consequences of retailer personality. Journal of Retailing and Consumer Services, 19(6), 644-652. https://doi.org/10.1016/j.jretconser.2012.08.007
https://doi.org/10.1016/j.jretconser.201... ), and creating long-term competitive advantages (Chowdhury et al., 2021Chowdhury, R. H., Fu, C., Huang, Q., & Lin, N. (2021). CSR disclosure of foreign versus U.S. firms: Evidence from ADRs. Journal of International Financial Markets, Institutions and Money, 70, 101275. https://doi.org/10.1016/j.intfin.2020.101275
https://doi.org/10.1016/j.intfin.2020.10... ). Second, enterprises can raise the satisfaction of such stakeholders as suppliers and investors by assuming more social responsibilities (Lins et al., 2017Lins, K. V., Servaes, H., & Tamayo, A. (2017). Social capital, trust, and firm performance: The value of corporate social responsibility during the financial crisis. The Journal of Finance, 72(4), 1785-1824. https://doi.org/10.1111/jofi.12505
https://doi.org/10.1111/jofi.12505... ), improving capital allocation efficiency, and enhancing sustainable development capabilities, thereby driving up corporate value (Ghoul et al., 2017Ghoul, S. E., Guedhami, O., & Kim, Y. (2017). Country-level institutions, firm value, and the role of corporate social responsibility initiatives. Journal of International Business Studies, 48(3), 360-385. https://doi.org/10.1057/jibs.2016.4
https://doi.org/10.1057/jibs.2016.4... ). In addition, companies that actively fulfill their social responsibilities can forge a good relationship with the government and enjoy corresponding policy preferences (Lu, 2020Lu, M. (2020). The Chinese approach to CSR development: An analysis of CSR-government relationship in China. International Journal of Business Governance and Ethics, 14(4), 384-405. https://doi.org/10.1504/IJBGE.2020.110788
https://doi.org/10.1504/IJBGE.2020.11078... ), thus facilitating in the attraction of more high-quality capital investment and bolstering corporate value. Therefore, the following hypothesis is developed:

H2: PDPSs can enhance corporate value.

RESEARCH DESIGN

Data and sample

This study obtains financial data from the China Stock Market and Accounting Research database. The information on companies’ personal data protection measures is retrieved through text analyses of annual reports, news, search engines, and prospectuses.

PDPS mainly target e-commerce companies and are particularly important for cross-border e-commerce firms. E-commerce refers to selling goods or providing services through information networks, such as the Internet, and an e-commerce platform provides online business premises, transaction aggregation, information dissemination, and other services for those involved in e-commerce. In China’s Internet development, e-commerce is almost the earliest developed and leading Internet application. As of June 2019, the scale of Chinese online shopping users reached 639 million, accounting for 74.8% of the overall Internet users. Compared with traditional trade models, cross-border e-commerce has incomparable advantages such as high efficiency, low cost, wide clientele, and high openness. Along with the rapid development of e-commerce, the commercial value of Big Data technology has been fully reflected, and data have become an important resource for the development of e-commerce, especially as the importance of the e-commerce platform is self-evident. As a service provider connecting buyers and sellers, e-commerce platforms manage substantial data, including users’ personal identification information, consumption order records, bank card numbers, sellers’ products, and transaction records. User data are a valuable resource to support and optimize business decisions. The utilization of user data for e-commerce has become an irreversible trend, and Big Data has become an important guide for marketing and service innovation of e-commerce platforms. Driven by market interests, e-commerce enterprises attach absolute importance to the use of Big Data and are in the leading position of technology. Therefore, the first voluntary implementation of PDPS in China starts with e-commerce. It is also the reason for choosing the sample in this study.

Because China’s Personal Data Protection Law was officially implemented only recently in November 2021, all companies establishing a PDPS were discretionary as of 2020. Accordingly, A-share e-commerce companies listed both in the Shanghai and Shenzhen Stock Exchanges from 2008 to 2020 are selected as samples, which are then further filtered according to the following methods: (1) removing abnormal companies, such as the special-treated ones and particular transfer ones; (2) deleting the firms with asset-to-liability ratios greater than 1 and other variables with missing values; and (3) winsorizing the continuous variables at the 1st and 99th percentiles to eliminate potential outlier effects.

To further solve the problem of sample selection, this study employed the PSM method to process the sample. This nonparametric matching technique facilitates causal inference in non-experimental settings by constructing a control group similar to a treatment group. There are certain differences in the financial and corporate governance structure of different companies in terms of PDPS implication. Therefore, matching companies to find similar types of research is beneficial to better test the empirical results. Given potential endogenous problems, large-scale companies with high profits are inclined to adopt personal data protection measures (Grover et al., 2018Grover, V., Chiang, R. H. L., Liang, T. P., & Zhang, D. (2018). Creating strategic business value from big data analytics: A research framework. Journal of Management Information Systems, 35(2), 388-423. https://doi.org/10.1080/07421222.2018.1451951
https://doi.org/10.1080/07421222.2018.14... ). The PSM method is used to group the samples with similar financial characteristics. Specifically, this study takes the samples with PDPS implemented as the treatment group and the companies without such systems as the control. A probit model is adopted to match the firms based on the following basic financial characteristics: the current ratio (Curr), which is equal to the current assets divided by the total assets; the firm size (Size), which is equal to the natural logarithm of a company’s total assets; the leverage (Lev), which is equal to the total liabilities divided by the total assets; the share concentration (Shrhfd), which is equal to the proportion of shares held by the largest shareholder; the ratio of institutional investors’ shares (Investor); the total asset turnover (Turnover), which is equal to the net sales revenue divided by the total average assets. The indexes are matched 1:1, and 456 pairs of matched observations are finally obtained. Table 1 displays the detailed steps of sample selection.

Thumbnail

Table 1
Sample selection

The matching results are displayed in Table 2. The absolute value of normalized deviation (% bias) for each variable after matching is less than 10%, and the p-value is not significant, indicating that variables after matching are balanced between the treatment and the control group.

Thumbnail

Table 2
Sample Comparison after PSM

Research design

This study uses the following staggered difference-in-difference model to test the hypotheses:

(1)

P e r f o r m a n c e_{i, t} = β_{0} + β_{1} T r e a t_{i} + β_{4} C o n t r o l V a r i a b l e_{i, t} + \sum I n d u s t r y + \sum Y e a r + ε_{i, t}

where Performance represents the short-term corporate financial performance for testing H1 and the long-term corporate value for H2: the former is measured by the actual total assets earnings before interest and taxes (EBIT) margin minus the manipulated accrual margin (UnEBIT); the latter is measured by the Tobin’s Q firm value (TobinQ).

The short-term financial performance indicators chosen in previous empirical studies are usually EBIT or return on equity (ROE). They and may encompass the impact of earnings management, which produces “noise” and affects the results’ reliability.. Therefore, this study follows Cornett et al. (2009)Cornett, M. M., McNutt, J. J., & Tehranian, H. (2009). Corporate governance and earnings management at large U.S. bank holding companies. Journal of Corporate Finance, 15(4), 412-430. and selects the EBIT ratio of total assets after excluding earnings management as the financial performance indicator, eliminating this “noise.” First, the normal accrual margin is estimated according to Jones (1991)Jones, J. J. (1991). Earnings management during import relief investigations. Journal of Accounting Research, 29(2), 193-228. https://doi.org/10.2307/2491047
https://doi.org/10.2307/2491047... , as shown in Model (2). After that, the manipulated accrual margin is obtained by subtracting the normal accrual margin from the actual accrual margin according to Model (3). Finally, the total asset EBIT margin after excluding surplus management is obtained by subtracting the manipulated accrual margin from the actual total asset EBIT margin according to Model (4).

(2)

\frac{T A_{i, t}}{A s s e t s_{i, t - 1}} = β_{0} + β_{1} \frac{1}{A_{i, t - 1}} + β_{2} \frac{Δ S a l e s_{i, t - 1}}{A s s e t s_{i, t - 1}} + β_{3} \frac{P P E_{i, t}}{A s s e t s_{i, t - 1}} + ε_{i, t}

(3)

{DA}_{i, t} = \frac{T A_{i, t}}{A s s e t s_{i, t - 1}} - (\hat{β_{1}} \frac{1}{A_{i, t - 1}} + \hat{β_{2}} \frac{Δ S a l e s_{i, t - 1}}{A s s e t s_{i, t - 1}} + \hat{β_{3}} \frac{P P E_{i, t}}{A s s e t s_{i, t - 1}})

(4)

U n E B I T_{i, t} = \frac{E B I T_{i, t}}{A s s e t s_{i, t}} - D A_{i, t}

where TA represents accrued profit, which is equal to net income minus net cash flow from operating activities; Asset represents total assets. ΔSales represents the difference between the current year’s sales revenue and the prior year’s sales revenue; PPE represents the total fixed assets; DA indicates manipulated accrued profit margin; EBIT indicates earnings before interest and taxes; UnEBIT represents total assets EBIT margin after excluding earnings management.

The use of Tobin’s Q as a measure of long-term corporate value can be traced back to Demsetz and Lehn (1985)Demsetz., H., & Lehn, K. M. (1985). The structure of coporate owenership: Causes and Consequences. Journal of Political Economy, 93(6), 1155-1177. https://doi.org/10.1086/261354
https://doi.org/10.1086/261354... . Wernerfelt and Montgomery (1988)Wernerfelt, B., & Montgomery, C. A. (1988). Tobins’Q and the importance of couse in firm performance. Amercan Economic Review, 78(1), 245-250. https://www.jstor.org/stable/1814713
https://www.jstor.org/stable/1814713... also argue that Tobin’s Q implicitly considers a reasonable risk discount rate based on equilibrium returns because it captures the market value of the firm, which minimizes the valuation distortions caused by tax and accounting measures. Therefore, it is a more reasonable measure of a firm’s long-term value than the accounting rate of return. Therefore, Tobin’s Q theory provides the best description of the intrinsic relationship between investment and stock prices, and Tobin’s Q is an important proxy for the long-term value of firms (Lang & Stulz,1994Lang, L. H. P., & Stulz, R. M. (1994). Tobin’s Q, corporate diversigication and firm performance. Jorunal of Political Economy, 102(4), 1248-1280. https://doi.org/10.1086/261970
https://doi.org/10.1086/261970... ). Specifically, we calculate Tobin’s Q to be equal to the sum of the value of outstanding shares, non-marketable shares, and total liabilities, divided by total assets.

Treat is a dummy variable: if a company has implemented a PDPS, it will be set to 1; otherwise, 0. Based on Xu et al.’s (2005)Xu, L., Chen, G., & Xin, Y. (2005). The shift of controlling right, the reform of ownership and the enhancement of company’s achievements in operation. Management World, 3, 126-136. https://t.cnki.net/kcms/detail?v=GQ3D3QRod5BpvDg7NxP_oqIWtTMP0MigcQ2OjkNdkk-ws1_xObc5-jSiHD78h5sctluvjcb66gbvmJeZtBRwJAMufJcHFwI93DplO8JL4TiwMr6M5CSfNQ==&uniplatform=NZKPT&language=CHS
https://t.cnki.net/kcms/detail?v=GQ3D3QR... research, this study controls for the following variables: current ratio (Curr), firm size (Size), leverage ratio (Lev), turnover ratio (Turnover), institution shareholder’s ratio (Shrhfd), and largest shareholder’s ratio (Investor). Meanwhile, we control for both industry (Industry) and year (Year) fixed effects.

EMPIRICAL RESULTS

Before performing the panel data regression analysis, post-estimation tests of the residual assumptions, including normality, absence of serial autocorrelation, and homoscedasticity, are performed on the sample. To alleviate the problems of intra-group autocorrelation and heteroscedasticity, subsequent regression tests are performed using cluster robust standard errors to correct for heteroscedasticity and autocorrelation. The Hausman test is used to determine the use of the fixed effects model.

Table 3 illustrates the results of the descriptive statistics. The mean of Treat is 0.5, indicating that after PSM, the sample companies with and without personal data protection measures in place are balanced. The means of UnEBIT and TobinQ are 0.269 and 2.034, respectively. This means that the average EBIT margin after excluding the earnings management practices of the sample is 26.9%. Both the standard deviations of UnEBIT and TobinQ are 0.647 and 1.333, respectively, indicating significant differences in financial performance and corporate value between the observations.

Thumbnail

Table 3
Descriptive statistics

Table 4 shows the Pearson correlation analysis of the variables. The correlation coefficients among other control variables are less than 0.4, indicating no serious multicollinearity problem. The last column reports the variance inflation factors (VIFs) of all the variables. The VIF values are all less than 3, which means there is no serious multicollinearity problem.

Thumbnail

Table 4
Pearson Correlation

Columns (1) and (2) of Table 5 show the regression results of the short-term financial performance of the enterprises. The coefficients of Treat are 0.029, which is significant at 0.05 level, indicating that the financial performance of these companies has been greatly improved since they implemented PDPS. In economic terms, after applying PDPS, the firm’s EBIT margin, excluding earnings management, improves by 3%. This finding proves H1.

Thumbnail

Table 5
Main Regression Result

In column (2), the coefficient of Treat is 0.135, which is significantly positive at the 0.05 level, indicating that implementing PDPS by these companies, their corporate value will be strengthened significantly in the long term. From the economic point of view, after PDPS implementation, the firm’s Tobin’s Q value will improve by 13.5%. Therefore, H2 is verified.

The adjusted R-squared values are 0.748 and 0.232 in both models, similar to the result from Huang et al. (2009)Huang, L., Wang, H. C, & Qiu, Y. Z.(2009). Does Tobin Q reflect the value of the firm--based on the perspective of market speculativeness. Nankai Management Review, 12(1), 90-95+123. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=LKGP200901014&DbName=CJFQ2009
https://kns.cnki.net/kcms/detail/detail.... and Zhang et al. (2013)Zhang, Z., Jin, X., & Li, G. (2013). An empirical study on the interactive intertemporal impact between corporate social responsibility and financial performance. Accounting Research, 8, 32-39+96. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=KJYJ201308005&DbName=CJFQ2013
https://kns.cnki.net/kcms/detail/detail.... , which also use UnEBIT and TobinQ as dependent variables. This indicates that the explanatory power of the overall model is good. The explanatory power of the short-term performance model (1) is 74.8%, and the second long-term performance model (2) has an explanatory power of 23.2%. The long corporate value model is lower than the short-term financial performance because of the complexity and higher uncertainty of the factors affecting the firm’s long-term value. However, both models have good explanatory power, thus proving their validity.

ROBUSTNESS TESTS

Heckman self-selection

As there is a self-selection problem in whether to deploy a PDPS, this study employs the Heckman two-step method to deal further with the endogeneity issue. Treat is used as a dependent variable in the first step of this method, and a probit model is used to estimate the treatment effect to calculate the probability of a company deploying a PDPS. By adding all the control variables in Model (1), this study calculates the inverse Mills ratio (IMR) for each firm-year observation. In the second step, IMR is added to Equation (1) as a control variable.

As seen in columns (1) and (2) of Table 6, for the results after the samples’ self-selection problem is considered, the coefficients of Treat are still significantly positive above the 5% level, indicating that the implementation of PDPSs by these companies still has a significantly positive impact on their financial performance and corporate value. Both coefficients of IMR are not significant, which means that the samples do not have serious selective bias. Thus, the original hypotheses are still consistent.

Thumbnail

Table 6
Endogenous Problem Test

Variable substitution

First, we use ROE and net income (Profit), equal to the total profit divided by the operating income, as substitution variables for short-term performance. After replacing UnEBIT in model (1), columns (3) and (4) of Table 6 show the result, and both coefficients of Treat are still significantly positive after using substitution variables. It means that after using PDPS, both ROE and Profit will significantly improve, which supports H1.

Second, we use the cumulated abnormal return (CAR) as a substitution variable for long-term corporate value. Based on the method proposed by Froot et al. (2017)Froot, K., Kang, N., Ozik, G., & Sadka, R.(2017), What do measures of real-time corporate sales say about earnings surprises and post-announcement returns? Journal of Financial Economics, 125(1), 143-162. https://doi.org/10.1016/j.jfineco.2017.04.008
https://doi.org/10.1016/j.jfineco.2017.0... , this study defines the CAR as the cumulative excess return in the (t-1, t+3) window time relative to the market return. After replacing TobinQ in Model (1), column (5) of Table 6 shows the result. The coefficient of Treat remains significantly positive at the 1% level, indicating that after a company implements a PDPS, its value will go up significantly. Therefore, H2 is still valid.

One-period lagged method

The current financial variables of a company may be highly correlated with financial performance and corporate value. Further tests were conducted to mitigate the endogeneity problem using model (1) with lagged control variables. Specifically, all control variables are deferred for one year to avoid short-term effects. As shown in columns (1) and (2) of Table 7, both coefficients of Treat are significantly positive, indicating that the results are consistent.

Thumbnail

Table 7
One-period lagged test

CONCLUSION

Theoretical implications

Existing studies have debated the economic consequences of PDPS. One side argues that these systems entail more labor expenses and operating costs, thus leading to diminished economic profits for companies (Mattoo & Meltzer, 2018Mattoo, A., & Meltzer, J. P. (2018), International data flows and privacy: The conflict and its resolution, Journal of International Economic Law, 21(4), 769-789.; Zhao, 2021Zhao, Y. (2021). The impact of EU GDPR on China-EU digital economy cooperation and its response. Practice in Foreign Economic Relations and Trade, 2, 22-25. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=DWJW202102007&DbName=CJFQ2021
https://kns.cnki.net/kcms/detail/detail.... ). When possessing a data protection system, companies are required to maintain a breakdown of their processing activities and incorporate data protection into their technical design (Taufick, 2021Taufick, R. D. (2021). The underdeterrence, underperformance response to privacy, data protection laws, Technology in Society, 67, 101752. https://doi.org/10.1016/j.techsoc.2021.101752
https://doi.org/10.1016/j.techsoc.2021.1... ), which undoubtedly increases costs. Additionally, in self-regulation, companies are uncertain about the level of personal data protection that should be provided to consumers, and this uncertainty is costly (Adjerid et al., 2016Adjerid, I., Acquisti, A., Telang, R., Padman, R., & Adler-Milstein, J. (2016). The impact of privacy regulation and technology incentives, the case of health information exchanges, Management Science, 62(4), 1042-1063. https://doi.org/10.1287/mnsc.2015.2194
https://doi.org/10.1287/mnsc.2015.2194... ). Furthermore, disputes over the commercialization of personal data are complicated in the long run (Yu & Zhao, 2019Yu, X. L., & Zhao, Y. (2019). Dualism in data protection: Balancing the right to personal data and the data property right. Computer Law & Security Review, 35(5), 105318. https://doi.org/10.1016/j.clsr.2019.04.001
https://doi.org/10.1016/j.clsr.2019.04.0... ); this is because the balance between the economic and social benefits of Big Data and the costs of personal data protection is difficult to maintain (Politou et al., 2019Politou, E., Alepis, E., & Patsakis, C. (2019). Profiling tax and financial behaviour with big data under the GDPR. Computer Law & Security Review, 35(3), 306-329.). However, some scholars believe that the establishment of PDPS can showcase a company’s positive attitude toward privacy protection and generate competitive advantage (Ball, 2010Ball, K. (2010). Data protection in the outsourced call center: An exploratory case study. Human Resource Management Journal, 20(3), 294-310. https://doi.org/10.1111/j.1748-8583.2010.00129.x
https://doi.org/10.1111/j.1748-8583.2010... ; Politou et al., 2019Politou, E., Alepis, E., & Patsakis, C. (2019). Profiling tax and financial behaviour with big data under the GDPR. Computer Law & Security Review, 35(3), 306-329.; Tsai et al., 2011Tsai, J. Y., Egelman, S., Cranor, L., & Acquisti, A. (2011). The effect of online privacy information on purchasing behavior: An experimental study. Information Systems Research, 22(2), 254-268. https://doi.org/10.1287/isre.1090.0260
https://doi.org/10.1287/isre.1090.0260... ), which will help it strengthen its market position (Gal & Aviv, 2020Gal, M. S., & Aviv, O. (2020). The competitive effects of the GDPR. Journal of Competition Law & Economics, 16(3), 349-391. https://doi.org/10.1093/joclec/nhaa012
https://doi.org/10.1093/joclec/nhaa012... ; Steppe, 2017Steppe, R. (2017). Online price discrimination and personal data: A general data protection regulation perspective. Computer Law & Security Review, 33(6), 768-785. https://doi.org/10.1016/j.clsr.2017.05.008
https://doi.org/10.1016/j.clsr.2017.05.0... ). Therefore, it is important to study the economic consequences of personal data protection on enterprises to promote PDPS. By exploring the impact of implementing PDPS, this study finds that such implementation would benefit the improvement of corporate financial performance and corporate value. This provides a useful complement to the economic consequences of using PDPS in emerging market countries.

Practical implications

This conclusion offers insights and references for both governments and enterprises. Governments, on the one hand, should actively promote legislation on protecting personal data. Although many developing countries have introduced relevant legal systems to protect personal data, these systems are often too general to provide precise guidance in practice. Governments shall implement and refine their management systems and requirements while setting forth detailed specifications and standards for each component of corporate data security by collaborating with the industries. On the other hand, governments should establish personal data regulatory agencies to strengthen the enforcement of data security laws. In many emerging markets, their current systems do not have strong supervision over data controllers and fail to play the effect of laws related to personal data protection. They should establish a data protection regulator to supervise relevant organizations to comply with personal data protection laws through specialized agencies to guide enterprises to regulate the handling of personal data and continuously improve the awareness and ability to protect user data security.

Enterprises should develop and implement systematic PDPS. First, they must clarify the rules on personal data utilization and reach a consensus with both their employees and managers, and relevant agreements must be signed for future accountability. From a technical perspective, companies should adopt encryption, corruption isolation, and de-normalization to secure data and disclose the process in the company’s report. Second, it is necessary to establish a response mechanism for data-breaching events. Once personal data are disclosed illegally, companies should report the events properly, while taking appropriate measures to minimize potential losses. Third, regarding human capital management, companies should actively recruit relevant talent and create special positions, such as personal data protection officers and data protection specialists, to achieve dedicated supervision in procedures involving personal data (e.g., collection and processing). Finally, companies should conduct regular risk assessments of their internal PDPS, and such assessments should include identifying risks, calculating the probability of occurrence of breaches, identifying possible consequences, and remediating serious risks promptly.

Limitations and future research

This study has some limitations and suggestions for future studies. At present, due to the lack of awareness of personal data protection, many enterprises’ PDPS mechanisms are not perfect. This study only examined whether PDPS were established, but it was impossible to observe the degree of these systems’ implementation in each enterprise in detail. Future research can obtain first-hand information through visits to companies, case studies, and other methods while using more dimensional scoring systems and text analysis to evaluate PDPS. In addition, we used Chinese data, which has certain significant points for other developing countries. In the future, we can explore data from other countries to enrich the universality of the conclusions. Finally, we explored the impact of PDPS on Chinese e-commerce companies. Future research can consider the heterogeneity of the industry and further explore the impact of companies in other industries.

ACKNOWLEDGEMENT

The research received financial support from the Ministry of Science and Technology of the People's Republic of China, National Natural Science Foundation of China 72102139

REFERENCES

Adjerid, I., Acquisti, A., Telang, R., Padman, R., & Adler-Milstein, J. (2016). The impact of privacy regulation and technology incentives, the case of health information exchanges, Management Science, 62(4), 1042-1063. https://doi.org/10.1287/mnsc.2015.2194
» https://doi.org/10.1287/mnsc.2015.2194
Allen, K. (2018). GDPR: Time to reap the opportunities for customer acquisition and management. EContent, 41(4), 26-27. https://www-proquest-com.ezproxy.lib.uts.edu.au/docview/2124417585?pq-origsite=primo
» https://www-proquest-com.ezproxy.lib.uts.edu.au/docview/2124417585?pq-origsite=primo
Ball, K. (2010). Data protection in the outsourced call center: An exploratory case study. Human Resource Management Journal, 20(3), 294-310. https://doi.org/10.1111/j.1748-8583.2010.00129.x
» https://doi.org/10.1111/j.1748-8583.2010.00129.x
Bostic, R.B., Calem, P.S., 2003. Privacy restrictions and the use of data at credit repositories. In: Miller, M. J. (Ed.), Credit Reporting Systems and the International Economy. MIT Press. pp. 311–334. Hunt, R. M., 2002
Buttarelli, G. (2016). The EU GDPR as a clarion call for a new global digital gold standard. International Data Privacy Law, 6(2), 77-78. doi:10.1093/idpl/ipw006
» https://doi.org/10.1093/idpl/ipw006
Chen, X., Wang, Y., & Yang, Z. (2020). Corporate social responsibility and firm value: The moderating effect of organizational inertia and industry sensitivity. Journal of Technology Economics, 39(7), 140-146+158. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=JSJI202007018&DbName=CJFQ2020
» https://kns.cnki.net/kcms/detail/detail.aspx?FileName=JSJI202007018&DbName=CJFQ2020
Chen, Y. H., Zhang, Z. G., & Huang, L. (2021). Exploring the mechanisms and paths of manufacturing digital enablement on business model innovation. Chinese Journal of Management, 18(5), 731-740. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=GLXB202105012&DbName=CJFQ2021
» https://kns.cnki.net/kcms/detail/detail.aspx?FileName=GLXB202105012&DbName=CJFQ2021
Chowdhury, R. H., Fu, C., Huang, Q., & Lin, N. (2021). CSR disclosure of foreign versus U.S. firms: Evidence from ADRs. Journal of International Financial Markets, Institutions and Money, 70, 101275. https://doi.org/10.1016/j.intfin.2020.101275
» https://doi.org/10.1016/j.intfin.2020.101275
Cornett, M. M., McNutt, J. J., & Tehranian, H. (2009). Corporate governance and earnings management at large U.S. bank holding companies. Journal of Corporate Finance, 15(4), 412-430.
Demetzou, K. (2019). Data protection impact assessment: A tool for accountability and the unclarified concept of ‘high risk’ in the General Data Protection Regulation. Computer Law & Security Review, 35(6), 105342. https://doi.org/10.1016/j.clsr.2019.105342
» https://doi.org/10.1016/j.clsr.2019.105342
Demsetz., H., & Lehn, K. M. (1985). The structure of coporate owenership: Causes and Consequences. Journal of Political Economy, 93(6), 1155-1177. https://doi.org/10.1086/261354
» https://doi.org/10.1086/261354
Forsgren, M., & Holm, U. (2021). Controlling without owning – owning without controlling: A critical note on two extensions of internalization theory. Journal of International Business Studies, 1, 1-13. https://doi.org/10.1057/s41267-021-00416-3
» https://doi.org/10.1057/s41267-021-00416-3
Froot, K., Kang, N., Ozik, G., & Sadka, R.(2017), What do measures of real-time corporate sales say about earnings surprises and post-announcement returns? Journal of Financial Economics, 125(1), 143-162. https://doi.org/10.1016/j.jfineco.2017.04.008
» https://doi.org/10.1016/j.jfineco.2017.04.008
Gal, M. S., & Aviv, O. (2020). The competitive effects of the GDPR. Journal of Competition Law & Economics, 16(3), 349-391. https://doi.org/10.1093/joclec/nhaa012
» https://doi.org/10.1093/joclec/nhaa012
Ghoul, S. E., Guedhami, O., & Kim, Y. (2017). Country-level institutions, firm value, and the role of corporate social responsibility initiatives. Journal of International Business Studies, 48(3), 360-385. https://doi.org/10.1057/jibs.2016.4
» https://doi.org/10.1057/jibs.2016.4
Grover, V., Chiang, R. H. L., Liang, T. P., & Zhang, D. (2018). Creating strategic business value from big data analytics: A research framework. Journal of Management Information Systems, 35(2), 388-423. https://doi.org/10.1080/07421222.2018.1451951
» https://doi.org/10.1080/07421222.2018.1451951
Huang, L., Wang, H. C, & Qiu, Y. Z.(2009). Does Tobin Q reflect the value of the firm--based on the perspective of market speculativeness. Nankai Management Review, 12(1), 90-95+123. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=LKGP200901014&DbName=CJFQ2009
» https://kns.cnki.net/kcms/detail/detail.aspx?FileName=LKGP200901014&DbName=CJFQ2009
Jones, J. J. (1991). Earnings management during import relief investigations. Journal of Accounting Research, 29(2), 193-228. https://doi.org/10.2307/2491047
» https://doi.org/10.2307/2491047
Kallberg, J. G., & Udell, G. F. (2003). The value of private sector business credit information sharing: The US case. Journal of Banking & Finance, 27(3), 449-469. https://doi.org/10.1016/S0378-4266(02)00387-4
» https://doi.org/10.1016/S0378-4266(02)00387-4
Krämer, J., & Stüdlein, N. (2019). Data portability, data disclosure and data-induced switching costs: Some unintended consequences of the General Data Protection Regulation. Economics Letters, 181, 99-103. https://doi.org/10.1016/j.econlet.2019.05.015
» https://doi.org/10.1016/j.econlet.2019.05.015
Lachaud, E. (2020). ISO/IEC 27701 standard: Threats and opportunities for GDPR certification. Eur. Data Prot. L. Rev, 6(2), 194-210. https://heinonline.org/HOL/LandingPage?handle=hein.journals/edpl6÷=32&id=&page=
» https://heinonline.org/HOL/LandingPage?handle=hein.journals/edpl6÷=32&id=&page=
Lang, L. H. P., & Stulz, R. M. (1994). Tobin’s Q, corporate diversigication and firm performance. Jorunal of Political Economy, 102(4), 1248-1280. https://doi.org/10.1086/261970
» https://doi.org/10.1086/261970
Li, Z., Ruan, D., & Zhang, T. (2020). Value creation mechanism of corporate social responsibility: A study based on internal control. Accounting Research, 11, 112-124. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=KJYJ202011009&DbName=CJFQ2020
» https://kns.cnki.net/kcms/detail/detail.aspx?FileName=KJYJ202011009&DbName=CJFQ2020
Libaque-Sáenz, C. F., Wong, S. F., Chang, Y., Ha, Y. W., & Park, M. C. (2016). Understanding antecedents to perceived information risks: An empirical study of the Korean telecommunications market. Information Development, 32(1), 91-106. https://doi.org/10.1177/0266666913516884
» https://doi.org/10.1177/0266666913516884
Lins, K. V., Servaes, H., & Tamayo, A. (2017). Social capital, trust, and firm performance: The value of corporate social responsibility during the financial crisis. The Journal of Finance, 72(4), 1785-1824. https://doi.org/10.1111/jofi.12505
» https://doi.org/10.1111/jofi.12505
Lombart, C., & Louis, D. (2012). Consumer satisfaction and loyalty: Two main consequences of retailer personality. Journal of Retailing and Consumer Services, 19(6), 644-652. https://doi.org/10.1016/j.jretconser.2012.08.007
» https://doi.org/10.1016/j.jretconser.2012.08.007
Lu, M. (2020). The Chinese approach to CSR development: An analysis of CSR-government relationship in China. International Journal of Business Governance and Ethics, 14(4), 384-405. https://doi.org/10.1504/IJBGE.2020.110788
» https://doi.org/10.1504/IJBGE.2020.110788
Mattoo, A., & Meltzer, J. P. (2018), International data flows and privacy: The conflict and its resolution, Journal of International Economic Law, 21(4), 769-789.
Negrouk, A., & Lacombe, D. (2018). Does GDPR harm or benefit research participants? An EORTC point of view. The Lancet Oncology, 19(10), 1278-1280. https://doi.org/10.1016/S1470-2045(18)30620-X
» https://doi.org/10.1016/S1470-2045(18)30620-X
Nguyen, N. T., Nguyen, N. P., & Hoai, T. T. (2021). Ethical leadership, corporate social responsibility, firm reputation, and firm performance: A serial mediation model. Heliyon, 7(4), 1-9. https://doi.org/10.1016/j.heliyon.2021.e06809
» https://doi.org/10.1016/j.heliyon.2021.e06809
Nyi, N. H., Martin, H., & Lynne, B. (2018). Beyond traditional collaborative search: Understanding the effect of awareness on multi-level collaborative information retrieval. Information Processing & Management, 54(1), 60-87. https://doi.org/10.1016/j.ipm.2017.09.003
» https://doi.org/10.1016/j.ipm.2017.09.003
Ong, R. (2012). Data protection in Malaysia and Hong Kong: One step forward, two steps back? Computer Law & Security Review, 28(4), 429-437. https://doi.org/10.1016/j.clsr.2012.05.002
» https://doi.org/10.1016/j.clsr.2012.05.002
Özcan, F., & Elçi, M. (2020). Employees’ perception of CSR affecting employer brand, brand image, and corporate reputation. SAGE Open, 10(4). https://doi.org/10.1177/2158244020972372
» https://doi.org/10.1177/2158244020972372
Politou, E., Alepis, E., & Patsakis, C. (2019). Profiling tax and financial behaviour with big data under the GDPR. Computer Law & Security Review, 35(3), 306-329.
Ramos, F. E., & Blind, K. (2020). Data portability effects on data-driven innovation of online platforms: Analyzing Spotify. Telecommunications Policy, 44(9), 102026. https://doi.org/10.1016/j.telpol.2020.102026
» https://doi.org/10.1016/j.telpol.2020.102026
Schwartz, P. M., & Peifer, K. N. (2017). Transatlantic data privacy law, The Georgetown Law Journal, 106(1), 146-147.
Seo, J., Kim, K., Park, M., Park, M., & Lee, K. (2018). An analysis of economic impact on IoT industry under GDPR. Mobile Information Systems, vol. 2018 6792028. https://doi.org/10.1155/2018/6792028
» https://doi.org/10.1155/2018/6792028
Sheng, X., & Yang, S. (2020). Analysis on the applicabilities and functions of GDPR to personal data protection in open sharing of scientific data. Library and Information Service, 64(22), 48-57.
Skaife, H. A., Colins, D. W., Kinney, W. R., & Lafond, R. (2008). The effect of SOX internal control deficiencies and their remediation on accrual quality. The Accounting Review, 83(1), 217-250. https://doi.org/10.2308/accr.2008.83.1.217
» https://doi.org/10.2308/accr.2008.83.1.217
Steppe, R. (2017). Online price discrimination and personal data: A general data protection regulation perspective. Computer Law & Security Review, 33(6), 768-785. https://doi.org/10.1016/j.clsr.2017.05.008
» https://doi.org/10.1016/j.clsr.2017.05.008
Sullvian, C. (2019). EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era. Computer Law & Security Review, 35(4), 380-397. https://doi.org/10.1016/j.clsr.2019.05.004
» https://doi.org/10.1016/j.clsr.2019.05.004
Taufick, R. D. (2021). The underdeterrence, underperformance response to privacy, data protection laws, Technology in Society, 67, 101752. https://doi.org/10.1016/j.techsoc.2021.101752
» https://doi.org/10.1016/j.techsoc.2021.101752
Tsai, J. Y., Egelman, S., Cranor, L., & Acquisti, A. (2011). The effect of online privacy information on purchasing behavior: An experimental study. Information Systems Research, 22(2), 254-268. https://doi.org/10.1287/isre.1090.0260
» https://doi.org/10.1287/isre.1090.0260
Vázquez, J. L., Lanero, A., & Licandro, O. (2013). The added value of corporate social responsibility: Some insights from a research in Uruguay. International Review on Public and Nonprofit Marketing, 10(3), 187-200. https://doi.org/10.1007/s12208-013-0099-3
» https://doi.org/10.1007/s12208-013-0099-3
Wernerfelt, B., & Montgomery, C. A. (1988). Tobins’Q and the importance of couse in firm performance. Amercan Economic Review, 78(1), 245-250. https://www.jstor.org/stable/1814713
» https://www.jstor.org/stable/1814713
Wilson, S. (2018). A framework for security technology cohesion in the era of the GDPR. Computer Fraud & Security, 2018(12), 8-11. https://doi.org/10.1016/S1361-3723(18)30119-2
» https://doi.org/10.1016/S1361-3723(18)30119-2
Xu, L., Chen, G., & Xin, Y. (2005). The shift of controlling right, the reform of ownership and the enhancement of company’s achievements in operation. Management World, 3, 126-136. https://t.cnki.net/kcms/detail?v=GQ3D3QRod5BpvDg7NxP_oqIWtTMP0MigcQ2OjkNdkk-ws1_xObc5-jSiHD78h5sctluvjcb66gbvmJeZtBRwJAMufJcHFwI93DplO8JL4TiwMr6M5CSfNQ==&uniplatform=NZKPT&language=CHS
» https://t.cnki.net/kcms/detail?v=GQ3D3QRod5BpvDg7NxP_oqIWtTMP0MigcQ2OjkNdkk-ws1_xObc5-jSiHD78h5sctluvjcb66gbvmJeZtBRwJAMufJcHFwI93DplO8JL4TiwMr6M5CSfNQ==&uniplatform=NZKPT&language=CHS
Yan, H., & Zhang, T. (2013). The protection and utilization of consumers’ private information in the operation of financial groups-U.S. legislative experience, evaluation and reference. Financial Theory & Practice, 44, 76-79. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=JRLS201304016&DbName=CJFQ2013
» https://kns.cnki.net/kcms/detail/detail.aspx?FileName=JRLS201304016&DbName=CJFQ2013
Yu, X. L., & Zhao, Y. (2019). Dualism in data protection: Balancing the right to personal data and the data property right. Computer Law & Security Review, 35(5), 105318. https://doi.org/10.1016/j.clsr.2019.04.001
» https://doi.org/10.1016/j.clsr.2019.04.001
Zhang, Z., Jin, X., & Li, G. (2013). An empirical study on the interactive intertemporal impact between corporate social responsibility and financial performance. Accounting Research, 8, 32-39+96. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=KJYJ201308005&DbName=CJFQ2013
» https://kns.cnki.net/kcms/detail/detail.aspx?FileName=KJYJ201308005&DbName=CJFQ2013
Zhao, Y. (2021). The impact of EU GDPR on China-EU digital economy cooperation and its response. Practice in Foreign Economic Relations and Trade, 2, 22-25. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=DWJW202102007&DbName=CJFQ2021
» https://kns.cnki.net/kcms/detail/detail.aspx?FileName=DWJW202102007&DbName=CJFQ2021

Publication Dates

Publication in this collection
10 July 2023
Date of issue
2023

History

Received
16 May 2022
Accepted
07 Feb 2023

This is an Open Access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

[1] Adjerid, I., Acquisti, A., Telang, R., Padman, R., & Adler-Milstein, J. (2016). The impact of privacy regulation and technology incentives, the case of health information exchanges, Management Science, 62(4), 1042-1063. https://doi.org/10.1287/mnsc.2015.2194
» https://doi.org/10.1287/mnsc.2015.2194

[2] Allen, K. (2018). GDPR: Time to reap the opportunities for customer acquisition and management. EContent, 41(4), 26-27. https://www-proquest-com.ezproxy.lib.uts.edu.au/docview/2124417585?pq-origsite=primo
» https://www-proquest-com.ezproxy.lib.uts.edu.au/docview/2124417585?pq-origsite=primo

[3] Ball, K. (2010). Data protection in the outsourced call center: An exploratory case study. Human Resource Management Journal, 20(3), 294-310. https://doi.org/10.1111/j.1748-8583.2010.00129.x
» https://doi.org/10.1111/j.1748-8583.2010.00129.x

[4] Bostic, R.B., Calem, P.S., 2003. Privacy restrictions and the use of data at credit repositories. In: Miller, M. J. (Ed.), Credit Reporting Systems and the International Economy. MIT Press. pp. 311–334. Hunt, R. M., 2002

[5] Buttarelli, G. (2016). The EU GDPR as a clarion call for a new global digital gold standard. International Data Privacy Law, 6(2), 77-78. doi:10.1093/idpl/ipw006
» https://doi.org/10.1093/idpl/ipw006

[6] Chen, X., Wang, Y., & Yang, Z. (2020). Corporate social responsibility and firm value: The moderating effect of organizational inertia and industry sensitivity. Journal of Technology Economics, 39(7), 140-146+158. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=JSJI202007018&DbName=CJFQ2020
» https://kns.cnki.net/kcms/detail/detail.aspx?FileName=JSJI202007018&DbName=CJFQ2020

[7] Chen, Y. H., Zhang, Z. G., & Huang, L. (2021). Exploring the mechanisms and paths of manufacturing digital enablement on business model innovation. Chinese Journal of Management, 18(5), 731-740. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=GLXB202105012&DbName=CJFQ2021
» https://kns.cnki.net/kcms/detail/detail.aspx?FileName=GLXB202105012&DbName=CJFQ2021

[8] Chowdhury, R. H., Fu, C., Huang, Q., & Lin, N. (2021). CSR disclosure of foreign versus U.S. firms: Evidence from ADRs. Journal of International Financial Markets, Institutions and Money, 70, 101275. https://doi.org/10.1016/j.intfin.2020.101275
» https://doi.org/10.1016/j.intfin.2020.101275

[9] Cornett, M. M., McNutt, J. J., & Tehranian, H. (2009). Corporate governance and earnings management at large U.S. bank holding companies. Journal of Corporate Finance, 15(4), 412-430.

[10] Demetzou, K. (2019). Data protection impact assessment: A tool for accountability and the unclarified concept of ‘high risk’ in the General Data Protection Regulation. Computer Law & Security Review, 35(6), 105342. https://doi.org/10.1016/j.clsr.2019.105342
» https://doi.org/10.1016/j.clsr.2019.105342

[11] Demsetz., H., & Lehn, K. M. (1985). The structure of coporate owenership: Causes and Consequences. Journal of Political Economy, 93(6), 1155-1177. https://doi.org/10.1086/261354
» https://doi.org/10.1086/261354

[12] Forsgren, M., & Holm, U. (2021). Controlling without owning – owning without controlling: A critical note on two extensions of internalization theory. Journal of International Business Studies, 1, 1-13. https://doi.org/10.1057/s41267-021-00416-3
» https://doi.org/10.1057/s41267-021-00416-3

[13] Froot, K., Kang, N., Ozik, G., & Sadka, R.(2017), What do measures of real-time corporate sales say about earnings surprises and post-announcement returns? Journal of Financial Economics, 125(1), 143-162. https://doi.org/10.1016/j.jfineco.2017.04.008
» https://doi.org/10.1016/j.jfineco.2017.04.008

[14] Gal, M. S., & Aviv, O. (2020). The competitive effects of the GDPR. Journal of Competition Law & Economics, 16(3), 349-391. https://doi.org/10.1093/joclec/nhaa012
» https://doi.org/10.1093/joclec/nhaa012

[15] Ghoul, S. E., Guedhami, O., & Kim, Y. (2017). Country-level institutions, firm value, and the role of corporate social responsibility initiatives. Journal of International Business Studies, 48(3), 360-385. https://doi.org/10.1057/jibs.2016.4
» https://doi.org/10.1057/jibs.2016.4

[16] Grover, V., Chiang, R. H. L., Liang, T. P., & Zhang, D. (2018). Creating strategic business value from big data analytics: A research framework. Journal of Management Information Systems, 35(2), 388-423. https://doi.org/10.1080/07421222.2018.1451951
» https://doi.org/10.1080/07421222.2018.1451951

[17] Huang, L., Wang, H. C, & Qiu, Y. Z.(2009). Does Tobin Q reflect the value of the firm--based on the perspective of market speculativeness. Nankai Management Review, 12(1), 90-95+123. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=LKGP200901014&DbName=CJFQ2009
» https://kns.cnki.net/kcms/detail/detail.aspx?FileName=LKGP200901014&DbName=CJFQ2009

[18] Jones, J. J. (1991). Earnings management during import relief investigations. Journal of Accounting Research, 29(2), 193-228. https://doi.org/10.2307/2491047
» https://doi.org/10.2307/2491047

[19] Kallberg, J. G., & Udell, G. F. (2003). The value of private sector business credit information sharing: The US case. Journal of Banking & Finance, 27(3), 449-469. https://doi.org/10.1016/S0378-4266(02)00387-4
» https://doi.org/10.1016/S0378-4266(02)00387-4

[20] Krämer, J., & Stüdlein, N. (2019). Data portability, data disclosure and data-induced switching costs: Some unintended consequences of the General Data Protection Regulation. Economics Letters, 181, 99-103. https://doi.org/10.1016/j.econlet.2019.05.015
» https://doi.org/10.1016/j.econlet.2019.05.015

[21] Lachaud, E. (2020). ISO/IEC 27701 standard: Threats and opportunities for GDPR certification. Eur. Data Prot. L. Rev, 6(2), 194-210. https://heinonline.org/HOL/LandingPage?handle=hein.journals/edpl6÷=32&id=&page=
» https://heinonline.org/HOL/LandingPage?handle=hein.journals/edpl6÷=32&id=&page=

[22] Lang, L. H. P., & Stulz, R. M. (1994). Tobin’s Q, corporate diversigication and firm performance. Jorunal of Political Economy, 102(4), 1248-1280. https://doi.org/10.1086/261970
» https://doi.org/10.1086/261970

[23] Li, Z., Ruan, D., & Zhang, T. (2020). Value creation mechanism of corporate social responsibility: A study based on internal control. Accounting Research, 11, 112-124. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=KJYJ202011009&DbName=CJFQ2020
» https://kns.cnki.net/kcms/detail/detail.aspx?FileName=KJYJ202011009&DbName=CJFQ2020

[24] Libaque-Sáenz, C. F., Wong, S. F., Chang, Y., Ha, Y. W., & Park, M. C. (2016). Understanding antecedents to perceived information risks: An empirical study of the Korean telecommunications market. Information Development, 32(1), 91-106. https://doi.org/10.1177/0266666913516884
» https://doi.org/10.1177/0266666913516884

[25] Lins, K. V., Servaes, H., & Tamayo, A. (2017). Social capital, trust, and firm performance: The value of corporate social responsibility during the financial crisis. The Journal of Finance, 72(4), 1785-1824. https://doi.org/10.1111/jofi.12505
» https://doi.org/10.1111/jofi.12505

[26] Lombart, C., & Louis, D. (2012). Consumer satisfaction and loyalty: Two main consequences of retailer personality. Journal of Retailing and Consumer Services, 19(6), 644-652. https://doi.org/10.1016/j.jretconser.2012.08.007
» https://doi.org/10.1016/j.jretconser.2012.08.007

[27] Lu, M. (2020). The Chinese approach to CSR development: An analysis of CSR-government relationship in China. International Journal of Business Governance and Ethics, 14(4), 384-405. https://doi.org/10.1504/IJBGE.2020.110788
» https://doi.org/10.1504/IJBGE.2020.110788

[28] Mattoo, A., & Meltzer, J. P. (2018), International data flows and privacy: The conflict and its resolution, Journal of International Economic Law, 21(4), 769-789.

[29] Negrouk, A., & Lacombe, D. (2018). Does GDPR harm or benefit research participants? An EORTC point of view. The Lancet Oncology, 19(10), 1278-1280. https://doi.org/10.1016/S1470-2045(18)30620-X
» https://doi.org/10.1016/S1470-2045(18)30620-X

[30] Nguyen, N. T., Nguyen, N. P., & Hoai, T. T. (2021). Ethical leadership, corporate social responsibility, firm reputation, and firm performance: A serial mediation model. Heliyon, 7(4), 1-9. https://doi.org/10.1016/j.heliyon.2021.e06809
» https://doi.org/10.1016/j.heliyon.2021.e06809

[31] Nyi, N. H., Martin, H., & Lynne, B. (2018). Beyond traditional collaborative search: Understanding the effect of awareness on multi-level collaborative information retrieval. Information Processing & Management, 54(1), 60-87. https://doi.org/10.1016/j.ipm.2017.09.003
» https://doi.org/10.1016/j.ipm.2017.09.003

[32] Ong, R. (2012). Data protection in Malaysia and Hong Kong: One step forward, two steps back? Computer Law & Security Review, 28(4), 429-437. https://doi.org/10.1016/j.clsr.2012.05.002
» https://doi.org/10.1016/j.clsr.2012.05.002

[33] Özcan, F., & Elçi, M. (2020). Employees’ perception of CSR affecting employer brand, brand image, and corporate reputation. SAGE Open, 10(4). https://doi.org/10.1177/2158244020972372
» https://doi.org/10.1177/2158244020972372

[34] Politou, E., Alepis, E., & Patsakis, C. (2019). Profiling tax and financial behaviour with big data under the GDPR. Computer Law & Security Review, 35(3), 306-329.

[35] Ramos, F. E., & Blind, K. (2020). Data portability effects on data-driven innovation of online platforms: Analyzing Spotify. Telecommunications Policy, 44(9), 102026. https://doi.org/10.1016/j.telpol.2020.102026
» https://doi.org/10.1016/j.telpol.2020.102026

[36] Schwartz, P. M., & Peifer, K. N. (2017). Transatlantic data privacy law, The Georgetown Law Journal, 106(1), 146-147.

[37] Seo, J., Kim, K., Park, M., Park, M., & Lee, K. (2018). An analysis of economic impact on IoT industry under GDPR. Mobile Information Systems, vol. 2018 6792028. https://doi.org/10.1155/2018/6792028
» https://doi.org/10.1155/2018/6792028

[38] Sheng, X., & Yang, S. (2020). Analysis on the applicabilities and functions of GDPR to personal data protection in open sharing of scientific data. Library and Information Service, 64(22), 48-57.

[39] Skaife, H. A., Colins, D. W., Kinney, W. R., & Lafond, R. (2008). The effect of SOX internal control deficiencies and their remediation on accrual quality. The Accounting Review, 83(1), 217-250. https://doi.org/10.2308/accr.2008.83.1.217
» https://doi.org/10.2308/accr.2008.83.1.217

[40] Steppe, R. (2017). Online price discrimination and personal data: A general data protection regulation perspective. Computer Law & Security Review, 33(6), 768-785. https://doi.org/10.1016/j.clsr.2017.05.008
» https://doi.org/10.1016/j.clsr.2017.05.008

[41] Sullvian, C. (2019). EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era. Computer Law & Security Review, 35(4), 380-397. https://doi.org/10.1016/j.clsr.2019.05.004
» https://doi.org/10.1016/j.clsr.2019.05.004

[42] Taufick, R. D. (2021). The underdeterrence, underperformance response to privacy, data protection laws, Technology in Society, 67, 101752. https://doi.org/10.1016/j.techsoc.2021.101752
» https://doi.org/10.1016/j.techsoc.2021.101752

[43] Tsai, J. Y., Egelman, S., Cranor, L., & Acquisti, A. (2011). The effect of online privacy information on purchasing behavior: An experimental study. Information Systems Research, 22(2), 254-268. https://doi.org/10.1287/isre.1090.0260
» https://doi.org/10.1287/isre.1090.0260

[44] Vázquez, J. L., Lanero, A., & Licandro, O. (2013). The added value of corporate social responsibility: Some insights from a research in Uruguay. International Review on Public and Nonprofit Marketing, 10(3), 187-200. https://doi.org/10.1007/s12208-013-0099-3
» https://doi.org/10.1007/s12208-013-0099-3

[45] Wernerfelt, B., & Montgomery, C. A. (1988). Tobins’Q and the importance of couse in firm performance. Amercan Economic Review, 78(1), 245-250. https://www.jstor.org/stable/1814713
» https://www.jstor.org/stable/1814713

[46] Wilson, S. (2018). A framework for security technology cohesion in the era of the GDPR. Computer Fraud & Security, 2018(12), 8-11. https://doi.org/10.1016/S1361-3723(18)30119-2
» https://doi.org/10.1016/S1361-3723(18)30119-2

[47] Xu, L., Chen, G., & Xin, Y. (2005). The shift of controlling right, the reform of ownership and the enhancement of company’s achievements in operation. Management World, 3, 126-136. https://t.cnki.net/kcms/detail?v=GQ3D3QRod5BpvDg7NxP_oqIWtTMP0MigcQ2OjkNdkk-ws1_xObc5-jSiHD78h5sctluvjcb66gbvmJeZtBRwJAMufJcHFwI93DplO8JL4TiwMr6M5CSfNQ==&uniplatform=NZKPT&language=CHS
» https://t.cnki.net/kcms/detail?v=GQ3D3QRod5BpvDg7NxP_oqIWtTMP0MigcQ2OjkNdkk-ws1_xObc5-jSiHD78h5sctluvjcb66gbvmJeZtBRwJAMufJcHFwI93DplO8JL4TiwMr6M5CSfNQ==&uniplatform=NZKPT&language=CHS

[48] Yan, H., & Zhang, T. (2013). The protection and utilization of consumers’ private information in the operation of financial groups-U.S. legislative experience, evaluation and reference. Financial Theory & Practice, 44, 76-79. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=JRLS201304016&DbName=CJFQ2013
» https://kns.cnki.net/kcms/detail/detail.aspx?FileName=JRLS201304016&DbName=CJFQ2013

[49] Yu, X. L., & Zhao, Y. (2019). Dualism in data protection: Balancing the right to personal data and the data property right. Computer Law & Security Review, 35(5), 105318. https://doi.org/10.1016/j.clsr.2019.04.001
» https://doi.org/10.1016/j.clsr.2019.04.001

[50] Zhang, Z., Jin, X., & Li, G. (2013). An empirical study on the interactive intertemporal impact between corporate social responsibility and financial performance. Accounting Research, 8, 32-39+96. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=KJYJ201308005&DbName=CJFQ2013
» https://kns.cnki.net/kcms/detail/detail.aspx?FileName=KJYJ201308005&DbName=CJFQ2013

[51] Zhao, Y. (2021). The impact of EU GDPR on China-EU digital economy cooperation and its response. Practice in Foreign Economic Relations and Trade, 2, 22-25. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=DWJW202102007&DbName=CJFQ2021
» https://kns.cnki.net/kcms/detail/detail.aspx?FileName=DWJW202102007&DbName=CJFQ2021

Step		Procedure	Obs. of companies
1		Initial sample of A-share listed companies in the e-commerce industry of the Shanghai and Shenzhen Stock Exchange from 2008 to 2020	2,669
2	Less:	Obs. with missing PDPS data	712
3		Obs. with missing financial information	291
4		Obs. dropping after PSM	754
5		Final sample	912

	Unmatched	Mean			%reduct	t-test
Variable	Matched	Treated	Control	%bias	\|bias\|	t	p>\|t\|
Curr	U	0.624	0.592	17.4		3.24	0.001
	M	0.624	0.612	2.4	63.4	1.13	0.259
Size	U	22.440	22.245	17.5		3.40	0.001
	M	22.440	22.241	−0.1	99.5	−0.01	0.988
Lev	U	0.418	0.447	−13.8	−2.62	0.009
	M	0.418	0.410	4.2	69.6	0.60	0.582
Shrhfd	U	0.367	0.348	13.3		2.50	0.013
	M	0.367	0.376	−5.9	55.7	−0.51	0.813
Investor	U	0.441	0.396	19.5		3.73	0.000
	M	0.441	0.434	2.7	86.4	0.62	0.554
Turnover	U	0.876	0.865	1.6		3.28	0.000
	M	0.876	0.834	5.9	−274	1.21	0.194

Variable	Obs	Mean	Std	5%	25%	Median	75%	95%
Treat	912	0.500	0.487	0.000	0.000	0.500	1.000	1.000
UnEBIT	912	0.269	0.647	−0.404	−0.157	0.089	0.515	1.413
TobinQ	912	2.034	1.333	0.886	1.246	1.573	2.291	8.912
Curr	912	0.603	0.194	0.124	0.470	0.610	0.750	0.971
Size	912	22.287	1.108	20.154	21.497	22.238	22.971	25.444
Lev	912	0.437	0.207	0.049	0.266	0.438	0.608	0.852
Shrhfd	912	0.356	0.144	0.107	0.238	0.340	0.456	0.626
Investor	912	0.412	0.231	0.003	0.238	0.422	0.590	0.766
Turnover	912	0.856	0.761	0.088	0.411	0.671	1.105	1.982

	UnEBIT	TobinQ	Curr	Size	Lev	Shrhfd	Investor	Turnover	VIF
UnEBIT	1
TobinQ	0.155	1
Curr	0.212	0.081	1						1.82
Size	0.143	0.299	−0.157	1					1.02
Lev	0.366	0.293	−0.082	0.484	1				1.21
Shrhfd	0.041	0.063	0.065	0.048	−0.068	1			1.79
Investor	0.097	0.129	−0.077	0.301	0.138	0.518	1		1.58
Turnover	0.417	0.106	0.221	0.107	0.342	0.033	0.069	1	1.32

	(1)	(2)
VARIABLES	UnEBIT	TobinQ
Treat	0.029**	0.135**
	(2.01)	(2.15)
Curr	0.096***	0.383**
	(2.60)	(2.31)
Size	0.009	0.231***
	(1.11)	(6.58)
Lev	0.156***	1.266***
	(3.80)	(6.91)
Shrhfd	0.038	0.609**
	(0.67)	(2.50)
Investor	0.037	0.003
	(0.97)	(0.02)
Turnover	0.721***	−0.032
	(77.01)	(−0.76)
Constant	−0.685***	7.207***
	(−4.07)	(9.73)
Observations	912	912
Adj.R-squared	0.748	0.232

Brasil

Brasil

NO WEAL WITHOUT WOE: IMPLEMENTATION OF PERSONAL DATA PROTECTION SYSTEMS AND CORPORATE VALUE

No hay resultados faciles: Implementación de sistemas de protección de datos personales y valor corporativo

ABSTRACT

RESUMEN

RESUMO

INTRODUCTION

LITERATURE REVIEW AND HYPOTHESIS DEVELOPMENT

Literature review

Hypothesis development

RESEARCH DESIGN

Data and sample

Research design

EMPIRICAL RESULTS

ROBUSTNESS TESTS

Heckman self-selection

Variable substitution

One-period lagged method

CONCLUSION

Theoretical implications

Practical implications

Limitations and future research

ACKNOWLEDGEMENT

REFERENCES

Publication Dates

History

	(1)	(2)	(3)	(4)	(5)
VARIABLES	UnEBIT	TobinQ	ROE	Profit	CAR
Treat	0.030**	0.150**	0.021***	0.004**	0.015***
	(2.06)	(2.39)	(4.56)	(2.34)	(6.01)
Curr	−0.114	4.111***	0.027**	−0.010	0.022***
	(−0.51)	(4.22)	(2.21)	(−0.64)	(3.32)
Size	−0.048	0.775***	0.025***	0.031***	0.012***
	(−0.80)	(2.97)	(9.74)	(8.90)	(8.92)
Lev	0.460	6.640***	0.087***	0.238***	0.119***
	(1.44)	(4.76)	(6.41)	(13.32)	(16.65)
Shrhfd	0.029	0.457*	0.027	0.069***	0.025***
	(0.50)	(1.86)	(1.49)	(2.88)	(2.60)
Investor	−0.094	−2.326***	−0.006	−0.057***	−0.012*
	(−0.67)	(−3.76)	(−0.51)	(−3.64)	(−1.96)
Turnover	0.713***	0.119**	0.002	0.035***	0.003
	(54.84)	(2.06)	(0.50)	(8.38)	(1.54)
IMR	−0.268	4.780
	(−0.96)	(0.88)
Constant	0.944	−21.656***	−0.458***	−0.425***	−0.191***
	(0.55)	(−2.90)	(−8.30)	(−5.88)	(−6.58)
Observations	912	912	912	912	912
Adj.R-squared	0.748	0.240	0.606	0.216	0.218

	(1)	(2)
VARIABLES	UnEBIT	TobinQ
Treat	0.017**	0.127*
	(2.18)	(1.83)
Curr_i,t−1	0.116***	0.649***
	(3.17)	(3.62)
Size_i,t−1	0.016**	0.255***
	(2.01)	(6.59)
Lev_i,t−1	0.143***	1.464***
	(3.44)	(7.26)
Shrhfd_i,t−1	0.037	0.540**
	(0.65)	(2.01)
Investor_i,t−1	0.002	0.109
	(0.05)	(0.60)
Turnover_i,t−1	0.770***	0.088*
	(76.94)	(1.76)
Constant	−0.943***	8.623***
	(−5.58)	(10.61)
Observations	912	912
Adj.R-squared	0.766	0.253