Data Mobility: A New Era of Data Ownership and Control
In a discussion hosted by the Center for Data Innovation on December 8, 2021, policymakers, industry experts, and thought leaders gathered to discuss the optimisation of data portability provisions, aiming to avoid pitfalls and foster a new wave of data-driven innovation.
The focus of the discussion was on balancing competing interests from different stakeholders while protecting consumer privacy and security during the implementation of new data portability laws and regulations. Ben White, Policy Research & Advocacy at Plaid, Michael Murray, President of Mission:Data, Ali Lange, Public Policy Manager at Google, and Niko Skievaski, Co-Founder and President of Redox, were among the speakers at the event. Daniel Castro, Director of the Center for Data Innovation, moderated the discussion.
To effectively implement data portability laws in sectors like energy, healthcare, and financial services, policymakers should balance stakeholder interests, consumer privacy, and data security. This can be achieved by establishing clear, sector-specific regulations that prioritize strong data governance, privacy-by-design principles, and secure technical standards for data transfer.
Key considerations include defining clear legal frameworks, integrating privacy-by-design, ensuring robust data security, addressing technical challenges, managing multistakeholder coordination, and navigating conflicting jurisdictions and cultural variations. Policymakers must resolve ambiguity in terms like "legitimate interest" or "undue delay" to reduce legal uncertainty and align with existing regulations such as GDPR and sector-specific rules like HIPAA for healthcare or financial privacy laws.
Data portability mechanisms should embed privacy-preserving features (e.g., data minimization, anonymization, user consent) from the outset to protect consumer privacy during data transfers. Standards for secure data transfer—such as encrypted downloads, API integration, and access through certified third parties—are essential to prevent breaches and unauthorized data exposure.
Policymakers must also mandate updates or interoperability standards for legacy and emerging technologies (e.g., blockchain, IoT) that complicate compliance due to immutability or passive data collection. Regulatory frameworks should include stakeholder engagement and public consultations, as seen in South Korea’s phased expansion of MyData initiatives, to balance interests of consumers, businesses, and regulators across sectors.
Global and cross-sector frameworks should account for data sovereignty rules and privacy cultural differences while fostering technological integration and compliance harmonization across borders. Data portability policies have been adopted in several sectors, highlighting both the opportunities and challenges involved in giving consumers more control over their data.
Follow @DataInnovation on Twitter to join the discussion on data portability and use the hashtag #ourwebsite to stay updated on the latest developments. Data portability can empower consumers, spur innovation, and increase competition in various sectors such as energy, health care, and financial services.
- To ensure optimal implementation of data portability provisions and avoid pitfalls, policymakers should focus on balancing competing stakeholder interests while prioritizing consumer privacy and data security, as discussed during the event hosted by the Center for Data Innovation.
- Effective implementation in sectors like energy, healthcare, and financial services requires establishing sector-specific regulations that prioritize privacy-by-design principles, strong data governance, and secure technical standards for data transfer.
- Key considerations for these regulations include defining clear legal frameworks, addressing technical challenges, managing multistakeholder coordination, and resolving ambiguity in terms like "legitimate interest" or "undue delay" to align with existing regulations.
- Policymakers must also mandate updates or interoperability standards to facilitate the compliance of legacy and emerging technologies like blockchain and IoT with data portability laws.
- Global and cross-sector frameworks should account for data sovereignty rules and privacy cultural differences, while fostering technological integration and compliance harmonization across borders, as seen in South Korea’s phased expansion of MyData initiatives.
