No weal without woe: Implementation of personal data protection systems and corporate value

Main Article Content

Wanyi Chen


The commercial exploitation of personal information has raised concerns regarding privacy, illegal data use, and information security, among others. Therefore, personal data protection systems (PDPS) play a significant role, and corporations are the primary enforcers of these systems’ regulation. However, PDPS require significant investment from companies, and there is no consensus regarding the economic outcomes of establishing these systems. This study investigates whether the establishment of PDPS affects short-term financial performance and longterm corporate value. After applying the propensity score matching method, a dataset comprising 912 firm-year observations of e-commerce companies listed on the Shanghai and Shenzhen Stock Exchanges from 2008 to 2020 was selected. The results show that PDPS implementation can improve a company’s shortterm financial performance by a) exploring markets and strengthening internal control and b) increase long-term corporate value by strengthening corporate social responsibility. This study offers insights for companies to proactively implement PDPS and strengthen their management of personal data, thereby boosting the overall corporate value. In addition, this study can help governments to develop legislation on national information security and enhance international cooperation, especially for emerging markets.


Download data is not yet available.






Metrics Loading ...

Article Details

How to Cite
CHEN, W. No weal without woe: Implementation of personal data protection systems and corporate value. RAE - Revista de Administracao de Empresas , [S. l.], v. 63, n. 4, p. e2022–0166, 2023. DOI: 10.1590/S0034-759020230406. Disponível em: Acesso em: 9 dec. 2023.


Adjerid, I., Acquisti, A., Telang, R., Padman, R., & Adler-Milstein, J. (2016). The impact of privacy regulation and technology incentives, the case of health information exchanges, Management Science, 62(4), 1042-1063.

Allen, K. (2018). GDPR: Time to reap the opportunities for customer acquisition and management. EContent, 41(4), 26-27.

Ball, K. (2010). Data protection in the outsourced call center: An exploratory case study. Human Resource Management Journal, 20(3), 294-310.

Bostic, R.B., Calem, P.S., 2003. Privacy restrictions and the use of data at credit repositories. In: Miller, M.J. (Ed.), Credit Reporting Systems and the International Economy. MIT Press. pp. 311–334. Hunt, R.M., 2002

Buttarelli, G. (2016). The EU GDPR as a clarion call for a new global digital gold standard. International Data Privacy Law, 6(2), 77-78. doi:10.1093/idpl/ipw006

Chen, X., Wang, Y., & Yang, Z. (2020). Corporate social responsibility and firm value: The moderating effect of organizational inertia and industry sensitivity. Journal of Technology Economics, 39(7), 140-146+158.

Chen, Y. H., Zhang, Z. G., & Huang, L. (2021). Exploring the mechanisms and paths of manufacturing digital enablement on business model innovation. Chinese Journal of Management, 18(5), 731-740.

Chowdhury, R. H., Fu, C., Huang, Q., & Lin, N. (2021). CSR disclosure of foreign versus U.S. firms: Evidence from ADRs. Journal of International Financial Markets, Institutions and Money, 70, 101275.

Cornett, M. M., McNutt, J. J., & Tehranian, H. (2009). Corporate governance and earnings management at large U.S. bank holding companies. Journal of Corporate Finance, 15(4), 412-430.

Demetzou, K. (2019). Data protection impact assessment: A tool for accountability and the unclarified concept of ‘high risk’ in the General Data Protection Regulation. Computer Law & Security Review, 35(6), 105342.

Demsetz., H., & Lehn, K. M. (1985). The structure of coporate owenership: Causes and Consequences. Journal of Political Economy, 93(6), 1155-1177.

Forsgren, M., & Holm, U. (2021). Controlling without owning – owning without controlling: A critical note on two extensions of internalization theory. Journal of International Business Studies, 1, 1-13.

Froot, K., Kang, N., Ozik, G., & Sadka, R.(2017), What do measures of real-time corporate sales say about earnings surprises and post-announcement returns? Journal of Financial Economics, 125(1), 143-162.

Gal, M. S., & Aviv, O. (2020). The competitive effects of the GDPR. Journal of Competition Law & Economics, 16(3), 349-391.

Ghoul, S. E., Guedhami, O., & Kim, Y. (2017). Country-level institutions, firm value, and the role of corporate social responsibility initiatives. Journal of International Business Studies, 48(3), 360-385.

Grover, V., Chiang, R. H. L. , Liang, T. P., & Zhang, D. (2018). Creating strategic business value from big data analytics: A research framework. Journal of Management Information Systems, 35(2), 388-423.

Huang, L., Wang, H. C, & Qiu, Y. Z.(2009). Does Tobin Q reflect the value of the firm--based on the perspective of market speculativeness. Nankai Management Review, 12(1), 90-95+123.

Jones, J. J. (1991). Earnings management during import relief investigations. Journal of Accounting Research, 29(2), 193-228.

Kallberg, J. G., & Udell, G. F. (2003). The value of private sector business credit information sharing: The US case. Journal of Banking & Finance, 27(3), 449-469.

Krämer, J., & Stüdlein, N. (2019). Data portability, data disclosure and data-induced switching costs: Some unintended consequences of the General Data Protection Regulation. Economics Letters, 181, 99-103.

Lachaud, E. (2020). ISO/IEC 27701 standard: Threats and opportunities for GDPR certification. Eur. Data Prot. L. Rev, 6(2), 194-210.

Lang, L. H. P., & Stulz, R. M. (1994). Tobin’s Q, corporate diversigication and firm performance. Jorunal of Political Economy, 102(4), 1248-1280.

Li, Z., Ruan, D., & Zhang, T. (2020). Value creation mechanism of corporate social responsibility: A study based on internal control. Accounting Research, 11, 112-124.

Libaque-Sáenz, C. F., Wong, S. F., Chang, Y., Ha, Y. W., & Park, M. C. (2016). Understanding antecedents to perceived information risks: An empirical study of the Korean telecommunications market. Information Development, 32(1), 91-106.

Lins, K. V., Servaes, H., & Tamayo, A. (2017). Social capital, trust, and firm performance: The value of corporate social responsibility during the financial crisis. The Journal of Finance, 72(4), 1785-1824.

Lombart, C., & Louis, D. (2012). Consumer satisfaction and loyalty: Two main consequences of retailer personality. Journal of Retailing and Consumer Services, 19(6), 644-652.

Lu, M. (2020). The Chinese approach to CSR development: An analysis of CSR-government relationship in China. International Journal of Business Governance and Ethics, 14(4), 384-405.

Mattoo, A., & Meltzer, J. P. (2018), International data flows and privacy: The conflict and its resolution, Journal of International Economic Law, 21(4), 769-789.

Negrouk, A., & Lacombe, D. (2018). Does GDPR harm or benefit research participants? An EORTC point of view. The Lancet Oncology, 19(10), 1278-1280.

Nguyen, N. T., Nguyen, N. P., & Hoai, T. T. (2021). Ethical leadership, corporate social responsibility, firm reputation, and firm performance: A serial mediation model. Heliyon, 7(4), 1-9.

Nyi, N. H., Martin, H., & Lynne, B. (2018). Beyond traditional collaborative search: Understanding the effect of awareness on multi-level collaborative information retrieval. Information Processing & Management, 54(1), 60-87.

Ong, R. (2012). Data protection in Malaysia and Hong Kong: One step forward, two steps back? Computer Law & Security Review, 28(4), 429-437.

Özcan, F., & Elçi, M. (2020). Employees’ perception of CSR affecting employer brand, brand image, and corporate reputation. SAGE Open, 10(4).

Politou, E., Alepis, E., & Patsakis, C. (2019). Profiling tax and financial behaviour with big data under the GDPR. Computer Law & Security Review, 35(3), 306-329.

Ramos, F. E., & Blind, K. (2020). Data portability effects on data-driven innovation of online platforms: Analyzing Spotify. Telecommunications Policy, 44(9), 102026.

Schwartz, P. M., & Peifer, K. N. (2017). Transatlantic data privacy law, The Georgetown Law Journal, 106(1), 146-147.

Seo, J., Kim, K., Park, M., Park, M., & Lee, K. (2018). An analysis of economic impact on IoT industry under GDPR. Mobile Information Systems, vol. 2018 6792028.

Sheng, X., & Yang, S. (2020). Analysis on the applicabilities and functions of GDPR to personal data protection in open sharing of scientific data. Library and Information Service, 64(22), 48-57.

Skaife, H. A., Colins, D. W., Kinney, W. R., & Lafond, R. (2008). The effect of SOX internal control deficiencies and their remediation on accrual quality. The Accounting Review, 83(1), 217-250.

Steppe, R. (2017). Online price discrimination and personal data: A general data protection regulation perspective. Computer Law & Security Review, 33(6), 768-785.

Sullvian, C. (2019). EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era. Computer Law & Security Review, 35(4), 380-397.

Taufick, R. D. (2021). The underdeterrence, underperformance response to privacy, data protection laws, Technology in Society, 67, 101752.

Tsai, J. Y., Egelman, S., Cranor, L., & Acquisti, A. (2011). The effect of online privacy information on purchasing behavior: An experimental study. Information Systems Research, 22(2), 254-268.

Vázquez, J. L., Lanero, A., & Licandro, O. (2013). The added value of corporate social responsibility: Some insights from a research in Uruguay. International Review on Public and Nonprofit Marketing, 10(3), 187-200.

Wernerfelt, B., & Montgomery, C. A. (1988). Tobins’Q and the importance of couse in firm performance. Amercan Economic Review, 78(1), 245-250.

Wilson, S. (2018). A framework for security technology cohesion in the era of the GDPR. Computer Fraud & Security, 2018(12), 8-11.

Xu, L., Chen, G., & Xin, Y. (2005). The shift of controlling right, the reform of ownership and the enhancement of company’s achievements in operation. Management World, 3, 126-136.

Yan, H., & Zhang, T. (2013). The protection and utilization of consumers’ private information in the operation of financial groups-U.S. legislative experience, evaluation and reference. Financial Theory & Practice, 44, 76-79.

Yu, X. L., & Zhao, Y. (2019). Dualism in data protection: Balancing the right to personal data and the data property right. Computer Law & Security Review, 35(5), 105318.

Zhang, Z., Jin, X., & Li, G. (2013). An empirical study on the interactive intertemporal impact between corporate social responsibility and financial performance. Accounting Research, 8, 32-39+96.

Zhao, Y. (2021). The impact of EU GDPR on China-EU digital economy cooperation and its response. Practice in Foreign Economic Relations and Trade, 2, 22-25.