Event Description
THIS EVENT WAS HELD ONLINE.
The 鶹ý Trade Commission hosted a public workshop on September 22, 2020, to examine the potential benefits and challenges to consumers and competition raised by data portability.
Data portability refers to the ability of consumers to move data – such as, emails, contacts, calendars, financial information, health information, favorites, friends or content posted on social media – from one service to another or to themselves. In addition to providing benefits to consumers, data portability may benefit competition by allowing new entrants to access data they otherwise would not have so that they can grow competing platforms and services. At the same time, there may be challenges to implementing or requiring data portability. For example, data that consumers want to port may include information about others, such as friends’ photos and comments. How should this data be treated? How can the data be transferred securely? Who has responsibility for ensuring that data portability is technically feasible? Does mandatory data access or data sharing affect companies’ incentives to invest in data-driven products and services?
Data portability is a timely topic. Europe’s General Data Protection Regulation and California’s Consumer Privacy Act both include data portability requirements, and companies serving customers in Europe and California have already begun providing consumers with the right to port their data. In addition, the United Kingdom’s Open Banking initiative and US banking laws requiring that financial information be provided to consumers in an electronic format, are encouraging data portability in the financial sector, including the development of APIs to facilitate transfer of data to consumers and among financial institutions. Major technology companies Apple, Facebook, Google, Microsoft, and Twitter have created the Data Transfer Project with the goal of creating an open-source, service-to-service data portability platform. The Department of Health and Human Services’ Office of National Coordinator for Health Information Technology has finalized rules to facilitate portability of health data. And industry and lawmakers have discussed including data portability as a component of any comprehensive federal privacy legislation.
The workshop sought to bring together stakeholders — including industry representatives, economists, consumer advocates, and regulators — for a wide-ranging public discussion on issues raised by data portability. The workshop addressed questions such as the potential benefits to consumers and competition of data portability, the potential risks to consumer privacy and how those risks might be mitigated, the potential impact of mandatory data access or data sharing on companies’ incentives to innovate, how to best ensure the security of personal data that is being transmitted from one business to another, the merits and challenges of interoperability, and who should be responsible for ensuring interoperability.
To assist the agency’s analysis of this topic, the FTC sought comment on a range of issues including:
- How are companies currently implementing data portability? What are the different contexts in which data portability has been implemented?
- What have been the benefits and costs of data portability? What are the benefits and costs of achieving data portability through regulation?
- To what extent has data portability increased or decreased competition?
- Are there research studies, surveys, or other information on the impact of data portability on consumer autonomy and trust?
- Does data portability work better in some contexts than others (e.g., banking, health, social media)? Does it work better for particular types of information over others (e.g., information the consumer provides to the business vs. all information the business has about the consumer, information about the consumer alone vs. information that implicates others such as photos of multiple people, comment threads)?
- Who should be responsible for the security of personal data in transit between businesses? Should there be data security standards for transmitting personal data between businesses? Who should develop these standards?
- How do companies verify the identity of the requesting consumer before transmitting their information to another company?
- How can interoperability among services best be achieved? What are the costs of interoperability? Who should be responsible for achieving interoperability?
- What lessons and best practices can be learned from the implementation of the data portability requirements in the GDPR and CCPA? Has the implementation of these requirements affected competition and, if so, in what ways?
-
8:30 am
Welcome and Opening Remarks
Andrew Smith
Director
Bureau of Consumer Protection
鶹ý Trade Commission8:40 am An Overview of Data Portability: Concepts and Terminology
Peter Swire
Elizabeth and Tommy Holder Chair of Law and Ethics
Georgia Tech Scheller College of Business9:00 am
Data Portability Initiatives in the European Union, California, and India: Case Studies
This panel will discuss the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other data portability initiatives, including lessons learned from those efforts.
Moderator:
Guilherme Roschke
Counsel for International Consumer Protection
Office of International Affairs
鶹ý Trade CommissionPanelists:
Inge Graef
Associate Professor of Competition Law
Tilburg University
The NetherlandsRahul Matthan
Partner, Head of the Technology Practice
Trilegal
IndiaKarolina Mojzesowicz
Deputy Head of Unit for Data Protection
Directorate General for Justice and Consumers
European CommissionStacey D. Schesser
Supervising Deputy Attorney General
Consumer Protection Section – Privacy Unit
Office of the California Attorney GeneralGabriela Zanfir-Fortuna
Senior Counsel
Future of Privacy Forum10:15 am
Break
10:30 am
Financial and Health Portability Regimes: Case Studies
This panel will discuss efforts to implement data portability in the financial and health sectors, and lessons learned from those efforts.
Moderator:
Katherine White
Division of Privacy and Identity Protection
Bureau of Consumer Protection
鶹ý Trade CommissionPanelists:
Michael S. Barr
Joan and Sanford Weill Dean of Public Policy
Frank Murphy Collegiate Professor of Public Policy
Roy F. and Jean Humphrey Proffitt Professor of Law
University of MichiganDan Horbatt
Chief Technology Officer
Particle HealthBill Roberts
Head of Open Banking
The Competition and Markets Authority
United KingdomDon Rucker
National Coordinator for Health Information Technology
U.S. Department of Health and Human Services11:45 am Break
12:00 pm
Reconciling the Benefits and Risks of Data Portability
This panel will discuss the attributes, benefits, and challenges of data portability initiatives, with an eye towards the twin aims of protecting consumers and promoting competition.
Moderator:
Ryan K. Quillian
Deputy Assistant Director
Technology 鶹ý Division
Bureau of Competition
鶹ý Trade CommissionPanelists:
Pam Dixon
Founder and Executive Director
World Privacy ForumAli Lange
Public Policy Manager
GoogleGabriel Nicholas
Research Fellow
New York University School of LawHodan Omaar
Policy Analyst
Center for Data InnovationPeter Swire
Elizabeth and Tommy Holder Chair of Law and Ethics
Georgia Tech Scheller College of Business1:15 pm
Break
1:30 pm
Realizing Data Portability’s Potential: Material Challenges and Solutions
This panel will discuss several key concerns confronting data portability initiatives: security, privacy, standardization, and interoperability.
Moderator:
Jarad Brown
Division of Privacy and Identity Protection
Bureau of Consumer Protection
鶹ý Trade CommissionPanelists:
Erika Brown Lee
Senior Vice President
Assistant General Counsel for Privacy and Data Protection
MastercardSara Collins
Policy Counsel
Public KnowledgeBennett Cyphers
Staff Technologist
Electronic Frontier FoundationMichael Murray
President
Mission:data CoalitionJulian Ranger
Executive President and Founder
Digi.me2:45 pm
Closing Remarks
Ian R. Conner
Director
Bureau of Competition
鶹ý Trade CommissionFileAgenda (110.15 KB)
- FileSpeaker Bios (126.6 KB)
-
Event Materials
FilePresentation Slides (806.14 KB)FileWorkshop Summary (1.2 MB)
-
Transcript - Files
FileTranscript (1.39 MB)
Request for Comments
The FTC welcomes written comments, including further evidence of consumer perception. Interested parties may on these topics or other related topics through August 21, 2020.
If you prefer to file your comment on paper, write “FTC Data Portability Workshop” on your comment and on the envelope and mail your comment to the following address: 鶹ý Trade Commission, Office of the Secretary, Constitution Center, 400 7th St., SW, 5th Floor, Suite 5610, Washington, DC 20024.