Scholarship Reporter Newsletter

December 2018

Data Portability and Data Control: Lessons for an Emerging Concept in EU Law

This article observes that while Article 20 of the GDPR introduces the right to data portability, it is agnostic as it relates to how this data can be used once transferred. The authors state that unlike other initiatives, the right to data portability does not create ownership control over the ported data. How this regulation will be limited in that it may clash with the intellectual property rights of some current data holders (i.e. copyright, trade secrets etc) is discussed. The authors argue that as other regimes try to replicate the right to data portability, they should consider the resulting control, its breadth and its impact on incentives to innovate.

Abstract

The right to data portability (‘RtDP’) introduced by Article 20 of the General Data Protection Regulation (‘GDPR’) is a first regulatory attempt to establish a general-purpose control mechanism of horizontal application which mainly aims to facilitate reuse of personal data held by private companies. Article 20 GDPR is agnostic about the type of use that follows from the ported data and its further diffusion. This contrast with forms of portability facilitated under competition law which can only occur for purpose-specific goals with the aim of addressing anticompetitive behaviour. Unlike some upcoming initiatives, the RtDP still cannot be said to create ownership-like control over ported data. Even more, this regulatory innovation will be limited in its aspirations where intellectual property rights of current data holders, such as copyright, trade secrets and sui generis database rights, cause the two regimes to clash. In such cases, a reconciliation of the interests might confine particularly the follow-on use of ported data again to specific set of socially justifiable purposes, possibly with schemes of fair remuneration. We argue that to the extent that other regimes will try to replicate the RtDP, they should closely consider the nature of the resulting control, its breadth and its impact on incentives to innovate. In any case, the creation of data portability regimes should not become an end in itself. With an increasing number of instruments, orchestrating the consistency of legal regimes within the Digital Single Market and their mutual interplay should become an equally important concern.

"Data Portability and Data Control: Lessons for an Emerging Concept in EU Law" by I. Graef, M. Husovec TILEC Discussion Paper No. 2017-041 Tilburg Law School Research Paper No. 2017/22