As companies adapt their IT infrastructure to deal with new privacy regulations, they come up against a tradeoff between flexibility and efficiency. Highly integrated technologies facilitate the exchange and use of customer data. The problem is that these mutual dependencies are a roadblock to compliance. Their efficiency has become a liability. That raises an interesting paradox. Can companies achieve competitive advantage by deploying less integrated technologies? To check this, the authors of this article conducted a large empirical study of 400 e-commerce firms to understand the implications of the tension between efficiency and flexibility on firm performance in response to GDPR. They found that companies that built their websites for efficiency, choosing tightly integrated services from closely related suppliers, suffered disproportionately when the GDPR came into force. In contrast, companies that deploy new combinations of technologies that have not been widely used before do better.
Europe leads the world in protecting consumer privacy. E-commerce companies catering to European customers must comply with the European General Data Protection Regulation (GDPR) starting in May of 2018. Today, many US states have adopted similar legislation. California’s Privacy Rights Act and Virginia’s Consumer Data Protection Act take effect on January 1, 2023, while the Colorado and Connecticut Privacy Acts become operative on July 1, 2023.
But as companies adapt their IT infrastructure to deal with new privacy regulations, they come up against a tradeoff between flexibility and efficiency. Highly integrated technologies facilitate the exchange and use of customer data. For example, e-commerce companies can rely on Google Analytics to track the behavior of their customers, and use Mailchimp for email marketing, which is easily integrated with Google Analytics to analyze the conversion rate of campaigns in email marketing.
E-commerce companies rely heavily on these highly dependent technologies to ensure that their websites run smoothly. The problem is that these mutual dependencies are a roadblock to compliance. Their efficiency has become a liability. That raises an interesting paradox. Can companies achieve competitive advantage by deploying less integrated technologies?
To check this, we did a large empirical study of 400 e-commerce firms to understand the implications of the tension between efficiency and flexibility on firm performance in response to GDPR.
When building a digital service such as an e-commerce website, you can choose connected components, usually from a small group of suppliers, that are often used together. This can make you more efficient in using customer data. But you already have many strong interdependencies, and data sharing agreements with third parties, to consider when working toward compliance.
Unfortunately, the tech companies that provide the software often struggle to ensure their own compliance and focus on optimizing their own performance during this transition, possibly at the expense of the performance of their customers. user. For example, an EU-based company that uses YouTube and WordPress may adopt Google Analytics to track the activity of its customers. The three components depend on each other, so the company faces a more complex and expensive GDPR adaptation. Although WordPress provides support on how to integrate with Google Analytics, the company needs to know what GDPR means for the WordPress website that collects Google Analytics data. Additionally, the company must ensure that any changes it implements do not affect the ability to monitor video activity within Google Analytics. Producers like Google took their time to adapt their components to ensure their own compliance, which created more uncertainty.
What happens if instead of integrated technologies you rely on combinations of technologies from different suppliers that are not usually integrated and do not automate the sharing of data between each other? In our study, we found that companies that built their websites for efficiency, choosing tightly integrated services from closely linked suppliers, suffered disproportionately when the GDPR was implemented . In contrast, companies that deploy new combinations of technologies that have not been widely used before do better.
Our findings help answer many questions at the heart of digital transformation. For example, should you source your backend from a supplier that promises superior integration or create a flexible backbone that can accommodate an ecosystem of smaller, best-in-class services? Should you use one platform, or app, for all your operations or let each activity be self-contained? These questions, like the question at the center of our study, are different versions of the same underlying tension between efficiency and flexibility. In a dynamic world, designing for efficiency can give you an advantage, but as the environment becomes more dynamic, flexibility becomes more critical.
As digital increases connectivity, interaction, and transaction, we find ourselves managing more and more dependencies between your services, some of which we may not even know exist. An e-commerce company like Expedia can choose digital components from companies like Google and Meta. Expedia is affected not only by the interdependence between Google and Meta components but also by the interdependence of Google components and other components not selected by Expedia. Interdependencies influence the functionality of Google components (for example, whether Google Analytics can correctly extract data from Shopify’s shopping cart solution), as well as Expedia’s options (for example, whether the Expedia will benefit from Shopify’s adoption).
In a stable environment, when everything is working well, these hidden relationships seem irrelevant but when companies have to adapt to a new environment, they can seriously compromise the show. And in a world, where new regulations are coming at a rapid pace in response to growing concerns about the social consequences of digital technologies, flexibility can be as important as efficiency.
Instead of using the well-known technology stacks — popular combinations of technologies that are often used together — the focus on recombination gives companies more flexibility in dealing with GDPR. For example, companies may choose a mix of proprietary and open-source technologies to reduce the number of interdependencies they must consider. Instead of using a common set of technologies such as WordPress, Google Analytics, and Marketo, a company that replaces Google Analytics with the open-source analytics platform Matomo may face less complexity of their adaptation. By drawing solutions from different technology stacks, companies develop experience with different types of services and suppliers, allowing them to transition between digital solutions while remaining compliant with GDPR if necessary.
By focusing their data strategy on flexibility and using loosely integrated sets of technologies, US companies can learn from the European experience and achieve a smooth transition to of the new data protection law.