On September 22, 2020, the Federal Trade Commission (“FTC”) hosted “Data to Go,” a virtual workshop on data portability. The workshop convened experts from civil society, academia, and industry to discuss the potential risks as well as consumer and competition benefits of data portability, as well as issues and best practices related to its implementation in legislative and industry-led initiatives. The discussions emphasized five key themes regarding data portability efforts in the U.S. and globally.
Continue Reading Five Key Themes from the FTC’s Data Portability Workshop

The Article 29 Working Party (“WP29”) – the representatives of national data protection regulators in the EU – has issued new guidance on three important aspects of the new General Data Protection Regulation (“GDPR”), which comes into force in May 2018.

This first salvo of GDPR-focused guidance concerns:

  1. the new “Right to Data Portability”, an obligation on companies and public authorities to build tools that allow users to download their data or transfer it directly to a competitor (the guidance is here, and an FAQ is here);
  2. the new obligation for organizations to appoint a “Data Protection Officer”, a quasi-independent role within companies that will be tasked with internal supervision and advice regarding GDPR compliance (guidance / FAQ); and
  3. the new “One Stop Shop” mechanism – helping companies identify which “lead” data protection authority will be their main point of contact for multi-country regulatory procedures (guidance / FAQ).

Despite the guidance having formally been “adopted”, the WP29 is nevertheless inviting stakeholder comments on the new guidance, until the end of January 2017.  Indeed, the guidance takes a number of positions that could attract large volumes of comments ahead of the January 31 deadline.
Continue Reading New EU GDPR Guidance: Data Portability, Data Protection Officers, and the One Stop Shop

On June 16, 2016, the French data protection authority (“CNIL”) launched a public consultation on the General Data Protection Regulation (“GDPR).   The consultation focuses on four priority themes set out in the Article 29 Working Party’s 2016 Action plan:

  • the data protection officer;
  • the right to data portability;
  • data protection impact assessments; and
  • certification.


Continue Reading The CNIL and EDPS Launch Public Consultations

Data is everywhere. The amount of data on the global level is growing by 50 percent annually. 90 [percent] of the world’s data has been generated within the past two years alone,” explains the International Working Group on Data Protection in Telecommunications in their Opinion of May 6, 2014, titled, “Working Paper on Big Data and Privacy: Privacy principles under pressure in the age of Big Data analytics“. The Working Group, founded in 1983, has adopted numerous recommendations and since the beginning of the 90s focused on the protection on privacy on the Internet. Its members include representatives from data protection authorities and other bodies of national public administrations, international organizations and scientists from all over the world.


Continue Reading Big Data Analysis is Possible Without Infringing Key Privacy Principles, Says International Working Group

By Philippe Bradley and Dan Cooper

On April 23rd, 2014 Brazil’s president signed into law a wide-ranging civil rights bill for Internet users and service providers (the “Marco Civil da Internet”, or “Marco Civil”).  The law had been in the works since 2009; it was made a priority by the Brazilian government in the wake of Edward Snowden’s revelations about NSA espionage activities targeting Brazilian communications data.  This short article discusses the main provisions of the new law.


Continue Reading Brazil Enacts “Marco Civil” Internet Civil Rights Bill

“The evolution of big data has exposed gaps in EU competition, consumer protection and data protection policies”, said Peter Hustinx, the European Data Protection Supervisor (EDPS), when presenting the EDP’s preliminary opinion on the interplay between these three policy areas. The Opinion titled “Privacy and Competitiveness in the Age of Big Data”, issued on 26 March 2014, (the Opinion) aims at stimulating a debate between experts and practitioners. The EDPS’ preliminary opinions are not legally binding but intended to inform and facilitate discussion.


Continue Reading The New EDPS Opinion “Privacy and Competitiveness in the Age of Big Data”

Speaking in Brussels yesterday on “Competition and Privacy in Markets of Data,” EU Competition Commissioner Joaquín Almunia observed that privacy is “becoming one of the central debates of our time.”  Technological and commercial developments have strengthened companies’ ability and incentive to “gather, manipulate and trade personal data.”  Because “personal data are a type of asset

The UK’s Department for Business, Innovation and Skills (BIS) has launched a consultation on proposals to compel suppliers of goods and services to provide consumers access, upon request, to their personal transaction and consumption data in an open standard machine-readable format.  The UK Government (UKG) would prefer that the data be supplied at no cost and may also allow certain categories of small businesses to make such requests.  An existing enforcement body — possibly the Information Commissioner’s Office or a consumer protection body — is likely to be responsible for enforcing the proposed new requirement.

The consultation document explains that the proposed new requirement would offer a more targeted approach towards access to personal data than is currently available under the UK Data Protection Act 1998.  The requirement would:

  • only relate to transaction data regarding a consumer’s purchase/consumption of products and services from that supplier;
  • only cover factual information, for example what a consumer bought, where they bought it, and how much they paid for it;
  • not cover any subsequent analysis that the data holder has undertaken on the information; and
  • only apply to businesses that already hold this information electronically.  Businesses would not be required to collect any new information and existing information would only have to be released if requested by consumers. 

Following the European Commission’s proposals to reform the EU Data Protection Framework (see here and here), which also included a controversial data portability element, industry is likely to pay close attention to this UK initiative.

The closing date to respond to the consultation is 10 September 2012.  Interested parties may also join Open Forums discussing the consultation at the BIS Offices on August 9 (3-5pm), 16 (3.30-5.30pm) and 23 (3-5pm) by contacting midata@bis.gsi.gov.uk.


Continue Reading UK Government Launches Consultation on New Data Portability Requirement

Rob Pegoraro at The Washington Post reported today on Facebook’s announcement that it will offer users a way to download all of the information they’ve uploaded to the service.  The move is an implicit response to critics who complain about social media services that lock users in by preventing them from recovering their data.

Based