Modern websites rely on personal data to measure and improve their performance and to market to consumers. The European Union’s General Data Protection Regulation (GDPR) limited access to such personal data, with the goal of protecting consumer privacy. We examine the GDPR’s impact on website pageviews and revenue for 1,084 diverse online firms using data from Adobe’s website analytics platform. Among EU users, we find a reduction of approximately 12% in both website pageviews and e-commerce revenue, as recorded by the platform after the GDPR’s enforcement deadline. We find evidence that the GDPR both reduced data recording and harmed real economic outcomes, and we derive bounds for the relative contribution of each explanation.