Peter Swire Provides a Framework for Assessing Issues of Data Portability

In the last few years, data portability has emerged as a hot topic in both antitrust and privacy circles. It has been touted as offering benefits to both consumers and competition. Freeing up data promises to increase consumers’ choice and control over their own data. It could also enhance innovation and increase competition by, among other things, lowering barriers to entry. But there are risks. While there may be privacy benefits to allowing consumers greater choice and control, increased data flows raise serious questions about how to properly ensure the data is secured.
— Andrew Smith, FTC’s Director of the Bureau of Consumer Protection, from his opening remarks for “Data To Go: An FTC Workshop on Data Portability”

Last month, the Federal Trade Commission (FTC) hosted a workshop to examine the potential benefits and challenges to consumers and competition raised by data portability. “Data To Go: An FTC Workshop on Data Portability” addressed questions such as the potential risks to consumer privacy and how those risks might be mitigated, the potential impact of mandatory data access or data sharing on companies’ incentives to innovate, how to best ensure the security of personal data that is being transmitted from one business to another, and who should be responsible for ensuring interoperability.

In his opening remarks, FTC Bureau of Consumer Protection Director Andrew Smith said that “data portability can mean different things to different people”:

For some, the term is limited to the ability of consumers to receive a copy of their own data, either for their convenience or to move the data to another service. For others, data portability must move beyond an individual consumer right and must also enable the transfer of data about multiple individuals so that, for example, a business can easily change vendors and move all of their consumer data from one service to another.

Having recently completed a report that assesses many of the issues of data portability, Professor Peter Swire, Georgia Tech Scheller College of Business, was asked to share his insights and expertise at the FTC “Data to Go” workshop. Professor Swire spoke at two different times: first, he started the workshop by providing an overview of data portability; and he also was a panelist on the “Reconciling the Benefits and Risks of Data Portability” panel.

Professor Swire’s new article, “The Portability and Other Required Transfers Impact Assessment: Assessing Competition, Privacy, Cybersecurity, and Other Considerations”, provides a framework for assessing issues of data portability and other required transfers of data. In this article, Professor Swire discusses the tension between opening data flows, to allow for user control and in order to promote innovation and competition, and closing data flows, for reasons such as data privacy and cybersecurity.

Below are a few excerpts from the opening section of Professor Swire’s new article, “The Portability and Other Required Transfers Impact Assessment: Assessing Competition, Privacy, Cybersecurity, and Other Considerations”.

The goal of this article is to provide a framework for assessing issues of data portability and other required transfers of data. In the modern data economy, a crucial legal and policy question is when data should move from A to B, or be prevented from moving from A to B. This article addresses an emerging and important topic where there are often compelling and competing rationales both for mandating and for prohibiting the movement of data. The topic is data portability – when a government should require data to move.

Data portability presents both pros and cons. Often discussed in connection with the largest digital platforms, greater portability and other required transfers of data can have pro-competitive effects – if more companies can have access to commercially valuable data, then there can be less monopoly power and more innovation. On the other hand, making portability too easy can lead to serious privacy and cybersecurity effects, when the “wrong” people gain access to personal data. There is thus a tension between opening data flows, to promote competition and innovation, provide user control, and for other reasons, and closing data flows, for reasons including protecting privacy and cybersecurity.

Data portability is emerging as a crucial issue due to the confluence of at least three major trends: (1) an individual right to data portability (“RtDP”) took effect in the European Union (“EU”) in 2018 and California in 2020; (2) there are current, intense policy debates about whether and how to regulate the largest digital platforms; and (3) beyond digital platforms, multiple sectors of the economy increasingly have data portability requirements.

With such enormous interest in both the antitrust and privacy issues related to the digital platforms, this article explains how data portability is the precise issue where these two policy areas systematically come into potential or actual conflict. Based on research for this article, very often the antitrust and privacy discussions of data portability occur separately. This article thus seeks to explain to privacy experts and others not focused on antitrust law the reasons that antitrust law often appears to push so strongly in favor of data portability. The article also seeks to explain to antitrust experts and others not focused on privacy and cybersecurity the reasons that the latter often appear to push so strongly against many possible forms of data portability.

Read the full article: “The Portability and Other Required Transfers Impact Assessment: Assessing Competition, Privacy, Cybersecurity, and Other Considerations” by Peter Swire (September 8, 2020).

Watch the video of “Data To Go: An FTC Workshop on Data Portability”.

Peter Swire is Professor of Law and Ethics and the Elizabeth and Thomas Holder Chair at the Scheller College of Business at the Georgia Institute of Technology. Professor Swire is Associate Director for Policy of the Georgia Tech Institute for Information Security and Privacy. He has appointments by courtesy with the College of Computing and School of Public Policy. He is also Senior Counsel with Alston & Bird, LLP. Professor Swire has been a leading privacy and cyberlaw scholar, government leader, and practitioner since the rise of the Internet in the 1990’s.

In 2018, Professor Swire was named an Andrew Carnegie Fellow for research on "Protecting Human Rights and National Security in the New Era of Data Nationalism." In 2015, the International Association of Privacy Professionals awarded him its Privacy Leadership Award. In 2013, he served as one of five members of President Obama's Review Group on Intelligence and Communications Technology.