Skip to main content
SpringerLink
Log in

Comparison of Legal Systems for Data Portability in the EU, the US and Japan and the Direction of Legislation in Japan

  • Conference paper
  • First Online:
Human Choice and Digital by Default: Autonomy vs Digital Determination (HCC 2022)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 656))

Included in the following conference series:

  • 461 Accesses

Abstract

The General Data Protection Regulation (GDPR) is legislation for the protection of personal data that applies in the EU. Article 20 of the GDPR stipulates the Right to data portability as one of the rights of data subjects. The monopoly on data held by digital platforms, such as GAFA (Google, Amazon, Facebook, Apple), is becoming a significant issue, and in this context, there is a need for the right to data portability in terms of not only the right of data subjects to reclaim their personal data but also promoting competition among businesses. The California Consumer Privacy Act (CCPA) of 2018 is the first comprehensive legislation for the protection of personal data in the US, albeit at the state level, with provisions similar to the EU GDPR; the CCPA establishes the Right of access and portability in Section 1798.100 as one of the rights of consumers. The California Privacy Rights Act (CPRA), passed in 2021, amends the CCPA to further strengthen the rights stipulated therein. The Bill of the Consumer Online Privacy Rights Act of 2019 (CORPA) was introduced in the Congress in 2019 and may become the first comprehensive legislation for the protection of personal information in the US at the state level. In recent years, in addition to the GDPR in the EU and the CCPA, the CPRA and the CORPA in the US, provisions relating to the obligation of data portability from the perspective of policy on competition are also included in the new Digital Markets Act (DMA) proposed in the EU and the (federal-level) ACCESS proposed in the US. This study compares the legal systems of the EU, the US and Japan with regard to data portability and shows the direction of legislation in Japan.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation).

  2. 2.

    Also see Ishii (2021) and Komukai (2018) for an explanation of the contents of the guidelines [7] [12].

  3. 3.

    Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act).

  4. 4.

    https://iapp.org/news/a/top-10-operational-impacts-of-the-cpra-part-4-other-expanded-rights-and-obligations/.

  5. 5.

    The bill was proposed as one of five bills on digital platforms, which are: the American Innovation and Choice Online Act, the Platform Competition and Opportunity Act, the Ending Platform Monopolies Act, the Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act and the Merger Filing Fee Modernization Act.

  6. 6.

    After leaving the paper, the proposal of the Data Act and the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the European Health Data Space was released in the EU. It is reported that the EU is also considering legislation in individual sectors, such as not only healthcare but also automotive, and the issue of data portability in these individual sectors needs to be considered in Japan as well.

  7. 7.

    Personal Data Trust Bank is the business of managing personal data based on contracts with individuals or other arrangements, and providing data to third parties based on the instructions of individuals or on pre-specified conditions. In accordance with the Guidelines for Certification of Information Trust Functions ver1.0 formulated by the Ministry of Internal Affairs and Communications and the Ministry of Economy, Trade and Industry, the Japan Federation of IT Organizations has been conducting the Personal Data Trust Bank certification business since the fall of 2018, and has certified five companies as of March 2020 [9, p.234].

  8. 8.

    Ishii also notes that the OECD (2021) has highlighted that data portability systems focused on data protection do not always promote competition effectively [10, p.168].

    For more on the links between the right to request disclosure and the right to data portability as stipulated the current version of the APPI (before its revision in 2020) in Japan, see Itakura (2020) [15].

  9. 9.

    The report states that “there is value in requesting various industries to undertake study on a voluntary basis regarding best-practice approaches to formulating regulations on interoperability and data portability and that the government should intervene in when necessary”. This is interpreted as referring to co-regulation.

  10. 10.

    See p.3.

  11. 11.

    Uga (2018) and Ishii (2019) highlight the fact that data portability may be discussed under EU competition law in the context of whether it is unlawful to deny access to data held by an operator under Article 102 of the Treaties of the European Union, or in relation to the Essential Facilities Doctrine. Both Uga and Ishii are cautious about applying the Essential Facilities Doctrine in the context of data portability, given the strictness of its requirements.

References

  1. Article 29 Data Protection Working Party: Guidelines on the right to data portability (2017)

    Google Scholar 

  2. Engels, B.: Data portability among online platforms. Internet Policy Rev. 5(2), 1 (2016)

    Article  Google Scholar 

  3. Japan External Trade Organization (JETRO): California Consumer Privacy Act (CCPA) Practical Handbook (2019)

    Google Scholar 

  4. Japan External Trade Organization (JETRO): The US Federal Data Privacy Bill summary of the Consumer Online Privacy Rights Act (COPRA) (2021)

    Google Scholar 

  5. Japan Fair Trade Commission (JFTC) and Competition Policy Research Centre (CPRC): Report of the Study Group on Competition Policy in the Data Market (2021)

    Google Scholar 

  6. Ishii, K.: Considerations on peripheral areas of privacy and personal information protection law: focusing on intersection with competition law. J. Inf. Commun. Policy 3(1), IV–1 (2019)

    Google Scholar 

  7. Ishii, K.: ‘The right to data portability’ in terms of personal information. Discl. IR 18, 168 (2021)

    Google Scholar 

  8. Uga, K.: On the right to data portability. J. Consum. Law Res. 5, 2 (2018)

    Google Scholar 

  9. Ministry of Internal Affairs and Communications: 2020 White Paper on Information and Communications, p. 234 (2020)

    Google Scholar 

  10. OECD: Data portability, interoperability and digital platform competition (2021)

    Google Scholar 

  11. Subcommittee on Antitrust: Commercial and Administrative Law of the Committee on the Judiciary, Investigation of Competition in Digital Markets: Majority Staff Report and Recommendations (2020)

    Google Scholar 

  12. Komukai, T.: Data portability. Jurist 1521, 26 (2018)

    Google Scholar 

  13. The Personal Information Protection Commission: The Act on the Protection of Personal Information: Revision in Every 3 Years – Outline of Framework Amendment (2019)

    Google Scholar 

  14. Sasaki, T.: Regulation of the online platform market in Europe and the United States: dominant platform regulation approaches. J. Inf. Commun. Policy 5(1), IV-1 (2021)

    Google Scholar 

  15. Itakura, Y.: Data portability on digital platforms. Current Consum. Law 46, 135 (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Global Informatics, Chuo University, Tokyo, Japan

    Mika Nakashima

Authors
  1. Mika Nakashima
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mika Nakashima .

Editor information

Editors and Affiliations

  1. University of Galway, Galway, Ireland

    David Kreps

  2. City University of Hong Kong, Hong Kong, Hong Kong

    Robert Davison

  3. Chuo University, Tokyo, Japan

    Taro Komukai

  4. Chuo University, Tokyo, Japan

    Kaori Ishii

Rights and permissions

Reprints and permissions

Copyright information

© 2022 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nakashima, M. (2022). Comparison of Legal Systems for Data Portability in the EU, the US and Japan and the Direction of Legislation in Japan. In: Kreps, D., Davison, R., Komukai, T., Ishii, K. (eds) Human Choice and Digital by Default: Autonomy vs Digital Determination. HCC 2022. IFIP Advances in Information and Communication Technology, vol 656. Springer, Cham. https://doi.org/10.1007/978-3-031-15688-5_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-15688-5_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-15687-8

  • Online ISBN: 978-3-031-15688-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation