一般資料保護條例對併購績效之影響

Abstract

本研究探討歐盟於2018年正式實施的一般資料保護條例(General Data Protection Regulation, GDPR) 對跨國併購中收購公司市場反應的影響。由於一般資料保護條例具有域外適用性，美國企業在併購歐盟企業時，需額外承擔資料保護的遵循成本與法律風險，因此本研究以2012至2019年間美國公司併購案為樣本，採用差異中之差異估計法(Difference-in-Differences, DID) 建構迴歸模型進行實證研究。研究以併購公告日前後的累計異常報酬作為併購績效代理變數，實證結果發現，相較於併購非歐盟公司，美國企業併購歐盟公司並受到一般資料保護條例規範時，市場反應呈現顯著正向，顯示市場認為該類企業具有資料保護能力與法令遵循承諾。此外，本研究亦進一步分析CEO社交網絡中心性、企業資訊揭露程度(如10-K報告中的資安字詞)等因素，並發現其對併購績效具正向調節作用。研究亦檢驗長期股價績效與財務績效，發現長期股價無顯著反映，而財務指標表現受遵循成本影響而略顯負面。綜合而言，一般資料保護條例實施為企業進入歐洲市場設下制度性門檻，然而對具備因應能力之企業而言，其併購行為反而釋放出正向訊號，增強市場信心。

This study examines the impact of the European Union’s General Data Protection Regulation (GDPR), which was officially implemented in 2018, on market reactions to cross-border mergers and acquisitions (M&As) involving acquiring firms. Due to the GDPR’s extraterritorial scope, U.S. companies acquiring European Union targets face additional compliance costs and legal risks related to data protection. Using a sample of U.S. M&A transactions from 2012 to 2019, the study employs a Difference-in-Differences (DID) regression model for empirical analysis. Cumulative Abnormal Returns (CARs) around the M&A announcement date serve as a proxy for short-term market performance. The results show that, compared to acquisitions of non-European-Union targets, U.S. firms acquiring European Union companies under the GDPR experience significantly more positive market reactions. This suggests that investors perceive these firms as capable of managing data protection and regulatory compliance effectively. This study further explores the moderating effects of CEO network centrality and corporate information disclosure—such as cybersecurity references in 10-K filings on M&A performance. While no significant effects are found on long-term stock performance, long-term financial performance appears to be somewhat negatively impacted by increased compliance costs. Overall, the implementation of the GDPR introduces an institutional barrier for firms entering the European market. However, for firms that can respond effectively, such acquisitions may signal strong data governance and compliance capabilities, thereby strengthening investor confidence.