With the prominent role of digital platforms nowadays, switching has become a habit common to many users. A provider can come out of fashion very easily, as users migrate from one service to another in constant search for the best digital service and following the trend. Also “network effects” contributed to the wide spreading of the phenomenon. Against this backdrop, the concept of “portability” has first been articulated as a user right in Article 20 GDPR. This blogpost will portray the different roles acquired by the concept of “portability” throughout the years and spot its intricate relationship with digital platform law and regulation.
(Personal) data portability
Article 20 GDPR is a legal instrument in the hands of users in order to avoid lock-in. It allows users to “port” their personal data in a machine-readable format and freely switch from one controller to another. Yet the provision has some defects. First, “portability” does not entail interoperability, thus the new controller may encounter problems with “reading” the ported data. Second, porting must take place without “hindrance” for the old data controller, who must address the portability request. As a result, the old provider can always reject the request arguing that there are constraints that impede portability (which can also be an excuse!). Third, only personal data “provided” by the user by consent or contract can be “ported”. Although the concept of “personal data” is commonly read expansively, some problems may arise with mixed datasets. More importantly, under Article 20(4) GDPR, portability should take place with no impact on third parties, hinting at potential obstacles posed by EU data protection law and IP. In this sense, the scope of portability is quite limited.
Content portability
Expanding its role beyond data protection law, portability is also envisaged as a contract remedy in Article 16 DCD. In contract for the supply of digital services and goods, users can always retrieve digital contents uploaded on a platform “without hindrance from the trader, within a reasonable time”. This remedy operates upon termination for lack of conformity as an escape route for users who are unsatisfied with a digital service. Although being context-specific, this remedy represents a step forward Article 20 GDPR because it does not only involve personal data and there are no explicit limitations with regard to third-party rights. Therefore, users can truly re-appropriate their contents – as the focus is on user contents rather than on personal data – while shifting to a new digital trading platform.
Cross-border content portability
Undoubtedly, portability underwent a change in structure and function. From a data law tool in the hands of users needing to transfer their data to a new controller (without necessarily erasing them on the old controller), it evolved into a user content regulation tool, also protecting consumers from unfair behaviors undertaken by digital trading platforms. Thanks to portability, if platforms want user data, they must offer a decent service, otherwise users can exercise their portability rights and retrieve them back. Underlying a similar rationale, Article 3 of the Portability Regulation (PR) establishes that providers of “online content services” must ensure the continuity of such services by ensuring cross-border portability when subscribers are “temporarily present” in a Member State other than the one of residence. Online services must be “portable” cross-border to satisfy a minimum quality standard. In this way, portability reaches the point of derogating from copyright law, as, according to the territoriality principle, the license only produces effects within national borders. This provision is notable for setting a barrier against abuses of IPR enforcement and unjustified geo-blocking, also helped by the intrinsic vagueness of the concept of “temporary residence”. In this way, portability becomes a compulsory requirement for digital platforms, which also poses a limit to the unraveled expansion of IP scope online.
Connecting the dots between access and portability under the DMA
Under the Digital Markets Act (DMA), resembling the spirit of the PR, portability is envisioned as a duty for digital platforms. In particular, “gatekeepers” –i.e., very large platforms offering services behaving as a gateway for many users – must ensure interoperability. Moreover, Articles 6(9) and 6(10) DMA respectively provide that both end users and business users (and third parties) shall be given “continuous and real-time access to data” generated through the use of the core platform service. In this manner, portability is seen as a catch-all access right which goes well beyond the previous EU provisions. Lack of access can amount to non-conformity and lead to the termination of many contracts especially with business users. In order to avoid this, gatekeepers are pressured to implement portability provisions. Notably, the DMA does not restrict the scope of portability to specific types of data, nor does it mention any IP-related limitations.
Concluding remarks
This overview of EU portability law is illustrative for many reasons. First, portability evolved into a content-regulating tool constraining digital platforms’ business models. Platforms are obliged to implement portability and can no longer reject portability requests by basing themselves on technical limitations (Article 6 DMA). Second, the scope of portability evolved considerably, reaching the field of non-personal data (Article 16 DCD) and even protected data (Article 3 PR). Yet the application of these rules has been context-specific except for the DMA, which represents a true turning point in this respect. Then again, the relationship with other areas of EU law, setting exclusivity rules on datasets (such as, above all, IP), may become controversial. The more the scope of portability is expanded beyond personal data and user contents, the higher the risk of clashes with IPR enforcement. Furthermore, leaving the implementation of portability rules to digital platforms uniquely can become a risk. Platforms can be tempted to under-implement portability also relying on IP and data protection law. Thus, whether portability will become an effective tool to avoid the paralysis of digital markets remains to be seen.
- The evolution of EU portability law and its drawbacks - August 31, 2024
