General Data Protection Regulation (GDPR) and Cross-Border M&A by Chinese E-Commerce Firms

The General Data Protection Regulation (GDPR), adopted by the European Union in 2018, aims to enhance consumer trust and market efficiency by strengthening data protection. The concurrent stringent compliance requirements raise operational costs and could reshape competition by favoring larger firms with greater regulatory capacity. While the GDPR reduces data-related risks and promotes global digital trade through its extraterritorial reach, the potential advantage to larger firms could incentivize strategic responses such as mergers and acquisitions (M&A) to consolidate market power. Given the rapid expansion of Chinese digital firms in e-commerce, social media, and cloud services across the EU, this study examines how the GDPR has affected their cross-border M&A activities between 2014 and 2021. Based on difference-in-difference analysis, the study finds that the GDPR did not have a statistically significant impact on the number or value of mergers and acquisitions by Chinese digital firms in the EU in the short term. This suggests that firms may enhance their institutional adaptability by strengthening their compliance capabilities. However, institutional and cultural differences pose long-term entry barriers for the firms. The study contributes by highlighting how firms adjust internationalization strategies under stringent regulatory regimes, offering policy-relevant insights for governments and regulatory authorities.