We examine how regulatory scrutiny influences the direction of firm innovation. While existing literature focuses on whether regulations suppress or promote innovation, we argue that facing regulatory scrutiny, firms leverage information asymmetry over alternative technologies to strategically prioritize innovations that align more closely with their private interests, diverging from public and regulatory expectations. Using the Facebook–Cambridge Analytica scandal as a natural experiment, we analyze how firms sensitive to congressional hearings on data protection adjusted their innovations in two domains: data privacy, which primarily benefits consumers, and data security, which primarily benefits firms. We show that, following the scandal, although treated firms filed more data protection patents than the control group, their increase in data privacy-related patents was only one-tenth of that of data security-related patents—despite overwhelming public and regulatory emphasis on data privacy. Notably, when knowledgeable congressional committee members participated in hearings, firms shifted toward more data privacy innovation. Exploratory analyses reveal that this overemphasis on data security innovation persisted regardless of whether hearings pose threats or opportunities. Furthermore, the rise in patent quantity was accompanied by a decline in quality, especially in data security innovation, suggesting a trade-off between addressing regulatory pressure and producing impactful innovations.
