– Ankit Kapoor
The last decade has seen global regulatory intervention against the anti-competitive conduct of dominant social media platforms, particularly Facebook. Recognizing the immense power of these platforms and the inadequacy of an ex-post approach, regulators have started adopting innovative ex-ante approaches. Data portability has emerged as the most popular ex-ante approach, amongst both regulators and platforms, because it has reduced switching costs for an individual user. However, in this paper, I argue that data portability has architectural and market limitations that significantly undermine its efficacy to promote competition or address anti-competitive conduct. While it is a necessary tool for healthy competition, it is by no means sufficient. Notwithstanding its limitations, its efficacy can be further improved through certain second-level interventions, especially when complemented with other policy interventions like interoperability and merger control.
Interoperability is the ability to exchange data and functionality across platforms and/or systems. Data portability, a type of interoperability, refers to a data principal’s right to either download their data from one platform, or directly transfer it to another platform. This aims to promote competition by reducing ‘switching costs’ for users.
Initially, data portability emerged through self-regulation. To operationalize this right, Facebook introduced the ‘Download Your Information’ tool in 2010, followed by Google’s ‘Project Takeout’ in 2011. To widen its application, Apple, Microsoft, and Twitter joined these companies to launch the ‘Data Transfer Project’ in 2018. The objective is to build standardized adapters so that data can be seamlessly transferred between these platforms, without the consumer having to personally download and upload such data.
Since then, data portability has been recognized as an enforceable right in several data protection statutes/bills. These include S. 20, General Data Protection Regulation, 2018, S. 1798.100(d), California Consumer Privacy Act, 2018, and S. 19, Personal Data Protection Bill, 2019. These legislations recognize the incidental benefit of data portability on competition law.
Evaluating Data Portability from a Competition Law Perspective
In Code 2.0, Lawrence Lessig argues that the law also pursues its regulatory objectives indirectly through the levers of ‘architecture’ and ‘market’. The relationship is bi-directional, in that the law influences the functioning of these levers and vice-versa. Using these levers as an analytical framework allows an assessment of the nature and scope of the limitation, the regulatory lever through which it can be addressed, and the extent thereof. It also helps in appreciating how the limitations of one regulatory lever can be addressed by second-level intervention(s) through that lever itself. Thus, it provides a nuanced and holistic understanding to the competitive efficacy and limitations of data portability.
Architecture refers to the code, which are instructions embedded in the software/hardware that create the structural base, and the institutional design, which is the governance framework.
The Data Transfer Project is unrealized with significant coding still left, despite lofty commitments. Google and Facebook’s independent projects have theoretically allowed the transfer of data to third-parties. However, the data is not extracted in a format that facilitates import into another platform. Moreover, these incumbent platforms block third-parties from directly accessing the user’s information through extensions. Importantly, even where the law specifies a transferability requirement the portability rule doesn’t specify a technical standard, often leaving it to the industry participants themselves. This allows the incumbent platforms to dictate formats which may not be feasible for smaller players, who rely on third-party software. Conversely, this has an exclusionary effect that can exacerbate the incumbent’s market power through a unidirectional data flow in their favour.
The result of these technical limitations is that, effectively, users are compelled to either download their data and then re-upload to a new platform or manually re-enter it. This significantly increases the switching costs, especially given the infrastructural challenges users face in terms of their devices’ storage and processing power as well as their internet bandwidth. However, these limitations can be addressed through intervention in the architecture itself. Regulators must intervene by establishing minimum common technical standards, leaving the rest to industry-specific independent and representative standard setting organizations. The compliance of these standards must be mandatory. Therefore, these limitations aren’t inherent and irremediable.
The portability rule in all legislations assumes the existence of standardized formats for all kinds of data. However, given the different design features of each social network, it is difficult/implausible to develop standards for peculiar data such as ‘likes’ and ‘comments’. The absence of standards for this kind of peculiar data poses an inherent and presently irremediable architectural challenge.
Another code-based limitation is that data portability only transfers data, not networks. Therefore, significant switching costs still exist because users moving to new platforms cannot communicate with their networks on the incumbent platforms. To some extent, this limitation can be addressed through architectural intervention in the form of ‘social graph portability’. This effectively allows users with ownership of all their digital connections, and thus they can port them to the new platform. It even allows users to receive messages/calls from their connections on the original platform. However, while this intervention is quite useful, it only partly addresses the limitation because while users can now port all their connections, they still can’t force their connections to migrate.
The last code-based limitation is that the ported data is not made available in real-time. This significantly impacts the new platform’s ability to render complementary services that are reliant on continuous and immediate transfers of user data. Even this limitation can be addressed through architectural intervention in the form of Application Programming Interface extensions. These are software solutions that allow two applications to communicate in real-time, once the user consents. Thus, regulators must legally require that such extension requests cannot be blocked.
Evidence suggests that the institutional design is also flawed. Incumbent platforms have reportedly used complex dissuasive strategies to frustrate users from exercising this right. They are emboldened by the consent-based approach adopted in the aforementioned legislations, wherein the responsibility to ensure compliance lies primarily on the user. Even when the user can enforce compliance after protracted battles in court or before regulators, there is no compensation/remuneration. Instead, there are only penalties that go to the state. Since penalties have imposed ceilings, incumbents can opportunistically evaluate them as costs for maintaining their dominance. This limitation can only be addressed through a fundamental change in the institutional design, with a move towards a rights-based approach. Here, the primary responsibility shifts towards the platforms through certain mechanisms, like reversals in burden of proof and expedited discovery.
Given the globally recurrent jurisdictional clashes between data protection and competition regulators, the ensuing uncertainty of outcome further increases the enforcement costs. This further disincentivizes parties to initiate legal action. Therefore, the institutional design needs to be adjusted to establish clear standards that demarcate the territory of each regulator.
Market refers to the forces of demand, supply, price, and quality that influence consumer and producer choices. The market structure of almost all social media platforms is characterized by: (1) multi-sided network effects– the additional value that is created for both advertisers and users, when the number of aggregate users increase; (2) increasing returns to scale– minimal variable cost in operation means that platforms compete for better products/services through greater fixed costs; (3) economies of scope– through machine learning, larger datasets allow platforms to improve their product/service quality; and (4) information asymmetries– users are generally unaware of their worth to platforms, the costs of membership, and their relative options. These structural conditions lead to high switching costs and lock-in effects. Thus, this creates a ‘vicious cycle of tipping’ in favor of resourceful market incumbents, who particularly benefit from an ‘early mover advantage’. The efficacy of data portability must lie in addressing the entry and sustenance barriers created by these structural conditions. However, it fails to do so owing to two primary reasons: volume and utility.
Firstly, to enjoy economies of scope, new platforms value only aggregate data, not individual users’ data. Moreover, individual data transfers are an inefficient method for collecting large volumes of data. Individual transfers create a coordination problem amongst users, who can’t efficiently collectivize their transfers to new platforms. Thus, platform lock-ins are unaddressed. Self-regulating projects, like the Data Transfer Project, are inadequate because they only ensure portability between already dominant incumbents. Absent volumes, new platforms will be less lucrative to advertisers due to lower accuracy in targeting. Thus, the problem of volume is an inherent and largely irremediable one.
Secondly, the scope of ported data in most jurisdictions does not include inferred data or metadata gathered by the platform, which actually hold maximum utility for advertising. Incumbents disallow exporting the context of any data, or any means of its reconstruction, which significantly hampers usability. Moreover, the ported data is too closely tied to the design of an incumbents’ platform to address a new need or be truly innovative. As discussed, networks cannot be ported, thus, network effects for newer platforms are adversely affected. Even where ‘social graph portability’ is utilized, it has limited utility because it cannot per se catalyse an initial userbase. However, once a new platform establishes a sufficiently large userbase, social graphs can be created from its own userbase. This renders redundant reliance on any ported data from the incumbents. Moreover, if a new platform offers compelling services, then users will not hesitate in re-entering their personal profile data. Thus, the challenge of attracting new users remains unaddressed. The problem of utility can be partly addressed through legal intervention that broadens the scope of ported data to include inferred data, or requires storage/sharing of data in universal file formats, wherever possible. However, it is inherent and partly irremediable because the ported data is unsuitable for other platforms and lacks any catalysing effect for new users.
None of these architectural or market limitation mean that data portability should be abandoned as tool for competition policy. It has brought about the incremental benefit of reducing switching costs for an individual user, and compelled some progressive response from platforms. Its efficacy can be further improved through certain second-level interventions, as discussed.
However, we must look beyond the hype that social media companies have created over its efficacy. It should not substitute the discourse and policy intervention required through other means, such as merger control. Moreover, policy intervention must extend to other forms of interoperability as well that allow exchange/transfer of protocols and/or functions. Due to their expanded scope, these suffer from much lesser architectural and market limitations.
Ultimately, the efficacy of data portability is limited to the manner of its usage. When complemented with other regulatory tools, it can be quite effective. However, when used individually or in a vacuum, it will definitely fail.
Data portability has limited efficacy in promoting competition or remedying anti-competitive conduct on social media platforms. Architecturally, it suffers from a lack of technical standards, the inability to port networks, lack of real-time access, and high enforcement cost. Most of these can be addressed, at least to some extent, by second-level architectural intervention. However, some are inherent and irremediable limitations. Data portability also fails to address the competitive imbalances created by the four structural market conditions of social media platforms due to both inadequate volumes and utility of the ported data. This discussion tells us that while data portability certainly has some benefits, the discourse on and policy intervention for social media platforms must go well beyond.