The right to data portability in the GDPR and EU competition law: odd couple or dynamic duo?
The EU General Data Protection Regulation (GDPR) was published in the Official Journal of the European Union on 4 May 2016. It will become applicable on May 25, 2018. The GDPR comprises a new right to data portability for individuals, which requires data controllers to ensure that they can hand over the personal data that has been provided by the data subject himself/herself, in a structured, commonly used and transferable format.
This paper critically examines the right to data portability and suggests that in order to ensure comprehensive data portability that reaches out to all relevant stakeholders, including businesses, the provisions in the GDPR need to be analysed by taking into account EU competition rules. It suggests that lessons can be drawn from EU competition law to limit the potential adverse consequences of the right to data portability particularly for small and medium-sized enterprises. It also asserts that EU competition rules, especially Article 102 TFEU and the essential facilities doctrine, can complement data portability by facilitating mandatory access to specific data.
Keywords: The General Data Protection Regulation; article 20 of the GDPR; article 102 TFEU; data; data controller; the right to data portability; API; controller to controller transfer; competition law; essential facilities doctrine; network effects; Data Protection Directive
EJLT is an open access journal, aiming to disseminate academic work and perspectives as widely as possible to the benefit of the author and the author’s readers. It is the assumption of the EJLT that authors who publish in the journal wish their work to be available as freely and as widely as possible through the open access publishing channel.
Authors who publish with EJLT will retain copyright and moral rights in the underlying work but will grant all users the rights to copy, store and print for non-commercial use copies of their work. Commercial mirroring may also be carried out with the consent of the journal. The work must remain as published – without redaction or editing – and must clearly state the identity of the author and the originating EJLT url of the article. Any commercial use of the author’s work - apart from mirroring - requires the permission of the author and any aspects of the article which are the property of EJLT (e.g. typographical format) requires permission from EJLT.
Authors can sometimes become no longer contactable (through, for example, death or retirement). If this occurs, any rights in the work will pass to the European Journal of Law and Technology which will continue to make the work available in as wide a manner as possible to achieve the aims of open access and ensuring that an author's work continues to be available. An author - or their estate - can recover these rights from EJLT by providing contact information.
The European Journal of Law and Technology holds rights in format, publication and dissemination.
EJLT, as a non-commercial organisation - which receives donations to allow it to continue publishing – must retain information on reader access to journal articles. This means that we will not give permission to mirror the journal unless we can be provided with full details as to reader access to each and every journal article. We prefer and encourage deep linking rather than mirroring. Encouragement is thus given for all users – commercial and non-commercial – to provide indexes and links to articles in the EJLT where the index or link points to the location of the article on the EJLT server, rather than to stored copies on other servers.
Please contact the European Journal of Law and Technology if you are in any doubt as to what this statement of use covers.