Skip to main content
Image
-

Event Description

THIS EVENT WAS HELD ONLINE.

The Federal Trade Commission hosted a public workshop on September 22, 2020, to examine the potential benefits and challenges to consumers and competition raised by data portability.

Data portability refers to the ability of consumers to move data – such as, emails, contacts, calendars, financial information, health information, favorites, friends or content posted on social media – from one service to another or to themselves. In addition to providing benefits to consumers, data portability may benefit competition by allowing new entrants to access data they otherwise would not have so that they can grow competing platforms and services. At the same time, there may be challenges to implementing or requiring data portability. For example, data that consumers want to port may include information about others, such as friends’ photos and comments. How should this data be treated? How can the data be transferred securely? Who has responsibility for ensuring that data portability is technically feasible? Does mandatory data access or data sharing affect companies’ incentives to invest in data-driven products and services?

Data portability is a timely topic. Europe’s General Data Protection Regulation and California’s Consumer Privacy Act both include data portability requirements, and companies serving customers in Europe and California have already begun providing consumers with the right to port their data. In addition, the United Kingdom’s Open Banking initiative and US banking laws requiring that financial information be provided to consumers in an electronic format, are encouraging data portability in the financial sector, including the development of APIs to facilitate transfer of data to consumers and among financial institutions. Major technology companies Apple, Facebook, Google, Microsoft, and Twitter have created the Data Transfer Project with the goal of creating an open-source, service-to-service data portability platform. The Department of Health and Human Services’ Office of National Coordinator for Health Information Technology has finalized rules to facilitate portability of health data. And industry and lawmakers have discussed including data portability as a component of any comprehensive federal privacy legislation.

The workshop sought to bring together stakeholders — including industry representatives, economists, consumer advocates, and regulators — for a wide-ranging public discussion on issues raised by data portability. The workshop addressed questions such as the potential benefits to consumers and competition of data portability, the potential risks to consumer privacy and how those risks might be mitigated, the potential impact of mandatory data access or data sharing on companies’ incentives to innovate, how to best ensure the security of personal data that is being transmitted from one business to another, the merits and challenges of interoperability, and who should be responsible for ensuring interoperability.

To assist the agency’s analysis of this topic, the FTC sought comment on a range of issues including:

  • How are companies currently implementing data portability? What are the different contexts in which data portability has been implemented?
  • What have been the benefits and costs of data portability? What are the benefits and costs of achieving data portability through regulation?
  • To what extent has data portability increased or decreased competition?
  • Are there research studies, surveys, or other information on the impact of data portability on consumer autonomy and trust?
  • Does data portability work better in some contexts than others (e.g., banking, health, social media)? Does it work better for particular types of information over others (e.g., information the consumer provides to the business vs. all information the business has about the consumer, information about the consumer alone vs. information that implicates others such as photos of multiple people, comment threads)?
  • Who should be responsible for the security of personal data in transit between businesses? Should there be data security standards for transmitting personal data between businesses? Who should develop these standards?
  • How do companies verify the identity of the requesting consumer before transmitting their information to another company?
  • How can interoperability among services best be achieved? What are the costs of interoperability? Who should be responsible for achieving interoperability?
  • What lessons and best practices can be learned from the implementation of the data portability requirements in the GDPR and CCPA? Has the implementation of these requirements affected competition and, if so, in what ways?
  • 8:30 am

    Welcome and Opening Remarks

    Andrew Smith
    Director
    Bureau of Consumer Protection
    Federal Trade Commission

    8:40 am

    An Overview of Data Portability: Concepts and Terminology

    Peter Swire
    Elizabeth and Tommy Holder Chair of Law and Ethics
    Georgia Tech Scheller College of Business

    9:00 am

    Data Portability Initiatives in the European Union, California, and India: Case Studies

    This panel will discuss the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other data portability initiatives, including lessons learned from those efforts.

    Moderator:
    Guilherme Roschke
    Counsel for International Consumer Protection
    Office of International Affairs
    Federal Trade Commission

    Panelists:
    Inge Graef
    Associate Professor of Competition Law
    Tilburg University
    The Netherlands

    Rahul Matthan
    Partner, Head of the Technology Practice
    Trilegal
    India

    Karolina Mojzesowicz
    Deputy Head of Unit for Data Protection
    Directorate General for Justice and Consumers
    European Commission

    Stacey D. Schesser
    Supervising Deputy Attorney General
    Consumer Protection Section – Privacy Unit
    Office of the California Attorney General

    Gabriela Zanfir-Fortuna
    Senior Counsel
    Future of Privacy Forum

    10:15 am

    Break

    10:30 am

    Financial and Health Portability Regimes: Case Studies

    This panel will discuss efforts to implement data portability in the financial and health sectors, and lessons learned from those efforts.

    Moderator:
    Katherine White
    Division of Privacy and Identity Protection
    Bureau of Consumer Protection
    Federal Trade Commission

    Panelists:
    Michael S. Barr
    Joan and Sanford Weill Dean of Public Policy
    Frank Murphy Collegiate Professor of Public Policy
    Roy F. and Jean Humphrey Proffitt Professor of Law
    University of Michigan

    Dan Horbatt
    Chief Technology Officer
    Particle Health

    Bill Roberts
    Head of Open Banking
    The Competition and Markets Authority
    United Kingdom

    Don Rucker
    National Coordinator for Health Information Technology
    U.S. Department of Health and Human Services

    11:45 am

    Break

    12:00 pm

    Reconciling the Benefits and Risks of Data Portability

    This panel will discuss the attributes, benefits, and challenges of data portability initiatives, with an eye towards the twin aims of protecting consumers and promoting competition.

    Moderator:
    Ryan K. Quillian

    Deputy Assistant Director
    Technology Enforcement Division
    Bureau of Competition
    Federal Trade Commission

    Panelists:
    Pam Dixon

    Founder and Executive Director
    World Privacy Forum

    Ali Lange
    Public Policy Manager
    Google

    Gabriel Nicholas
    Research Fellow
    New York University School of Law

    Hodan Omaar
    Policy Analyst
    Center for Data Innovation

    Peter Swire
    Elizabeth and Tommy Holder Chair of Law and Ethics
    Georgia Tech Scheller College of Business

    1:15 pm

    Break

    1:30 pm

    Realizing Data Portability’s Potential: Material Challenges and Solutions

    This panel will discuss several key concerns confronting data portability initiatives: security, privacy, standardization, and interoperability.

    Moderator:
    Jarad Brown

    Division of Privacy and Identity Protection
    Bureau of Consumer Protection
    Federal Trade Commission

    Panelists:
    Erika Brown Lee

    Senior Vice President
    Assistant General Counsel for Privacy and Data Protection
    Mastercard

    Sara Collins
    Policy Counsel
    Public Knowledge

    Bennett Cyphers
    Staff Technologist
    Electronic Frontier Foundation

    Michael Murray
    President
    Mission:data Coalition

    Julian Ranger
    Executive President and Founder
    Digi.me

    2:45 pm

    Closing Remarks

    Ian R. Conner
    Director
    Bureau of Competition
    Federal Trade Commission

  • Transcript - Files

  • Request for Comments

    The FTC welcomes written comments, including further evidence of consumer perception. Interested parties may submit public comments electronically at Regulations.gov on these topics or other related topics through August 21, 2020.

    If you prefer to file your comment on paper, write “FTC Data Portability Workshop” on your comment and on the envelope and mail your comment to the following address: Federal Trade Commission, Office of the Secretary, Constitution Center, 400 7th St., SW, 5th Floor, Suite 5610, Washington, DC 20024.

FTC Privacy Policy

Under the Freedom of Information Act (“FOIA”) or other laws, we may be required to disclose to outside organizations the information you provide when you pre-register for events that require registration. The Commission will consider all timely and responsive public comments, whether filed in paper or electronic form, and as a matter of discretion, we make every effort to remove home contact information for individuals from the public comments before posting them on the FTC website.

The FTC Act and other laws we administer permit the collection of your pre-registration contact information and the comments you file to consider and use in this proceeding as appropriate. For additional information, including routine uses permitted by the Privacy Act, see the Commission’s Privacy Act system for public records and comprehensive privacy policy.

This event will be open to the public and may be photographed, videotaped, webcast, or otherwise recorded.  By participating in this event, you are agreeing that your image — and anything you say or submit — may be posted indefinitely at ftc.gov or on one of the Commission's publicly available social media sites.