Abstract
The General Data Protection Regulation (GDPR) is legislation for the protection of personal data that applies in the EU. Article 20 of the GDPR stipulates the Right to data portability as one of the rights of data subjects. The monopoly on data held by digital platforms, such as GAFA (Google, Amazon, Facebook, Apple), is becoming a significant issue, and in this context, there is a need for the right to data portability in terms of not only the right of data subjects to reclaim their personal data but also promoting competition among businesses. The California Consumer Privacy Act (CCPA) of 2018 is the first comprehensive legislation for the protection of personal data in the US, albeit at the state level, with provisions similar to the EU GDPR; the CCPA establishes the Right of access and portability in Section 1798.100 as one of the rights of consumers. The California Privacy Rights Act (CPRA), passed in 2021, amends the CCPA to further strengthen the rights stipulated therein. The Bill of the Consumer Online Privacy Rights Act of 2019 (CORPA) was introduced in the Congress in 2019 and may become the first comprehensive legislation for the protection of personal information in the US at the state level. In recent years, in addition to the GDPR in the EU and the CCPA, the CPRA and the CORPA in the US, provisions relating to the obligation of data portability from the perspective of policy on competition are also included in the new Digital Markets Act (DMA) proposed in the EU and the (federal-level) ACCESS proposed in the US. This study compares the legal systems of the EU, the US and Japan with regard to data portability and shows the direction of legislation in Japan.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation).
- 2.
- 3.
Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act).
- 4.
- 5.
The bill was proposed as one of five bills on digital platforms, which are: the American Innovation and Choice Online Act, the Platform Competition and Opportunity Act, the Ending Platform Monopolies Act, the Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act and the Merger Filing Fee Modernization Act.
- 6.
After leaving the paper, the proposal of the Data Act and the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the European Health Data Space was released in the EU. It is reported that the EU is also considering legislation in individual sectors, such as not only healthcare but also automotive, and the issue of data portability in these individual sectors needs to be considered in Japan as well.
- 7.
Personal Data Trust Bank is the business of managing personal data based on contracts with individuals or other arrangements, and providing data to third parties based on the instructions of individuals or on pre-specified conditions. In accordance with the Guidelines for Certification of Information Trust Functions ver1.0 formulated by the Ministry of Internal Affairs and Communications and the Ministry of Economy, Trade and Industry, the Japan Federation of IT Organizations has been conducting the Personal Data Trust Bank certification business since the fall of 2018, and has certified five companies as of March 2020 [9, p.234].
- 8.
Ishii also notes that the OECD (2021) has highlighted that data portability systems focused on data protection do not always promote competition effectively [10, p.168].
For more on the links between the right to request disclosure and the right to data portability as stipulated the current version of the APPI (before its revision in 2020) in Japan, see Itakura (2020) [15].
- 9.
The report states that “there is value in requesting various industries to undertake study on a voluntary basis regarding best-practice approaches to formulating regulations on interoperability and data portability and that the government should intervene in when necessary”. This is interpreted as referring to co-regulation.
- 10.
See p.3.
- 11.
Uga (2018) and Ishii (2019) highlight the fact that data portability may be discussed under EU competition law in the context of whether it is unlawful to deny access to data held by an operator under Article 102 of the Treaties of the European Union, or in relation to the Essential Facilities Doctrine. Both Uga and Ishii are cautious about applying the Essential Facilities Doctrine in the context of data portability, given the strictness of its requirements.
References
Article 29 Data Protection Working Party: Guidelines on the right to data portability (2017)
Engels, B.: Data portability among online platforms. Internet Policy Rev. 5(2), 1 (2016)
Japan External Trade Organization (JETRO): California Consumer Privacy Act (CCPA) Practical Handbook (2019)
Japan External Trade Organization (JETRO): The US Federal Data Privacy Bill summary of the Consumer Online Privacy Rights Act (COPRA) (2021)
Japan Fair Trade Commission (JFTC) and Competition Policy Research Centre (CPRC): Report of the Study Group on Competition Policy in the Data Market (2021)
Ishii, K.: Considerations on peripheral areas of privacy and personal information protection law: focusing on intersection with competition law. J. Inf. Commun. Policy 3(1), IV–1 (2019)
Ishii, K.: ‘The right to data portability’ in terms of personal information. Discl. IR 18, 168 (2021)
Uga, K.: On the right to data portability. J. Consum. Law Res. 5, 2 (2018)
Ministry of Internal Affairs and Communications: 2020 White Paper on Information and Communications, p. 234 (2020)
OECD: Data portability, interoperability and digital platform competition (2021)
Subcommittee on Antitrust: Commercial and Administrative Law of the Committee on the Judiciary, Investigation of Competition in Digital Markets: Majority Staff Report and Recommendations (2020)
Komukai, T.: Data portability. Jurist 1521, 26 (2018)
The Personal Information Protection Commission: The Act on the Protection of Personal Information: Revision in Every 3 Years – Outline of Framework Amendment (2019)
Sasaki, T.: Regulation of the online platform market in Europe and the United States: dominant platform regulation approaches. J. Inf. Commun. Policy 5(1), IV-1 (2021)
Itakura, Y.: Data portability on digital platforms. Current Consum. Law 46, 135 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Nakashima, M. (2022). Comparison of Legal Systems for Data Portability in the EU, the US and Japan and the Direction of Legislation in Japan. In: Kreps, D., Davison, R., Komukai, T., Ishii, K. (eds) Human Choice and Digital by Default: Autonomy vs Digital Determination. HCC 2022. IFIP Advances in Information and Communication Technology, vol 656. Springer, Cham. https://doi.org/10.1007/978-3-031-15688-5_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-15688-5_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-15687-8
Online ISBN: 978-3-031-15688-5
eBook Packages: Computer ScienceComputer Science (R0)