Mar 11 2019 | by OrionW
Singapore’s Personal Data Protection Commission (PDPC) recently issued a discussion paper on data portability (Paper) in collaboration with the Competition and Consumer Commission of Singapore. Data portability is the right of individuals to obtain copies of their data from companies that hold them and to instruct those companies to transmit their data to other companies. The Paper is intended to provide a framework for discussions of the effects and operational considerations related to data portability, with a view to informing future consultations concerning Singapore’s potential adoption of a data portability right.
Data portability is an emerging topic of global interest that affects individuals and businesses and calls for careful policy decisions regarding data protection and competition. After analysing those sometimes competing interests, the Paper concludes that data portability is expected to produce a net benefit for both individuals and businesses, but cautions that considerations of data scope, consumer protections and security and interoperability must be carefully balanced. For example, the data portability right could extend beyond data that are classified as ‘personal data’ under the data protection laws to include other data individuals may provide to businesses. If the data scope is too narrow, individuals and businesses may not fully benefit from the right. If the data scope is too wide, individuals may be hurt because businesses may be tempted to ask for more data than they otherwise would and businesses may be burdened with excessive compliance costs.
A key requirement of data portability is that companies must deliver data in a structured, commonly used and machine-readable format. That requirement is expected to benefit individuals in at least three ways:
The Paper discusses other key economic considerations in depth, including a variety of positive and negative external benefits, price discrimination and general principles of competition.
From an implementation perspective, the Paper offers several recommendations intended to enhance the benefits of data portability:
The Paper also briefly surveys international approaches to data portability. The European Union’s General Data Protection Regulation, California’s Consumer Privacy Act and the Philippines’s Data Privacy Act of 2012 already mandate different forms of data portability. Australia has tabled legislation which would provide for data portability for banking, energy, telephone and internet transactions. India, Japan and New Zealand are actively evaluating data portability. The lessons from those other countries will be instructive as Singapore develops its own approach to data portability.
The PDPC invites feedback on the Paper by email to firstname.lastname@example.org.