Several reform proposals circulated in the last two years recognise that data portability should play an increasingly important role in the digital economy. This paper, available here, explores data portability from an EU competition policy perspective. It points out that data portability can play three distinct roles, namely: (i) enabling switching, (ii) enabling data fluidity (iii) enhancing consumer empowerment and data sovereignty. These different roles are analysed against the background of (a) traditional competition law, (b) a market investigation regime, and (c) an ex-ante regulatory framework targeting large online platforms with gatekeeping power.
Section II looks at the regulation of data portability, particularly non-personal data.
Data can be either personal or non-personal. Personal data portability is a right under the GDPR. The data portability of non-personal data is foreseen by the EU Regulation on the Free Flow of Non-Personal Data in the European Union (Free Flow Regulation, or FFNPDR, in the following), which entered into force in May 2019. Besides laying down a prohibition against data localisation requirements for non-personal data, the Free Flow Regulation relies on self-regulatory approaches to tackle vendor lock-in practices by providers of data storage and processing services.
The Free Flow Regulation’s porting provisions constitute an important step in the evolution of data portability in the EU. Self-regulation of data portability should take the form of ‘codes of conduct’ enabling the porting of data provided and controlled by cloud users in the course of their business or professional activities. While this purely voluntary and industry-led framing of non-personal data porting can raise concerns, it can also be seen as a step in the direction of a ‘participatory’ approach.
Section III looks at the roles of data portability.
Besides helping consumers switch more easily between providers, data portability is increasingly viewed as promoting data fluidity, and thereby stimulating competition and innovation in secondary markets. Data portability is also a promising tool for consumer empowerment, and to tackle power imbalances in the digital economy.
The idea that data portability can facilitate switching is in line with the right to data portability as introduced by the GDPR and the data porting provision of the Free Flow Regulation. However, without the necessary technological solutions (e.g., data standardisation, Application Programming Interfaces, etc.), as well as suitable policy and governance in place, a right of data portability cannot achieve this important result.
Some of the more recent reflections on competition policy in the digital age point to a second important role for data portability. The portability of data held by digital platforms may deliver significant benefits to markets, including through innovation, the development of new services, and the opening up of secondary markets for complementary services. In fact, it is widely acknowledged that one of the current problems with the digital economy lies in an insufficient dissemination of data for competition and follow-on innovation, particularly in secondary markets.
A last role of data portability is to enable consumers to exercise their ‘personal data sovereignty’ effectively. There are calls to give individuals the tools and means to decide at a granular level what is done with their data. According to the European Commission, suitable tools and means in this respect could include information intermediaries making consent management easier for users, more comprehensive personal information management services (PIMS), and new forms of data intermediaries such as data trusts.
Section IV looks at the effectiveness of data portability as a competition policy tool.
Data portability might be employed as a remedy to specific hindrances to competition. A data portability remedy, relative to other forms of mandated access to data, is more ‘consumer centric’, as it is predicated on the consumer’s punctual consent to the transfer to, and the processing of, her data by a third party. This also implies, however, that it can be less effective than imposing a direct obligation to share data with competitors.
One possibility to overcome this challenge is to impose mandatory data access remedies that comply with data protection rules, e.g. by involving the data protection agency. A 2014 Preliminary Opinion by the European Data Protection Supervisor contained an early suggestion that data portability could offer an effective and privacy-compliant remedy in abuse of dominance cases involving what we nowadays would call Big Tech. Another type of data-related remedy could aim at an ‘internal unbundling’ of data collected by different digital services belonging to the same undertaking. Further forms of data-based remedies are conceivable, such as prohibiting the use of data for specific commercial purposes in adjacent markets, or even data deletion. All these remedies could be made compatible with data protection.
Going beyond competition enforcement, one might consider adopting a ‘new competition tool that would allow addressing structural competition problems in a timely and effective manner’, e.g. along the lines of the UK’s market investigations. The competition problems that the Commission would like to target by introducing such a new tool are both ‘structural risks for competition’ and ‘structural lack of competition’. Data portability remedies might make sense in such a context. Sector-specific data portability obligations could be quite effective in tackling structural competition policy issues, e.g. in specific Internet of Things secondary markets or within more decentralised ecosystems in general. While a data portability obligation by itself would hardly be capable of averting market tipping by a dominant firm, it could definitely be part of a remedy package addressing a whole range of structural competition problems.
Finally, data portability can be an element of an ex ante regulatory regime of digital platforms. The Commission is considering ‘clear obligations and prohibited practices for those large online platforms with economic power’, which might include a blacklist of practices by regulated platforms. Remedies might ‘include platform-specific non-personal data access obligations, specific requirements regarding personal data portability, or interoperability requirements’. It is thought that data mobility, viewed as an enhanced variety of data portability, could overcome network effects which cause markets to tip, as well as open up new business opportunities that ‘use, manage, and combine data made available’. A topic that might merit more study is how data portability might address competition issues in the different types of ecosystems built around super-powerful digital platforms.
This paper provides an interesting overview of data portability as a competition law tool. It introduces a topic which is typically discussed in convoluted prose in an illuminating fashion. Its distinction the potential roles of data portability, and the regulatory context in which it might be used, are particularly useful, even if I have some difficulties in understanding how the ability to switch between digital providers is anything more than an element of the other categories presented – promoting competition and promoting consumer sovereignty. Unfortunately, the paper is overtaken by events – the author discusses at length a previous version of the EU’s proposal for a Digital Markets Act and the ‘New Competition Tool’, since dispatched to the dustbin of ‘potentially good ideas that Member States will not countenance’. This is not an indictment of the paper, but of the publishing process – and, in any event, it does not detract from the insights one can glean from reading the paper. A more prominent limitation concerns the absence of any discussion on the practical difficulties with implementing effective data portability regimes – which, to my (not particularly well-informed mind), strikes me as the main difficulty with these proposals.