Data Entitlement Granularity and Corporate Personal Data Protection Efficacy

This study utilizes a sample of Chinese A-share listed firms covering the period from 2016 to 2023, with data obtained from the China Stock Market and Accounting Research database, which offers comprehensive firm-level data including fundamentals, financial statements, and corporate governance attributes. The choice of 2016 as the initial year aligns with Chen et al. (2024a), recognizing its pivotal role in marking the formal initiation of China's digital strategy. Specifically, the 2016 G20 Initiative on Digital Economy Development and Cooperation introduced key concepts such as the "digital economy" and "corporate digital transformation" into China's national strategic framework. Subsequently, the issuance of the 2019 Draft Measures for Data Security Management, the promulgation of the 2021 PIPL, along with the 2022 Cybersecurity Classified Protection System 2.0, collectively enhanced the regulatory environment concerning data security and privacy compliance. This progressive institutional evolution provides a solid foundation and theoretically justified context for investigating PDPE. Sample construction follows a rigorous screening protocol. (1) Financial institutions are excluded due to their distinct regulatory frameworks and balance sheet structures; (2) Firms classified under Special Treatment status are omitted to prevent potential distortions arising from financial distress or operational anomalies; (3) Firm-year observations with incomplete data for critical model variables are removed to ensure the integrity and robustness of the analysis. Consequently, the final dataset comprises 26,893 firm-year observations, representing 4,684 unique listed firms.