28 March 2019
Singapore is currently studying the introduction of a data portability requirement. Data portability enables individuals to request for a copy of their data held by an organisation in a structured, commonly used, and machine-readable format, and for the organisation to transmit the data to another organisation.
On 25 February 2019, Mr S Iswaran, Singapore Minister for Communications and Information, announced that Singapore intends to introduce a data portability requirement as part of the ongoing review of the Personal Data Protection Act 2012.
As data portability is a recent global development, a discussion paper on data portability (“Discussion Paper”) has been published by the Personal Data Protection Commission (“PDPC”), in collaboration with the Competition and Consumer Commission of Singapore (“CCCS”), to provide a framework for data originators, data recipients and consumers to discuss data portability, outline its benefits and the factors necessary for effective implementation, examine how cross-sector portability could be fulfilled, as well as consider implementation challenges and limitations.
Impact of data portability on organisations
New or existing organisations without an established customer base may be able to acquire data at a lower cost because data portability could lower the barriers to entry or expansion. Data portability also expands an organisation’s access to data even if it does not collect the data itself. With access to more sources of data, an organisation is better positioned to develop and improve product offerings tailored to their customer base, resulting in cost savings that may be passed on to other complementary services. Knowing more about a potential consumer increases the ability of organisations to tailor both the product characteristics and the price of goods and services.
The Discussion Paper notes that an effect that could be very significant, but is presently difficult to analyse in the abstract, is the effect that the combination of data (which is currently being held in silos) has on innovation (i.e. the creation of new products and services). There is clear potential to combine different types of data in novel ways to produce benefits and generate new insights. The effect of data portability on innovation may also depend on the types of data which are subject to a data portability requirement. On balance, data portability is likely to facilitate innovation, particularly in concentrated markets and where products and/or services are complementary.
Impact of data portability on consumers
Within data protection law, data portability is often discussed as a consumer right. The individual consumer determines whether his/her data is opened up to other organisations, and which organisations should be receiving his/her data. This allows the consumer to benefit from the cost savings made by organisations. By exercising his/her choice to withhold his/her data from organisations that provide “bad offers” and choosing only to give it to organisations that extend “good offers”, consumers can assert positive pressure on service providers to provide more competitive service or product offerings.
Individuals sharing data with organisations can create positive externalities. The data provided by the individual benefits not only the individual who originally shared the data. The aggregation of such data across a large number of consumers also has the potential to benefit many consumers with similar characteristics. The introduction of data portability can reduce the effort to share data on the side of the consumers due to increased ease in replicating existing data. This may in turn encourage consumers to share more data, achieving the socially optimal level of data sharing. The external benefits might be particularly high in the healthcare sector, certain financial services applications (e.g. better risk assessment), as well as in transport and infrastructure planning.
Data portability also allows consumers to move to other service providers without losing past records and important histories built up with previous service providers. This reduced cost of switching also creates incentives for competitive services. Consumers will therefore benefit as organisations enhance their understanding of consumer wants, and develop products and services that better meet these wants.
The Discussion Paper raised the following considerations when implementing data portability:
- The limits of data portability should be clearly defined to provide certainty to businesses: As it is likely that data portability is more costly for some businesses than for others, proportionality will need to be maintained for organisations that do not hold much data in the first place. A de minimis threshold for data volume and cap on the frequency of requests might be contemplated.
- The issue of format and standards needs to be considered both from the viewpoint of the organisation that needs to port the data, and the data recipient: The data portability format and technical standards should be considered not just by the data protection authority, but also the relevant sector regulators and industry players in order to maximise its flow within and across sectors, and the expected economic benefits.
- Examination of compliance costs needs to factor in the issue of company size and associated concerns: One possible way is to adopt open, widely-used and established data standards to support portability and reduce the implementation cost for business. One relevant consideration would be whether organisations may impose a charge for porting data, and if so who determines the reasonableness of the fee in relation to data portability requests.
- Data portability may yield more immediate, larger benefits in some sectors than in others: These sectors could be identified and used as demonstrators. Based on overseas jurisdictions’ approaches, the financial sector (e.g. open banking) and utilities are potential candidates.
- Data protection, security and liability issues must be addressed: The Discussion Paper suggests the creation of an accreditation system for trusted data recipients as one way to address individuals’ concerns over security and protection for ported data. Separately, organisations can develop a secure identity framework to ensure the security and effectiveness of data portability. There should also be clarity on the limits of liability for the data recipient. The circumstances under which an organisation may refuse to port data and the timeframe within which an organisation should port the data should also be considered.
- Consumer safeguards should be considered: Organisations should not engage in practices which might fall foul of the Consumer Protection
(Fair Trading) Act.
Data portability and competition law
As data portability involves an overlap between competition law and data protection law, the Discussion Paper also discusses the implications of data portability for competition policy and consumer protection. For more details, please click here to read the article on “Data portability requirement in Singapore: Competition, antitrust and consumer protection considerations” (March 2019).