Brussels, BELGIUM – The Computer & Communications Industry Association (CCIA Europe) sent a letter to the European Commission and a separate one to the European Data Protection Board earlier today, in each letter raising concerns about undue user-choice restrictions on data portability under the proposed Data Act.
These provisions risk contradicting the EU’s flagship Digital Markets Act (DMA) as well as key data protection rules, the letters explain. After debating the proposed Data Act for a year, the European Parliament and Member States are now likely to maintain a prohibition that prevents users, such as consumers and companies, from moving their data to services operated by a company designated as a “gatekeeper” under the DMA.
In practice this means that any company receiving a portability request risks non-compliance with the General Data Protection Regulation (GDPR) if it refuses the request on grounds of the Data Act not allowing data to be moved to a so-called gatekeeper. Similarly, a gatekeeper-designated company may no longer be able to comply with its obligation to ensure users’ data portability right under the DMA.
If these issues are not addressed, the Data Act would effectively deprive individuals from controlling their personal data as they see fit, and may result in user lock-in, limited competition, and reduced contestability among gatekeeper companies. Such an outcome contradicts both the purpose and the specific provisions of the GDPR as well as the DMA.
CCIA Europe calls on DMA and GDPR regulators to urgently raise the matter with the European Parliament and the EU Council. Alternatively, regulators should consider waiving the liability of companies under the DMA and GDPR if the Data Act would legally prevent them from honouring users’ portability requests.