Singapore's Personal Data Protection Commission, in collaboration with the Co...

Insights

Singapore PDPC Issues Data Portability Discussion Paper

Date
March 11, 2019
Author
OrionW

Singapore’s Personal Data Protection Commission (PDPC) recently issued a discussion paper on data portability (Paper) in collaboration with the Competition and Consumer Commission of Singapore.[1]  Data portability is the right of individuals to obtain copies of their data from companies that hold them and to instruct those companies to transmit their data to other companies.  The Paper is intended to provide a framework for discussions of the effects and operational considerations related to data portability, with a view to informing future consultations concerning Singapore’s potential adoption of a data portability right.

Data portability is an emerging topic of global interest that affects individuals and businesses and calls for careful policy decisions regarding data protection and competition.  After analysing those sometimes competing interests, the Paper concludes that data portability is expected to produce a net benefit for both individuals and businesses, but cautions that considerations of data scope, consumer protections and security and interoperability must be carefully balanced.  For example, the data portability right could extend beyond data that are classified as ‘personal data’ under the data protection laws to include other data individuals may provide to businesses.  If the data scope is too narrow, individuals and businesses may not fully benefit from the right.  If the data scope is too wide, individuals may be hurt because businesses may be tempted to ask for more data than they otherwise would and businesses may be burdened with excessive compliance costs.

A key requirement of data portability is that companies must deliver data in a structured, commonly used and machine-readable format.  That requirement is expected to benefit individuals in at least three ways:

  • Switching.  The ability to easily move data from one company to another is expected to reduce the ‘friction’, and thus the cost, of switching service providers.  For example, an individual can more easily switch health providers if their health records are subject to a data portability right.
  • Competition.  Reducing switching costs is expected to increase competition among providers and reduce barriers to entry to new providers, who will know that individuals can more easily switch providers.
  • Innovation.  Increased competition is expected to result in more innovation as providers seek to differentiate themselves in the market.

The Paper discusses other key economic considerations in depth, including a variety of positive and negative external benefits, price discrimination and general principles of competition.

From an implementation perspective, the Paper offers several recommendations intended to enhance the benefits of data portability:

  • For individuals, the right should extend beyond personal data to data the individual provides, such as emails, photographs and documents.
  • The right should be clearly defined to provide certainty to businesses.
  • Parameters for portability requests should be adopted to contain costs for businesses.
  • Technical, operational and quality standards should be adopted.
  • Portability across traditional industry sectoral boundaries should be encouraged, where appropriate.
  • Reasonable limitations of liability should apply to relevant parties.
  • Consumer safeguards should be strengthened where appropriate.

The Paper also briefly surveys international approaches to data portability.  The European Union’s General Data Protection Regulation, California’s Consumer Privacy Act and the Philippines’s Data Privacy Act of 2012 already mandate different forms of data portability.  Australia has tabled legislation which would provide for data portability for banking, energy, telephone and internet transactions.  India, Japan and New Zealand are actively evaluating data portability.  The lessons from those other countries will be instructive as Singapore develops its own approach to data portability.

The PDPC invites feedback on the Paper by email to corporate@pdpc.gov.sg.

[1] Discussion Paper on Data Portability, Personal Data Protection Commission, in collaboration with Competition and Consumer Commission of Singapore, 25 February 2019

Newsletter

Subscribe to
our newsletters

To subscribe, select the newsletter options that interest you (TMT, FinTech or DPC - Data Protection and Cybersecurity) and provide your details.

  • TMT - Technology, Media and Telecommunications
  • FinTech
  • DPC - Data Protection & Cybersecurity
Please read our Privacy Policy. You can unsubscribe at any time.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
contact us
OrionW LLC
Level 37, 16 Collyer Quay
Collyer Quay Centre
Singapore 049318

OrionW is a boutique law firm specialising in Singapore and cross-border corporate, commercial and regulatory matters, with a focus on technology, media and telecommunications (TMT) and financial technology (FinTech). We are dedicated to providing excellent legal service to clients at the leading edge of their markets.

OrionW LLC (UEN 201505714C) is a Singapore law practice incorporated with limited liability.