As part of the efforts to boost data flows and improve competitiveness of organizations in the economy, the Singapore Personal Data Protection Commission and the Competition and Consumer Commission of Singapore are weighing the possibility of introducing a data portability requirement. Data portability enables individuals to request copies of their data held by an organization in a structured, commonly used, and machine-readable format, and for the organization to transmit the data to another organization.
Singapore issued a discussion paper on February 25 to provide a frame for stakeholders to understand and to solicit feedback before a data portability requirement is further explored, possibly with a view of providing a legislative framework in due course. The Personal Data Protection Commission (PDPC) in collaboration with the Competition and Consumer Commission of Singapore (CCCS) are studying the pros and cons of introducing a data portability requirement.
From a competition perspective, the ease of transferring data makes it easier for consumers to change service providers as the cost of switching providers becomes lower. This could enhance competition among businesses and potentially lower the barriers to market entry, thereby encouraging new businesses or players to enter the market.
From a personal data protection perspective, data portability is an extension of the consumers’ right to access and transfer. By allowing consumers to move their data more easily from one service provider to another, or simply copy their data for use in different services, consumers are empowered with more control over their personal data. Consumers also have the ability to try new services or choose competing services with ease and assert positive pressure on service providers.
Furthermore, when service providers have access to more sources of data, they are better positioned to develop and improve product offerings tailored to their customer base, potentially driving their competitive advantage. Consequently, the increase in data flow is likely to facilitate innovation. Making data more portable also supports Singapore’s Smart Nation initiative and goal to become a digital economy.
Notwithstanding the benefits of introducing data portability, there are various considerations to address. First, the limits of data portability. There must be clarification on what types of data are subject to the portability requirement beyond the definitions of personal data to data that has been provided by the consumers.
Second, the need for interoperability, such as the format of the data ported and an applicable technical standard. The format should be able to be reused in transferring data between two or more providers. Currently there is no internationally defined or developed standard or format to address data portability. The issues of data format and technical standards require considerations from the relevant sector regulators and industry players, as well as data protection authorities.
Third, the implementation and compliance costs, which may vary depending on the size of the organization. In this respect, the government suggested the adoption of open, widely used and established data standards that are set at a minimum. This would ensure a baseline that is easy to achieve and allow access by smaller enterprises that may not have large resources to ensure compliance with data portability requirement.
Fourth, data protection issues. Data portability means that the data will be shared among a group of data stakeholders of diverse company sizes, various security protections, and differing risk management capabilities. Bearing in mind consumers’ potential concern over security and protection of their ported data, the government suggested the creation of an accreditation system where all participants will be registered and regulated by an appropriate authority. Furthermore, in relation to personal data protection law, there must be clarification on the limits of liability for porting organizations that cannot be expected to bear liability for any misuse of data by organizations that receive the data.
Fifth, consumer protection considerations. Organizations should be cautioned from imposing hidden charges or misleading consumers in relation to consumers’ rights to data portability, which may attract liability under the Consumer Protection (Fair Trading) Act (CPFTA). The CPFTA contains a prohibition against any unfair practice that may cause a consumer to reasonably be deceived or misled.
Data portability potentially bring various benefits to the economy by reducing costs for consumers to switch between businesses, supporting business innovation, driving competition, and empowering consumers with greater control over their data. However, regulators should be cautioned against imposing disproportionate compliance costs to businesses, which costs might be passed on to consumers.
If you have any questions or would like more information on the issues discussed in this LawFlash, please contact the author, Wai Ming Yap, a director of Morgan Lewis Stamford LLC, a Singapore law corporation affiliated with Morgan, Lewis & Bockius LLP.