Abstract
Data portability—the ability of users to migrate data from one service to another—is increasingly viewed as a possible cure for anticompetitive behavior in digital markets. This paper examines the legal frameworks as well as international approaches carrying data portability through and assesses their effectiveness regarding competition promotion. It discusses the antitrust aspects of data portability that is mandated and analyses how it can deal with the concentration in the market and result in innovative developments by reviewing the negative and unintended results. The comparative study of the various approaches to regulation is intended to lead to conclusions about the best possible design and implementation of data portability as an anticompetitive remedy.
- Introduction
The digital economy has fundamentally transformed the nature of competition, with data serving as the new currency of market power.1 The rapid accumulation of vast datasets within a few dominant firms has created unprecedented concentration of market influence, potentially leading to anticompetitive practices, stifled innovation, and reduced consumer choice.2 This phenomenon has prompted policymakers and regulators worldwide to explore novel remedies, with data portability emerging as a particularly promising solution.3
Data portability, defined as the right of users to easily transfer their data between services, represents a paradigm shift in how we conceptualize competition remedies in the digital age.4 Unlike traditional antitrust interventions that focus primarily on structural separation or behavioral constraints, data portability seeks to address market power at its source by reducing switching costs and facilitating consumer mobility.5 This approach recognizes that in data- driven markets, competitive advantage often stems not from superior products or services, but from the accumulation and control of user data.6
The theoretical foundation for data portability as a competition remedy rests on several economic principles. First, it addresses the problem of lock-in effects, where users become trapped within digital ecosystems due to the difficulty of transferring their accumulated data.7 Second, it seeks to lower barriers to entry for new competitors by reducing the data advantage of incumbent firms.8 Third, it promotes interoperability and innovation by enabling new services to build upon existing user data relationships.9
1 Viktor Mayer-Schönberger and Thomas Ramge, Reinventing Capitalism in the Age of Big Data (John Murray 2018) 45-67.
2 Ariel Ezrachi and Maurice Stucke, Virtual Competition: The Promise and Perils of the Algorithm-Driven Economy (Harvard University Press 2016) 123-145.
3 European Commission, ‘A European Strategy for Data’ (Communication) COM(2020) 66 final, 15-18.
4 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data [2016] OJ L119/1, art 20. 5 OECD, ‘Data Portability, Interoperability and Digital Platform Competition’ (OECD Competition Committee Discussion Paper 2021) DAF/COMP(2021)12, 23-25.
6 Mayer-Schönberger and Ramge (n 1) 78-92.
7 Paul Klemperer, ‘Markets with Consumer Switching Costs’ (1987) 102 Quarterly Journal of Economics 375, 378-380.
8 Jacques Crémer, Yves-Alexandre de Montjoye and Heike Schweitzer, ‘Competition Policy for the Digital Era’ (European Commission 2019) 67-72.
9 Mark Armstrong, ‘Competition in Two-Sided Markets’ (2006) 37 RAND Journal of Economics 668, 672-675.
However, the implementation of data portability raises complex legal, technical, and economic questions that extend far beyond traditional antitrust analysis.10 Privacy concerns, security risks, technical standardization challenges, and potential unintended consequences all complicate the regulatory landscape.11 Moreover, the global nature of digital markets necessitates international coordination and harmonization of regulatory approaches.12
This paper addresses four critical research questions that lie at the heart of the data portability debate. First, it examines the extent to which existing legal frameworks, particularly the General Data Protection Regulation (GDPR), effectively facilitate data portability as a tool for enhancing competition.13 Second, it compares diverse global approaches to data portability regulation, analyzing their respective impacts on market structure and consumer welfare.14 Third, it evaluates the economic implications of mandating data portability as an antitrust remedy, with particular attention to barriers to entry and potential unintended consequences.15 Finally, it synthesizes these findings to develop optimal policy recommendations for designing and implementing data portability mandates.16
- Legal Frameworks and Regulatory Foundations
- The European Union Approach: GDPR and Beyond
The European Union has positioned itself at the forefront of data portability regulation through Article 20 of the GDPR, which grants data subjects the right to receive their personal data in a structured, commonly used, and machine-readable format.17 This provision represents the most comprehensive legal framework for data portability currently in force, establishing both individual rights and regulatory obligations.18
The GDPR’s approach to data portability is fundamentally grounded in data protection principles rather than competition law, creating an interesting tension between privacy rights
10 Tina Hoeren and Ulrich Sieber (eds), Handbook on European Data Protection Law (2nd edn, C.H. Beck 2021) 445-467.
12 UNCTAD, ‘Digital Economy Report 2021: Cross-border Data Flows and Development’ (United Nations 2021) 134-156.
13 Hoeren and Sieber (n 10) 445-451.
15 Crémer, de Montjoye and Schweitzer (n 8) 89-95.
16 European Commission (n 3) 19-22.
18 Hoeren and Sieber (n 10) 445-448.
and market competition objectives.19 Article 20 applies only to data that has been provided by the data subject and is processed based on consent or contract, which significantly limits its scope in competitive contexts.20 Furthermore, the right to portability must not adversely affect the rights and freedoms of others, creating additional constraints on its application.21
The European Commission has recognized these limitations and has begun exploring more targeted competition-focused approaches to data portability.22 The Digital Markets Act (DMA), which entered into force in 2022, introduces specific data portability obligations for designated gatekeeper platforms.23 Unlike the GDPR’s privacy-centric approach, the DMA explicitly targets market concentration and competitive concerns in digital markets.24
Under the DMA, gatekeepers must provide business users and end users with effective data portability tools, including real-time access to data and continuous data transfer capabilities.25 This represents a significant evolution from the GDPR’s more limited right to receive data upon request.26 The DMA also requires interoperability between gatekeeper services and third-party providers, creating a more comprehensive framework for addressing market concentration.27
- United States: Sectoral and Market-Driven Approaches
The United States has adopted a markedly different approach to data portability, characterized by sectoral regulation and market-driven initiatives rather than comprehensive federal legislation.28 The California Consumer Privacy Act (CCPA) and its successor, the California Privacy Rights Act (CPRA), include data portability provisions that mirror some aspects of the GDPR.29 However, these state-level initiatives lack the comprehensive scope and competitive focus of European approaches.30
20 GDPR (n 4) art 20(1)(a)-(b).
22 European Commission, ‘Digital Markets Act: Ensuring Fair and Open Digital Markets’ (2022) https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/digital-markets-act-ensuring-fair- and-open-digital-markets_en accessed 15 January 2025.
23 Regulation (EU) 2022/1925 of the European Parliament and of the Council on contestable and fair markets in the digital sector [2022] OJ L265/1, art 6(1)(h).
27 DMA (n 23) art 6(1)(f)-(g).
28 California Consumer Privacy Act, Cal Civ Code § 1798.100-1798.150 (2018).
29 California Privacy Rights Act, Cal Civ Code § 1798.100 et seq (2020).
30 Ryan Calo, ‘The Boundaries of Privacy Harm’ (2011) 86 Indiana Law Journal 1131, 1145-1148.
At the federal level, data portability has been addressed primarily through sectoral regulations and industry-specific initiatives.31 The Financial Data Exchange (FDX) in the financial services sector and the 21st Century Cures Act in healthcare demonstrate targeted approaches to data mobility within specific industries.32 These sectoral approaches allow for more tailored solutions but create fragmentation and inconsistency across the broader digital economy.33
The United States has also relied heavily on market-driven initiatives and industry self- regulation.34 The Data Transfer Project, initiated by major technology companies including Google, Apple, Facebook, and Microsoft, represents an attempt at voluntary standardization of data portability tools.35 While these initiatives demonstrate industry recognition of the importance of data portability, they lack the regulatory enforcement mechanisms necessary to address competitive concerns.36
- Asia-Pacific Developments
The Asia-Pacific region presents a diverse landscape of data portability approaches, reflecting varying regulatory philosophies and market structures.37 Singapore’s Personal Data Protection Act (PDPA) includes data portability provisions that closely follow the GDPR model, emphasizing individual rights while maintaining flexibility for businesses.38 The Monetary Authority of Singapore has also implemented open banking regulations that mandate data portability in financial services.39
Japan’s approach combines privacy protection with industrial policy objectives, recognizing data as a strategic asset for economic competitiveness.40 The Personal Information Protection Act includes data portability rights, while the government has promoted data sharing initiatives
31 21st Century Cures Act, Pub L No 114-255, 130 Stat 1033 (2016), s 4003.
32 Financial Data Exchange, ‘FDX API Standards’ (2023) https://financialdataexchange.org/ accessed 15 January 2025.
33 Julie Cohen, ‘The Biopolitical Public Domain: The Legal Construction of the Surveillance Economy’ (2018) 31 Philosophy & Technology 213, 225-228.
34 Data Transfer Project, ‘Building a Common Framework for Data Portability’ (2021) https://datatransferproject.dev/ accessed 15 January 2025.
36 Tim Wu, ‘The Curse of Bigness: Antitrust in the New Gilded Age’ (Columbia Global Reports 2018) 89-102.
37 Personal Data Protection Act 2012 (Singapore), s 25.
39 Monetary Authority of Singapore, ‘Open Banking’ (2019) https://www.mas.gov.sg/development/fintech/open- banking accessed 15 January 2025.
40 Personal Information Protection Act (Japan), Law No 57 of 2003, art 28.
through its Society 5.0 agenda.41 This dual approach reflects Japan’s attempt to balance individual rights with broader economic and technological objectives.42
Australia’s approach has been more cautious, with data portability primarily addressed through the Consumer Data Right (CDR) framework.43 The CDR began in the banking sector and is gradually expanding to other industries, representing a sectoral approach similar to that of the United States.44 However, the Australian framework places greater emphasis on consumer control and competitive outcomes than its American counterparts.45
- Economic Analysis of Data Portability as Competition Remedy
- Market Structure and Competitive Dynamics
The economic rationale for data portability as a competition remedy rests on the unique characteristics of digital markets, particularly the role of data as both an input and a source of competitive advantage.46 In traditional markets, competition typically revolves around factors such as price, quality, and innovation, with clear mechanisms for consumer switching between providers.47 Digital markets, however, are characterized by network effects, switching costs, and data-driven feedback loops that can create self-reinforcing cycles of market dominance.48
Data portability seeks to address these market failures by reducing switching costs and breaking down the data advantages of incumbent firms.49 Theoretical models suggest that effective data portability can lower barriers to entry, increase competitive pressure on dominant firms, and promote innovation by enabling new entrants to compete on the basis of service quality rather than data accumulation.50 However, these theoretical benefits depend critically on the design and implementation of portability mechanisms.51
41 Cabinet Office (Japan), ‘Society 5.0’ (2020) https://www8.cao.go.jp/cstp/english/society5_0/index.html
42 Personal Information Protection Act (Japan) (n 40) art 28-30.
43 Competition and Consumer Act 2010 (Cth), sch 1, pt IVD.
44 Australian Competition and Consumer Commission, ‘Consumer Data Right’ (2023) https://www.accc.gov.au/consumers/consumer-data-right accessed 15 January 2025.
46 Ezrachi and Stucke (n 2) 67-89.
48 David Evans and Richard Schmalensee, Matchmakers: The New Economics of Multisided Platforms (Harvard Business Review Press 2016) 123-145.
51 Crémer, de Montjoye and Schweitzer (n 8) 72-78.
The effectiveness of data portability in promoting competition depends on several key factors. First, the scope of portable data must be sufficiently comprehensive to enable meaningful competition.52 If portability is limited to basic profile information while excluding behavioral data and social connections, its competitive impact may be minimal.53 Second, the technical implementation must ensure that data transfers are seamless and do not impose excessive costs on either users or competitors.54
- Barriers to Entry and Market Concentration
One of the primary economic justifications for data portability as a competition remedy is its potential to reduce barriers to entry in digital markets.55 Traditional barriers to entry in digital markets include network effects, switching costs, and the accumulation of user data that enables incumbent firms to improve their services and target advertising more effectively.56 Data portability directly addresses the data accumulation advantage by enabling new entrants to access user data that would otherwise be locked within incumbent platforms.57
Empirical evidence on the effectiveness of data portability in reducing barriers to entry remains limited due to the relatively recent implementation of comprehensive portability frameworks.58 However, early studies of sector-specific initiatives, such as open banking regulations, suggest that data portability can facilitate entry by new competitors and increase innovation in service delivery.59 The UK’s open banking initiative, for example, has led to the emergence of numerous fintech companies that build upon consumer banking data to provide new financial services.60
The impact of data portability on market concentration is more complex and depends on the specific market dynamics and implementation details.61 While portability may reduce the data advantages of incumbent firms, it may also create new forms of market concentration if technical standards or platform economics favor certain types of service providers.62 Moreover,
55 Crémer, de Montjoye and Schweitzer (n 8) 89-92.
56 Evans and Schmalensee (n 48) 167-189.
58 Competition and Markets Authority, ‘Online Platforms and Digital Advertising Market Study’ (2020) Final Report, 234-256.
60 Open Banking Implementation Entity, ‘OBIE Ecosystem Report’ (2023) https://www.openbanking.org.uk/ accessed 15 January 2025.
the costs of implementing data portability systems may disproportionately burden smaller firms, potentially leading to consolidation among service providers.63
- Consumer Welfare and Innovation Effects
The welfare effects of data portability extend beyond traditional measures of consumer surplus to include considerations of privacy, innovation, and market dynamism.64 From a consumer perspective, data portability can increase choice, reduce switching costs, and promote service quality competition among providers.65 However, these benefits must be weighed against potential costs, including privacy risks associated with data transfers and the complexity of managing multiple service relationships.66
The innovation effects of data portability are particularly complex and may vary significantly across different market segments.67 On one hand, portability can promote innovation by enabling new entrants to compete on the basis of service quality rather than data accumulation, and by facilitating the development of complementary services that build upon existing user data.68 On the other hand, reduced data exclusivity may diminish incentives for investment in data collection and analysis, potentially slowing innovation in data-driven services.69
- Comparative Analysis of Global Approaches
- Regulatory Philosophy and Implementation
The comparative analysis of global approaches to data portability reveals fundamental differences in regulatory philosophy, implementation mechanisms, and competitive objectives.70 The European approach, embodied in the GDPR and DMA, reflects a rights-based philosophy that prioritizes individual control over personal data while increasingly recognizing competitive implications.71 This approach emphasizes comprehensive regulation, harmonized standards, and strong enforcement mechanisms.72
64 Joseph Farrell and Paul Klemperer, ‘Coordination and Lock-In: Competition with Switching Costs and Network Effects’ in Mark Armstrong and Robert Porter (eds), Handbook of Industrial Organization (North- Holland 2007) vol 3, 1967-2072.
66 Hoeren and Sieber (n 10) 478-485.
67 Mayer-Schönberger and Ramge (n 1) 156-178.
71 Hoeren and Sieber (n 10) 445-449.
In contrast, the United States approach reflects a more market-oriented philosophy that relies heavily on industry self-regulation and sectoral initiatives.73 This approach provides greater flexibility for innovation and adaptation but may lack the comprehensive coverage and enforcement mechanisms necessary to address systemic competitive concerns.74 The fragmented nature of US regulation also creates compliance challenges for firms operating across multiple sectors or jurisdictions.75
The Asia-Pacific approaches generally fall between these two extremes, combining elements of rights-based regulation with industrial policy objectives.76 Countries like Singapore and Japan have adopted privacy-focused frameworks similar to the GDPR while maintaining greater flexibility for business innovation and economic development.77 This balanced approach may offer insights for optimal policy design in other jurisdictions.78
- Technical Standards and Interoperability
Technical standardization represents one of the most significant challenges in implementing effective data portability frameworks.79 Different jurisdictions have adopted varying approaches to technical standards, ranging from prescriptive regulatory requirements to industry-led standardization processes.80 The European approach has generally favored regulatory specification of technical requirements, while the United States has relied more heavily on industry-led initiatives.81
The lack of international harmonization in technical standards creates significant challenges for global digital platforms and may limit the effectiveness of national data portability frameworks.82 Firms operating across multiple jurisdictions must implement different technical solutions for each market, increasing compliance costs and potentially limiting the scope of data portability.83 Moreover, the absence of common standards may create barriers to international data transfers and limit the competitive benefits of portability.84
81 Data Transfer Project (n 34).
- Enforcement Mechanisms and Outcomes
The effectiveness of data portability frameworks depends critically on enforcement mechanisms and regulatory oversight.85 The European approach provides comprehensive enforcement powers through data protection authorities and competition regulators, with significant financial penalties for non-compliance.86 However, enforcement has been relatively limited to date, partly due to the complexity of technical implementation and the need for regulatory expertise in digital markets.87
The United States approach relies primarily on sectoral regulators and private enforcement mechanisms, which may provide greater flexibility but potentially weaker overall enforcement.88 The absence of a comprehensive federal framework also creates jurisdictional challenges and may limit the effectiveness of enforcement efforts.89 Early evidence suggests that voluntary industry initiatives have achieved limited penetration and may require regulatory mandates to achieve meaningful impact.90
- Challenges and Unintended Consequences
- Privacy and Security Concerns
The implementation of data portability frameworks raises significant privacy and security concerns that must be carefully balanced against competitive objectives.91 Data transfers between service providers create new opportunities for data breaches, unauthorized access, and misuse of personal information.92 These risks are particularly acute in cross-border transfers, where different jurisdictions may have varying privacy standards and enforcement capabilities.93
The tension between data portability and privacy protection is particularly evident in the context of third-party access to personal data.94 While portability seeks to enable data sharing for competitive purposes, privacy principles emphasize data minimization and purpose
85 Hoeren and Sieber (n 10) 890-915.
86 GDPR (n 4) art 83; DMA (n 23) art 30.
87 European Data Protection Board, ‘Guidelines 01/2022 on Data Subject Rights – Right of Access’ (2022) 45-67.
88 Federal Trade Commission, ‘Data to Go: An FTC Workshop on Data Portability’ (2021) Staff Report, 23-34.
90 Data Transfer Project (n 34).
91 Hoeren and Sieber (n 10) 485-500.
94 Hoeren and Sieber (n 10) 516-530.
limitation.95 Resolving this tension requires careful design of portability frameworks that incorporate privacy-by-design principles and strong security safeguards.96
- Technical Implementation Challenges
The technical implementation of data portability systems presents numerous challenges that can significantly impact their effectiveness as competition remedies.97 Data compatibility issues, differing technical standards, and the complexity of modern data ecosystems all complicate the transfer of data between service providers. 98Moreover, the cost and complexity of implementing portability systems may disproportionately burden smaller firms, potentially creating new barriers to entry.99
The quality and completeness of portable data represent additional implementation challenges.100 If data transfers are incomplete or lose important contextual information, their competitive value may be significantly diminished.101 Similarly, the timing and frequency of data updates can impact the effectiveness of portability in facilitating competition.102
- Policy Recommendations and Optimal Design
- Harmonized International Standards
The development of harmonized international standards represents a critical priority for effective data portability implementation.103International coordination mechanisms, similar to those used in other areas of digital governance, could facilitate the development of common technical standards and regulatory approaches.104 Such harmonization would reduce compliance costs for global firms while maximizing the competitive benefits of data portability.105
The establishment of international data portability standards should incorporate input from technical experts, competition authorities, privacy regulators, and industry
95 GDPR (n 4) art 5(1)(b)-(c).
100 European Data Protection Board (n 87) 68-78.
stakeholders.106These standards should address not only technical specifications but also privacy safeguards, security requirements, and competition objectives.107 Regular review and updating mechanisms should ensure that standards remain current with technological developments and market evolution.108
- Balancing Competition and Innovation
Optimal data portability frameworks must carefully balance competitive objectives with innovation incentives and other policy goals.109 This balance requires nuanced approaches that consider the specific characteristics of different market segments and service types.110For example, portability requirements for social media platforms may differ significantly from those appropriate for financial services or healthcare applications.111
The design of portability frameworks should also consider dynamic efficiency effects and long- term innovation incentives.112 While short-term competitive benefits may justify portability mandates, regulators must ensure that such requirements do not discourage investment in data collection, analysis, and service improvement.113 Sunset clauses, regular reviews, and adaptive regulatory approaches may help balance these competing objectives.114
- Implementation and Enforcement Strategies
Effective implementation of data portability frameworks requires clear regulatory guidance, technical support for industry compliance, and robust enforcement mechanisms.115 Regulators should provide detailed guidance on technical requirements, privacy safeguards, and competition objectives to ensure consistent implementation across firms and sectors.116 Technical support programs and sandbox environments can help smaller firms develop compliant portability systems without excessive costs.117
109 Mayer-Schönberger and Ramge (n 1) 211-230
112 Mayer-Schönberger and Ramge (n 1) 246-260.
114 European Commission (n 3) 22-25.
Enforcement strategies should combine proactive monitoring with responsive investigation and remediation mechanisms.118 Regular audits of portability systems, user experience testing, and market impact assessments can help identify implementation problems and competitive effects.119 Strong penalties for non-compliance, combined with positive incentives for innovation in portability solutions, can encourage industry adoption and continuous improvement.120
- Conclusion
Data portability represents a promising but complex remedy for addressing competitive concerns in digital markets. The analysis presented in this paper demonstrates that while theoretical economic arguments support the use of data portability as a competition tool, practical implementation faces significant legal, technical, and policy challenges. The comparative examination of global approaches reveals important differences in regulatory philosophy and implementation mechanisms, with no single model emerging as clearly superior across all contexts.
The European Union’s comprehensive regulatory approach provides strong legal foundations and enforcement mechanisms but may impose significant compliance costs and implementation challenges. The United States’ market-oriented approach offers greater flexibility but may lack the systematic coverage necessary to address market-wide competitive concerns. Asia-Pacific approaches demonstrate the potential for balanced frameworks that combine rights-based protections with economic development objectives.
The economic analysis suggests that data portability can indeed promote competition by reducing switching costs and barriers to entry, but these effects depend critically on implementation details and market characteristics. Privacy and security concerns, technical standardization challenges, and potential unintended consequences all require careful consideration in policy design.
The policy recommendations developed in this paper emphasize the importance of international harmonization, balanced regulatory approaches, and robust implementation and enforcement mechanisms. Future research should focus on empirical evaluation of implemented portability
118 Hoeren and Sieber (n 10) 916-930.
frameworks, development of sector-specific approaches, and continued analysis of the evolving relationship between data governance and market competition.
As digital markets continue to evolve and data becomes increasingly central to economic activity, data portability will likely remain an important tool in the competition policy toolkit. However, its effectiveness will depend on continued refinement of regulatory approaches, international coordination, and adaptive implementation that responds to technological and market developments.
Submitted by: Abhishek Bandekar
Manipal Law School Bengaluru