Game-theoretical Model on the GDPR - Market for Lemons? Zander Tim Steinbrück Anne Birnstill Pascal In order to evaluate the regulatory effects of the GDPR on the institution of privacy as a public good, a data protection law and economical perspective should be applied. Conveying an economic point of view on the GDPR, we include a game-theoretical model on the rights and duties arising out of the GDPR in order to clarify the possible game-theoretical strategies and discuss the compensatory mechanisms for the problem of asymmetric information between the data controller and the data subject. Furthermore, we point out the concepts of control and the legal construction of “data ownership” as an unsatisfying concept. The fact that services within the scope of the GDPR can rewrite their privacy policies and afterwards request the users’ consent or otherwise lock them out of the service causes undue pressure on the data subject. The recent decision of the Federal Cartel Office of Germany disputed this behaviour and imposed far-reaching restrictions on Facebook. Thus, elements of the GDPR have begun to fall within the remit of competition law and the question of effective regulatory compensation regarding the economic effects in privacy should be addressed. In general, the measurement of privacy risks seems to be the first reasonable step towards empowering actors to make effective decisions. EU-Privacy GDPR adverse selection game-theory information asymmetry justification of data processing lock-in effect network effect 340 periodical academic journal JIPITEC 10 2 2019 200 208 2190-3387 urn:nbn:de:0009-29-49236 http://nbn-resolving.de/urn:nbn:de:0009-29-49236 zander2019