DOCSLIB.ORG

Data Portability

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Data Portability July 2019 Data Portability: What is at stake? In its inaugural research report, Datum Future, the ability to manage and transfer their personal data Preface an independent think-tank focused on current and for their own benefit. emerging data-driven technologies, explored the ways in which personal data is revolutionising the ways people This means individuals should be easily able to transfer live, work and interact. The report identified five major data from one service provider to another. They do not opportunity sets – Powerful Me, Healthier World, think about data portability per se but seek mobility and In its inaugural research report, Protected Lives, Smart Cities and Brighter Economies continuity of service. For example, users might see value – and also concluded that these opportunities would in asking Deezer to provide Spotify with access to their Datum Future, an independent think- only be fully realised by enabling the mobility and favourite playlists. A seamless data portability process interoperability1 of data between all stakeholders is probably preferable from a user experience (UX) (for example, individuals, businesses, governments, perspective: users would not necessarily need or want tank focused on current and emerging regulators, scientists and technologists, academic to know all the mechanics but need to be able to rely institutions and non-governmental organisations). on a transparent and trustworthy process allowing data data-driven technologies, explored sharing while protecting their privacy. Now in this, the first of a planned series of Bright Papers the ways in which personal data is designed to initiate further discussion and research into For businesses, portability should offer a more fluid the opportunities and challenges identified in that inaugural market experience and stimulate growth as business revolutionising the ways people live, research, Datum Future examines an emerging concept, benefits from more dynamic markets. For Financial enshrined in some new laws around the world but yet to Technology companies (FinTechs), for example, portability be fully delivered and tested: data portability. offers access to a huge pool of historic data to which work and interact. they can apply new and specific models, giving insight We are doing so because we believe data portability, into customers and services and enabling them to if fully realised, holds the key to unlocking benefits for provide better and cheaper services at a lower cost. all stakeholders and to addressing some of the difficult Portable data, at a global scale, with clear governance, questions and imbalances around data collection and ownership and framework, could have beneficial effects on sharing. Once individuals are able safely to port their competition and markets in the long run. The advantages data between services and organisations, the concepts arising from portability do not stop with FinTechs. Global of control and ownership of personal data become more organisations with wider reach could also reap the benefits meaningful. This should be welcomed, and facilitated, – for example it could assist in efforts to build transparency by every data-driven organisation. and ensure an ethical approach to their users and customers which in turn translates into trust—the brand This new Bright Paper, therefore, is addressed to ingredient to which all companies aspire. every such business and organisation and to anyone interested in challenges raised by data portability. It The introduction of the right to data portability through should be considered by readers as a starting point Article 20 of the EU General Data Protection Regulation for deeper investigation, including round tables, events (GDPR) seeks to ensure individuals gain control over and additional research, together with developing and the data held by data controllers3 (“I can ask for my working through theoretical use cases, to understand, data to be transmitted to someone else.”) But these drive and share evolving best practices around the world aspects of the GDPR have raised concerns among in this area. This paper focuses on the practical and businesses (and more broadly among data controllers) ethical issues raised by the requirement for portability because of the lack of detail as to how this new right and draws on the experience of Datum Future’s seven is supposed to be delivered. The portability principle founding members—Accenture, Experian, BNP Paribas, also involves little clarity on the technical means of Facebook, Mastercard, Microsoft and Publicis Groupe— ensuring interoperability or on competition rules4, the to begin to identify frameworks, best practices and start identification of appropriate contacts at destination the important work of developing common standards. controller entities, the security requirements for data in One of those members, BNP Paribas, worked particularly transit and the potential additional costs to port such closely with Datum Future to develop this paper, tapping data, etc. There are added and more acute challenges for into the learnings of Open Banking, until now the closest companies with business models that rely on personal data approximation in the real world to the right to portability collected from individuals and which consider the handling that has been created under some laws but not yet and structural format of that data to be one of their key realised. commercial assets. Data portability means moving beyond the traditional All of this has implications for, and entails different approach that keeps personal data2 siloed in private challenges to, realising the full potential of the five companies and instead ensuring that individuals have opportunity sets identified by Datum Future: 1. See the Glossary 2. See the Glossary 3. See the Glossary 2 1 4. Further details on competition rules available in Shaping competition policy in the era of digitisation, M. Vestager, 2019 3 • Powerful Me: Data portability, if realised in ways that Separately, new regulatory frameworks mandate data give meaningful control to individuals, helps to reconcile sharing, for example the Payment Services Directive 2 two narratives. One sees individuals “empowered” by (Payment data), the Energy Efficiency Directive (Smart Full Report data-driven technologies to take informed decisions, meter data) and the Software Directive (Interoperability engage in society, create, work and live. Another sees information). Questions arise as to how these domain Contents: portability leaking data that is used, and sometimes specific rules on data sharing, generally put in place to exploited, by others (especially at risk when processing enable markets to function properly and protect a special category of personal data, such as having all consumers, interact with the genuine portability right health data in one place). under the GDPR. Preface P2 • Healthier World: Portability potentially enables patients In this new Bright Paper, Datum Future proposes 1 to centralise all their information in one place (in particular to explore the context and drivers of the portability as wellness and health data is now being generated concept and its likely impact on businesses for the next 2 What are the challenges to on personal devices) or share it easily with a range of five to 10 years; to address portability’s purpose and implementing portability? P6 services and providers. However, individuals may not potential scope; and lastly to emphasise the importance be able to interpret their personal health data or assess of balancing the interests of the data subject6, the initial a. Navigating a new regulatory the risk of porting their data to certain providers. controller and the receiving controller, illustrated with cross-business use cases. landscape P7 • Brighter Economies: Effective data portability should mean more fluid and functional markets and enhanced b. Going beyond regulatory competition, prompting greater innovation. Open Banking is an example of creating a more flexible market with new requirements P8 possibilities to easily share data with service providers, often FinTechs, and create innovative new services. 3 How will portability reshape However, too many players on the market might ultimately lead to less user control given all the third the market? P11 parties users have given their data to. a. Handling the customer To a lesser extent, and because they stem from the previous ones, the following opportunity sets are also experience challenge P12 impacted: b. Exploring and exploiting • Smart cities: Portability would have a limited impact in cases where data used in smart cities is aggregated but new opportunities P12 could be one of the solutions to enforcing transparency between cities and third parties when personal data is c. Addressing new concerns P13 used for security purposes. Concluding thoughts and a • Protected Lives: This last opportunity set is likely to be 4 less affected by portability as it covers prevention and call for contributions and use mitigation of large-scale challenges, from terrorism to cases P15 natural disasters. However, it is possible that a culture of philanthropic data donations will develop, in which people port data for good causes (e.g. cancer foundations, 5 Appendix P18 against violence in cities, etc). Data portability offers stakeholders a new way to move away from passive “consent”5 (ticking “I accept” without reading or understanding privacy policies) to greater individual engagement and genuine empowerment
Load more

Recommended publications
  • Seamless Interoperability and Data Portability in the Social Web for Facilitating an Open and Heterogeneous Online Social Network Federation
    Seamless Interoperability and Data Portability in the Social Web for Facilitating an Open and Heterogeneous Online Social Network Federation vorgelegt von Dipl.-Inform. Sebastian Jürg Göndör geb. in Duisburg von der Fakultät IV – Elektrotechnik und Informatik der Technischen Universität Berlin zur Erlangung des akademischen Grades Doktor der Ingenieurwissenschaften - Dr.-Ing. - genehmigte Dissertation Promotionsausschuss: Vorsitzender: Prof. Dr. Thomas Magedanz Gutachter: Prof. Dr. Axel Küpper Gutachter: Prof. Dr. Ulrik Schroeder Gutachter: Prof. Dr. Maurizio Marchese Tag der wissenschaftlichen Aussprache: 6. Juni 2018 Berlin 2018 iii A Bill of Rights for Users of the Social Web Authored by Joseph Smarr, Marc Canter, Robert Scoble, and Michael Arrington1 September 4, 2007 Preamble: There are already many who support the ideas laid out in this Bill of Rights, but we are actively seeking to grow the roster of those publicly backing the principles and approaches it outlines. That said, this Bill of Rights is not a document “carved in stone” (or written on paper). It is a blog post, and it is intended to spur conversation and debate, which will naturally lead to tweaks of the language. So, let’s get the dialogue going and get as many of the major stakeholders on board as we can! A Bill of Rights for Users of the Social Web We publicly assert that all users of the social web are entitled to certain fundamental rights, specifically: Ownership of their own personal information, including: • their own profile data • the list of people they are connected to • the activity stream of content they create; • Control of whether and how such personal information is shared with others; and • Freedom to grant persistent access to their personal information to trusted external sites.
    [Show full text]
  • The Impact of Data Access Regimes on Artificial Intelligence and Machine Learning
    A Service of Leibniz-Informationszentrum econstor Wirtschaft Leibniz Information Centre Make Your Publications Visible. zbw for Economics Martens, Bertin Working Paper The impact of data access regimes on artificial intelligence and machine learning JRC Digital Economy Working Paper, No. 2018-09 Provided in Cooperation with: Joint Research Centre (JRC), European Commission Suggested Citation: Martens, Bertin (2018) : The impact of data access regimes on artificial intelligence and machine learning, JRC Digital Economy Working Paper, No. 2018-09, European Commission, Joint Research Centre (JRC), Seville This Version is available at: http://hdl.handle.net/10419/202237 Standard-Nutzungsbedingungen: Terms of use: Die Dokumente auf EconStor dürfen zu eigenen wissenschaftlichen Documents in EconStor may be saved and copied for your Zwecken und zum Privatgebrauch gespeichert und kopiert werden. personal and scholarly purposes. Sie dürfen die Dokumente nicht für öffentliche oder kommerzielle You are not to copy documents for public or commercial Zwecke vervielfältigen, öffentlich ausstellen, öffentlich zugänglich purposes, to exhibit the documents publicly, to make them machen, vertreiben oder anderweitig nutzen. publicly available on the internet, or to distribute or otherwise use the documents in public. Sofern die Verfasser die Dokumente unter Open-Content-Lizenzen (insbesondere CC-Lizenzen) zur Verfügung gestellt haben sollten, If the documents have been made available under an Open gelten abweichend von diesen Nutzungsbedingungen die in der dort Content Licence (especially Creative Commons Licences), you genannten Lizenz gewährten Nutzungsrechte. may exercise further usage rights as specified in the indicated licence. www.econstor.eu JRC Digital Economy Working Paper 2018-09 The impact of data access regimes on artificial intelligence and machine learning Bertin Martens December 2018 This publication is a Working Paper by the Joint Research Centre, the European Commission’s in-house science service.
    [Show full text]
  • Data Portability and Privacy
    SEPTEMBER 2019 CHARTING A WAY FORWARD Data Portability and Privacy Erin Egan VICE PRESIDENT AND CHIEF PRIVACY OFFICER, POLICY CHARTING A WAY FORWARD 1 Table of Contents 03 I. Intro 06 II. The Challenge 09 III. Five Questions About Portability and Responsibility 09 QUESTION 1 What is “data portability”? 13 QUESTION 2 Which data should be portable? 14 QUESTION 3 Whose data should be portable? 15 QUESTION 4 How should we protect privacy while enabling portability? 20 QUESTION 5 After people’s data is transferred, who is responsible if the data is misused or otherwise improperly protected? 24 IV. What’s Next? 25 End Notes CHARTING A WAY FORWARD 2 Data Portability and Privacy 01 There’s growing agreement among policymakers around the world that data portability—the principle that you should be able to take the data you share with one service and move it to another—can help promote competition online and encourage the emergence of new services. Competition and data protection experts agree that, although there are complicated issues involved, portability helps people control their data and can make it easier for them to choose among online service providers. The benefits of data portability to people and markets are clear, which is why our CEO, Mark Zuckerberg, recently called for laws that guarantee portability.1 But to build portability tools people can trust and use effectively, we should develop clear rules about what kinds of data should be portable and who is responsible for protecting that data as it moves to different providers.2 The purpose of this paper is to advance the conversation about what those rules should be.
    [Show full text]
  • Data Transfer Project
    Data Transfer Project August 20, 2018 Federal Trade Commission 600 Pennsylvania Ave NW Washington, DC 20580 To Whom It May Concern: Thank you for the opportunity to provide comment on the Federal Trade Commission’s Hearings on Competition and Consumer Protection in the 21st Century. As you may know, Google, Microsoft, Twitter, and Facebook recently announced the Data Transfer Project (datatransferproject.dev). We are excited to share our work on this project, including the thinking ​ ​ behind it, in response to your questions. Data portability is critical for user control and competition. Not only is this project relevant to the questions you raised in your request for comment on these topics, but we also encourage the Commission to consider the importance of portability throughout your process. The mission of the Data Transfer Project is to support direct, service-to-service portability. This will ultimately enable users to transfer data between two authenticated accounts behind the scenes, without having to download the data and relocate it themselves. This is an open-source project that will make it easier for people to switch services, or try new and innovative products, by improving the ease and speed of data portability. We have attached a detailed white paper that describes the technical foundations of the project and explains how our principles guided us toward this approach. The paper also includes detailed descriptions of the security and privacy considerations that are built into the project. Please let us know if you have any additional questions. Thanks, Keith Enright Julie Brill Damien Kieran Erin M. Egan Chief Privacy Officer Corporate Vice Data Protection Officer Vice President & Chief Google LLC President & Deputy Twitter, Inc Privacy Officer General Counsel Facebook, Inc.
    [Show full text]
  • Personal Data Processing Policy
    PERSONAL DATA PROCESSING POLICY (website, customers and prospects) Cisbio Bioassays is a business-to-business (B2B) company and in most cases, the information we process concerns legal entities and not individuals. Nevertheless, behind the companies, there are men and women. Respect for your privacy and the protection of your personal data is a priority and constant concern for Cisbio Bioassays, who have adopted a "privacy by design" approach. This notably implies that your personal data is protected by default both in terms of the system design and Cisbio Bioassays internal practices. Everyone in our company that is required to view or use personal data has been trained to respect the applicable law and the issues of confidentiality. Data processing is performed transparently within the rights granted to you by the laws and regulations, but also by this personal data processing policy. The protection of your privacy is ensured from end to end, from the design of the application to the erasure of your data. Cisbio Bioassays ensures a high level of protection in accordance with the European standards for the protection of personal data to all its customers and users, whatever their country of origin and, subject to legal and regulatory obligations, regardless of where they access the services. OUR PRINCIPLES, OUR ETHICS Our ethics on privacy protection and personal data is based on the following principles: • Transparency and loyalty: you know what information is collected, by whom, by what means and for which use. At any moment you can also request details on the processing implemented by contacting our services.
    [Show full text]
  • Consumer Data Rights and Competition - Background Note by the Secretariat
    Organisation for Economic Co-operation and Development DAF/COMP(2020)1 Unclassified English - Or. English 29 April 2020 DIRECTORATE FOR FINANCIAL AND ENTERPRISE AFFAIRS COMPETITION COMMITTEE Consumer Data Rights and Competition - Background note by the Secretariat 10-12 June 2020 This document was prepared by the OECD Secretariat to serve as background material for the meeting of the Competition Committee on 12 June 2020. The opinions expressed and arguments employed herein do not necessarily reflect the official views of the Organisation or of the governments of its member countries. More documentation related to this discussion can be found at: http://www.oecd.org/daf/competition/consumer-data-rights-and-competition.htm. Please contact Mr. Antonio Capobianco if you have any questions about this document [E-mail: [email protected]] JT03461266 OFDE This document, as well as any data and map included herein, are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. 2 DAF/COMP(2020)1 Consumer Data Rights and Competition By the Secretariat* Consumer data rights are gaining more attention across the globe as more consumers come to rely on data-driven services in the digital economy. Consumer data rights can include fundamental rights to privacy, as well as a range of measures, such as data portability, that aim to provide consumers with greater control over their data. This paper looks at the role for competition policy and enforcement in driving competitive outcomes in markets involving consumer data.
    [Show full text]
  • Workshop on Digital Move Empowering Families to Move Freely Online: Harnessing the Full Potential of the Internet Through Genuine Data Portability
    Workshop on Digital move Empowering families to move freely online: harnessing the full potential of the internet through genuine data portability Families on the Move conference www.coface-eu.org/consumers/families-on-the-move With the support of: Reality check and State of play The Internet has become an integral part of redirected instead of being stopped. Think the lives of families all across the world, yet about it as a spider web: if you need to go few reflect on its governance, a key aspect from one point to another in a spider web, to secure certain elementary freedoms like even if one thread of the spider web snaps, the freedom of movement. Moving freely there are many other possible routes you online doesn’t just mean being able to can take. consult any website you want, but also being able to consult them in similar With regards to the content/services side, conditions (the debate about “net we have seen a growing concentration in neutrality”) or being able to switch online the hands of a few companies: Google, services at any time which is what the Facebook and Amazon. This concentration workshops on “digital move” focused on. is detrimental for many reasons. For instance, a successful cyberattack on Just like any service, the Internet is prone to Amazon cloud services could take down centralization and lock in: huge parts of the Web (the web pages centralization as in the concentration would no longer be available). Another and control of a major part of its reason is the user experience: by reaching infrastructure and/or content in the near monopolistic positions, these giants hands of one or a few major players; can impose abusive access conditions and “lock in” meaning the difficulty of users unfair business models.
    [Show full text]
  • Comments to the Federal Trade Commission on Data Portability
    Comments to the Federal Trade Commission on Data Portability AUGUST 21, 2020 1 Table of Contents INTRODUCTION ................................................................................................................................. 2 FACEBOOK’S DATA PORTABILITY PRODUCTS ......................................................................... 3 DOWNLOAD YOUR INFORMATION / DOWNLOAD YOUR DATA .......................................................... 3 “TRANSFER A COPY OF YOUR PHOTOS AND VIDEOS” ...................................................................... 4 The Data Transfer Project .......................................................................................................... 4 Deploying the Data Transfer Project at Facebook ................................................................. 5 GETTING DATA PORTABILITY RIGHT ........................................................................................... 8 EXISTING PORTABILITY RIGHTS & OBLIGATIONS .............................................................................. 8 QUESTIONS ABOUT DATA PORTABILITY & PRIVACY ......................................................................... 9 1. What is data portability? ..................................................................................................... 9 2. Which data should be portable? ...................................................................................... 12 3. Whose data should be portable? ....................................................................................
    [Show full text]
  • Data Portability and Platform Competition: Is User Data Exported from Facebook Actually Useful to Competitors?
    Data Portability and Platform Competition Is User Data Exported From Facebook Actually Useful to Competitors? Gabriel Nicholas and Michael Weinberg November 2019 Executive Summary In the Wild West internet of the 1990s and 2000s, only the scrappiest, most innovative companies could survive. Today, some of those that survived and thrived have grown into platforms used by billions, difficult to avoid and hard to leave. Regulators, policymakers, and the public at large worry that these large platforms may now have the ability to freeze out competitors and stifle innovation. Data portability is often suggested as a tool to counteract the power of large platforms. In its simplest form, data portability is a user’s ability to download her data from a platform in a format that allows her to use it somewhere else. At least in theory, this lets users bring their data to new services outside the control of the original platform and helps competitors jump-start new products. A robust data portability system might allow regulators to contain the power of large platforms without having to take the drastic step of breaking them up. This theory is especially attractive in the context of services that rely on network effects, such as social networks. Users have years of conversations, shared photos, and connections with others on existing platforms. Being forced to leave that information behind would create a significant disincentive to jump to a competing platform, no matter how much better it is. Data portability allows users to bring their history somewhere new, even if they leave or delete their data from another platform.
    [Show full text]
  • Data Portability and Interoperability the Promise and Perils of Data Portability Mandates As a Competition Tool September 10, 2020
    Issue Brief: Data Portability and Interoperability The promise and perils of data portability mandates as a competition tool September 10, 2020 Authored by: Geoffrey A. Manne (President & Founder, International Center for Law & Economics) Sam Bowman (Director of Competition Policy, International Center for Law & Economics) ICLE | 1104 NW 15th Avenue Suite 300 | Portland, OR 97209 | 503.770.0076 [email protected] | @laweconcenter | www.laweconcenter.org DATA PORTABILITY AND INTEROPERABILITY PAGE 1 OF 26 I. Introduction Lawmakers and regulators are increasingly exploring the imposition of data portability requirements on technology companies, in particular large digital platforms.1 These would require them to allow users to download their data from those services and/or have it sent to another service on their behalf, either on a one-off or ongoing basis, depending on the proposal.2 In this comment, we explore the calls for data portability that arise from distinct and often opposing parts of antitrust law and competition policy, privacy law, and data security. Specifically, we focus on claims that data portability mandates can be used to increase market competition, considering the potential costs and benefits of such requirements, and the relationship between data portability as a pro-competition tool and other moves towards stronger laws governing user privacy. We begin by discussing the concepts involved in mainstream proposals for data portability. We then examine the various competition issues involved in calls for data portability and discuss the case for and against data portability in these cases. Finally, we discuss in detail the UK’s experience with its Open Banking mandate—the most comprehensive data sharing scheme imposed to effect a compe- tition objective—and assess its effects, both intended and unintended.
    [Show full text]
  • If Data Portability Is the Solution, What's the Problem? Thomas M
    If Data Portability is the Solution, What's the Problem? Thomas M. Lenard January 2020 409 12th Street SW Suite 700 Washington, DC 20024 Tel: (202) 828-4405 Email: [email protected] www.techpolicyinstitute.org If Data Portability is the Solution, What's the Problem? As the large tech platforms are daily pilloried in the press and the halls of Congress, some form of internet regulation is becoming increasingly likely. Among the most prominent proposals is a requirement for “data portability.” Proponents argue that data portability, perhaps together with the related concept of interoperability, is necessary to promote competition with the major digital platforms. In most cases, however, consumers can use new services relatively easily without transferring their data. This suggests that data portability would likely do little or nothing to encourage entry. Moreover, the notion that data portability and interoperability are pro-competition and pro- innovation is based on a misconception of the dynamic nature of competition in digital platform markets. In these winner-take-all (or most) markets, firms make risky investments in order to earn large profits if they win. Proponents of data mobility and interoperability requirements appear to want to make switching between platforms as frictionless as possible. While this might have short-term benefits, it would also reduce potential returns for winners and therefore the incentive to invest and innovate. Investment in existing platforms may decline, because the benefits of those investments would be shared with competing platforms. Finally, implementing data portability and/or interoperability would entail a complex set of regulations and standards. The process of developing these standards would be lengthy and costly and would almost inevitability favor large incumbents.
    [Show full text]
  • Data Portability Between Online Services: an Empirical Analysis on the Effectiveness of GDPR Art
    Proceedings on Privacy Enhancing Technologies ; 2021 (3):351–372 Emmanuel Syrmoudis*, Stefan Mager, Sophie Kuebler-Wachendorff, Paul Pizzinini, Jens Grossklags, and Johann Kranz Data Portability between Online Services: An Empirical Analysis on the Effectiveness of GDPR Art. 20 Abstract: Data portability regulation has promised that individuals will be easily able to transfer their personal 1 Introduction data between online service providers. Yet, after more Personal data is a nonrival good and thus in theory can than two years of an active privacy regulation regime in be consumed indefinitely [1]. Yet, in contrast to con- the European Union, this promise is far from being ful- sumption, the collection of data in many key online ser- filled. Given the lack of a functioning infrastructure for vices such as social networks, map or fitness applica- direct data portability between multiple providers, we tions is performed in a rival manner [2]. Individuals will investigate in our study how easily an individual could preferably only use one map or fitness application for currently make use of an indirect data transfer between informational support in their everyday life. providers. We define such porting as a two-step trans- As data has emerged to be a critical competitive re- fer: firstly, requesting a data export from one provider, source in the early 21st century [3, 4], this rivalry in data followed secondly by the import of the obtained data collection provides strong incentives for dominant plat- to another provider. To answer this question, we ex- forms that offer key online services to lock in consumer amine the data export practices of 182 online services, data and to deny individuals and competitors alike ac- including the top one hundred visited websites in Ger- cess to this data as a knowledge-building resource [1].
    [Show full text]