What’s Wrong with the Proposed EU Right of Data Portability?

October 17, 2012

Brenda Leong

A new report shows that a largely unpublicized section of the EU draft Data Protection Regulation could have far reaching implications for both businesses and consumers. The draft Regulation gives consumers an unprecedented new economic and human right—the right to data portability (“RDP”). The basic idea of the RDP is that individuals would be able to transfer their electronic information, such as a Facebook friend lists or iTunes music, from Facebook or Apple to a competitor, without hindrance.

The idea of the RDP is very appealing, but the draft Regulation as written is likely to harm consumers as well as software and online service providers. Interoperability in practice is often difficult and costly, yet the draft Regulation appears to mandate new code from software and service providers. In addition, the draft Regulation ignores years of wisdom from antitrust law about how to address lock-in problems – the high switching costs that the EU is seeking to address. The draft Regulation applies to a software app created in a garage just as it does to large businesses, so long as they sell to any European consumers. Its software mandates thus may deprive consumers of innovative products from both start-up and larger companies.

The RDP also poses serious risks to a long-established EU fundamental right of data protection: the right to security of a person’s data. Previous access requests by individuals were limited in scope and format. By contrast, when an individual’s lifetime of data must be exported “without hindrance,” then one moment of identity fraud can turn into a lifetime breach of personal data.

The draft Regulation was issued by the European Commission early this year, and is being considered now in the European Parliament. A draft Regulation that potentially harms consumers in these ways should not be enacted without much further debate.

The report is co-authored by Peter Swire, a law professor at the Ohio State University and Senior Fellow of the Future of Privacy Forum, and Yianni Lagos, a Legal and Policy Fellow at FPF. The final version will be published in the Maryland Law Review.

See “Why the Right to Data Portability Likely Reduces Consumer Welfare: Antitrust and Privacy Critique” at http://ssrn.com/abstract=2159157.

Explore

Issues

authors

dates

Posts by Brenda

The Spectrum of AI: Companion to the FPF AI Infographic

Now, On the Internet, EVERYONE Knows You’re a Dog

5 Highlights from FPF’s “AI Out Loud” Expert Panel

What’s Wrong with the Proposed EU Right of Data Portability?

Explore

OAIC’s Dual AI Guidelines Set New Standards for Privacy Protection in Australia

Insights from the Second Japan Privacy Symposium: Global Data Protection Authorities Discuss Their 2025 Priorities, from AI, to Cross-Regulatory Collaboration

Five Big Questions (and Zero Predictions) for the U.S. State Privacy Landscape in 2025

In a Landmark Judgment, The Inter-American Court of Human Rights Recognized an Autonomous Right to Informational Self-Determination

Brussels Privacy Symposium Report 2024

Technologist Roundtable: Key Issues in AI and Data Protection Post-Event Summary and Takeaways

FPF Launches New Privacy-Enhancing Technologies Repository

FPF Unveils Report on the Anatomy of State Comprehensive Privacy Law

The African Union’s Continental AI Strategy: Data Protection and Governance Laws Set to Play a Key Role in AI Regulation