In the context of the Brussels Internet & Telecom Seminar on data portability coming up on April 29, Inge Graef and Yuli Wahyuningtyas of the Interdisciplinary Centre for Law and ICT (ICRI – iMinds) of the KU Leuven – University of Leuven, interviewed internet governance expert Ian Brown of the Oxford Internet Institute about the new right to data portability and its implications for the online social network industry.
Inge: Online social network providers claim that they already enable data portability by giving users the possibility to download their data in a particular format. Does this correspond with what you think data portability should entail?
Ian: As long as social network providers use an open format that anyone can
write software to parse, this would make data portability possible. This is what the European Commission’s proposal for the General Data Protection Regulation stated in recitals 59, 130 and 131 and Article 18. We have to wait to see how far the Commission and the Council accept the version of the regulation approved by the European Parliament.
Yuli: Since data portability would enable users to switch between different online social networks more easily, how can a balance be struck between the interests of these businesses to keep users in their platform and the interests of users to have control over their data?
If you consider competitive markets as a good thing both for efficiency and for user control, I do not think there is a balance to be struck here. The social networking industry is currently not competitive because of the user lock-in that creates dominance in the market. Anyway, the proposed regulation only makes easier the right of access to personal data that always existed in the Data Protection Directive.
Would data portability bring risks to privacy in your view, for instance concerning data leaks?
No, companies will still have a duty to take organisational and technical measures to protect user data. The standards developed for portability can incorporate these.
Although data portability may increase competition, it does not create interoperability between different online social networks, so would it be sufficient to protect the user’s interest in the digital economy?
Data portability is necessary, but not sufficient. Chris Marsden and I argued in our book Regulating Code that regulators may also need to impose ex ante interoperability requirements on dominant companies in information industries such as social networking companies where strong network effects make it much more difficult for new competitors entering the market. We identified three potential models of regulation: must-carry obligations which are already imposed on broadcasters and electronic program guides; application programming interfaces disclosure requirements like the ones placed on Microsoft; and interconnection requirements as imposed on telecommunications providers.
To have this interoperability though there should be common technical standards and procedures for the transmission of personal data; how can this be best achieved in your view?
Regulators could ask for standards to be developed by a body that meets the European Commission’s standards as laid down in Annex II of Regulation 1025/2012. This could be the World Wide Web Consortium (W3C) or the Internet Engineering Task Force (IETF).
Do you think the right to data portability, if adopted, will affect the development of industries like social networking that work with closed systems? If yes, how would the industry landscape look like, let’s say in ten years from now?
Ideally, the common services of online social networks, such as status and contact detail updates, photo sharing, “likes”, and so on, will have become a standard part of PC, tablet and smartphone operating systems and apps, so users have a wide variety of choices over how they share information with their friends, family and colleagues – including the privacy policies that apply.
