Tilburg Law and Economics Center

TILEC supports and stimulates academic research on the governance of economic activity. It fosters academically path breaking and practically relevant research and aims to be a leading center worldwide.

Inge Graef, Martin Husovec and Nadezhda Purtova on Data Portability and Data Control in the context of Article 20 GDPR

In TILEC Discussion Paper No. 2017-041, entitled “Data Portability and Data Control: Lessons for an Emerging Concept in EU Law”, I.Graef, M.Husovec and N.Putova explore the intricacies of data portability and data control in the context of the right to data portability (RtDP) introduced by Article 20 of the General Data Protection Regulation (GDPR). The RtDP is a first regulatory attempt to establish a general-purpose control mechanism of horizontal application which mainly aims to facilitate reuse of personal data held by private companies. Article 20 GDPR is agnostic about the type of use that follows from the ported data and its further diffusion. This contrasts with forms of portability facilitated under competition law which can only occur for purpose-specific goals with the aim of addressing anticompetitive behavior. Unlike some upcoming initiatives, the RtDP still cannot be said to create ownership-like control over ported data. Even more, this regulatory innovation will be limited in its aspirations where intellectual property rights of current data holders, such as copyright, trade secrets and sui generis database rights, cause the two regimes to clash.

In such cases, a reconciliation of the interests might confine particularly the follow-on use of ported data again to specific set of socially justifiable purposes, possibly with schemes of fair remuneration. We argue that to the extent that other regimes will try to replicate the RtDP, they should closely consider the nature of the resulting control, its breadth and its impact on incentives to innovate. In any case, the creation of data portability regimes should not become an end in itself. With an increasing number of instruments, orchestrating the consistency of legal regimes within the Digital Single Market and their mutual interplay should become an equally important concern.