The Portability and Other Required Transfers Impact Assessment (PORT-IA): Assessing Competition, Privacy, Cybersecurity, and Other Considerations

Privacy and Security and Competition Policy and Antitrust

Article Snapshot

Author(s)

Peter Swire

Source

http://dx.doi.org/10.2139/ssrn.3689171

Summary

One key legal question is whether data should move from A to B, or be prevented from moving from A to B. Requiring the transfer of data can be harmful in some ways and beneficial in others.

Policy Relevance

Mandating data portability can increase competition. Mandating portability can increase privacy and security risks.

Main Points

  • Regulators often must address whether the transfer of data from one entity to another should be required, or prohibited; “portability” refers to transfers of an individual’s data from one entity to another, also called “data sharing.”
     
  • Transfers of commercially valuable data to private firms can reduce monopoly power and spur innovation, but serious privacy and cybersecurity issues arise if portability is too easy.
     
  • An individual “right to data portability” took effect in the European Union (EU) in 2018 and in California in 2020; individual “data subjects” have the right to receive a copy of their personal data from an entity, and to transmit those data to another entity.
     
  • A “Portability and Other Required Transfers Impact Assessment” (PORT-IA) would help regulators decide whether to mandate portability, and would help firms develop data sharing systems: key questions include the following:
     
    • How would portability affect competition?
       
    • How would portability affect innovation?
       
    • What security and privacy risks would arise from portability?
       
    • What other public benefits would data sharing foster?
       
  • Specialized regulators may benefit from recognizing policy considerations from other disciplines; for example, privacy regulators might consider whether consumers or employees would benefit from information sharing in some contexts.
     
  • Mandated portability may be a good remedy for abuse by a dominant firm, as the ability to gain access to data can encourage new competitors; both U.S. antitrust authorities and European competition law authorities are considering portability as a remedy for competition concerns.
     
  • Portability rules in the EU and the United States will prevent consumers from being locked in to one bank by enabling the export of customers’ transaction history to competing banks, or to new financial apps and firms.
     
    • Access to data by nonbanks might increase security concerns.
       
    • EU regulators noted that a portability proposal that at first excluded nonbank firms from data sharing raised antitrust concerns.
       
  • A health information portability mandate issued by the U.S. Department of Health and Human Services (HHS) is meant to reduce barriers to entry for smartphone apps and other nontraditional health providers.
     
    • Health data might move from an entity covered by strict medical privacy laws to a less-regulated entity, raising privacy concerns.
       
    • Providers may sometimes refuse to transfer data to safeguard security or privacy.
       
    • The original HHS proposal required sharing of price information, but critics noted that this could harm competition.
       

Get The Article

Find the full article online

Search for Full Article

Share