Singapore mulls over the introduction of data portability requirement

Singapore's Minister for Communications and Information, S Iswaran, announced at the Mobile World Congress in Barcelona that Singapore is looking to introduce a data portability requirement as part of its review of the Personal Data Protection Act (PDPA). A discussion paper was jointly released by the Competition and Consumer Commission of Singapore (CCCS) and the Personal Data Protection Commission (PDPC) on 25 February 2019. The discussion paper highlights the benefits and impact of such a requirement on business innovation, market competition and consumers.

What is data portability?

The CCCS and PDPC offer the following definition for data portability:

"Data portability enables individuals to request for a copy of their data held by an organisation in a structured, commonly used, and machine-readable format, and for the organisation to transmit the data to another organisation."

Many jurisdictions have introduced or are in the midst of introducing the data portability requirement. They include: Australia, the European Union, India, Japan, the Philippines, New Zealand, and United States (State of California). The United Kingdom is introducing the data portability requirement in the financial services sector, while the United States is introducing the data portability requirement in the healthcare sector.

Benefits of data portability requirement

Some of the key benefits of the data portability requirement highlighted in the discussion paper include:

• Promoting keener market competition as data portability lowers switching costs for consumers, and lowers barriers to entry and expansion for businesses.
• Generating business efficiencies through economies of scope of inputs, in this case, consumer data. With access to better and wider datasets, businesses are able to develop and improve their product and service offerings. The cost of product development may also be reduced as businesses are able to better predict with data, the potential success of new product/service launches.
• Stimulating innovation in concentrated markets where products and services are complementary. The combination of data, currently held in silos, can also facilitate recombinant innovation, where new products and services are created.
• Creating positive externalities for society as data portability reduces the effort for consumers to share data due to the increase ease in replicating existing data. These positive externalities are likely to be higher in the healthcare, financial services, transport and infrastructure planning sectors.

Policy considerations of data portability requirement

The policy considerations laid out in the discussion paper fall into two categories. The first category concerns how the data portability requirement should be implemented:

• The types of data that are subject to a portability requirement will need to be clearly defined to provide certainty to businesses.
• The technical standards and format for data portability will need to be determined to ensure that data flow within and across sectors are maximised and generate the intended economic benefits.
• Data security concerns may arise as data is shared between organisations of diverse sizes, and varying security and risk management abilities.
• Consumer protection safeguards may be needed to require organisations to provide sufficient information for consumers to exercise their rights under the data portability requirement.

The second category concerns the costs of implementing a data portability requirement:

• The cost of implementing and complying with such a requirement varies across businesses. While some businesses are "born digital", others that are currently relying on legacy systems may have to incur more compliance costs to upgrade their systems. Imposing the same compliance requirement on all businesses may also result in disproportionate compliance costs on smaller businesses that do not have the requisite expertise or resources to develop and implement systems for data portability.
• Whether the business costs incurred to implement and comply with such a requirement should be passed on to consumers, and if so the reasonableness of the fee that businesses should charge for data portability requests.

Interestingly, the discussion paper highlighted that certain sectors such as financial services and utilities may be used as "demonstrators" to showcase the benefits of data portability, and promote trust towards data sharing.

Osborne Clarke comment: this discussion paper matters

The data portability requirement has been identified as a critical policy tool designed to support Singapore's Smart Nation and Digital Economy initiative. The discussion paper is purposed as a framework for "stakeholders to understand and further discuss the impact and issues in implementing a data portability requirement". Given that these issues straddle data protection, competition and consumer protection laws, the PDPC and CCCS are jointly seeking feedback for future consultations to determine an optimal approach to implementing a data portability requirement in Singapore.

Stakeholder views are likely to influence future consultations on the effective implementation of the data portability requirement in Singapore.

Please do not hesitate to get in touch with us if you are interested in submitting your views to the CCCS and the PDPC, or if you wish to discuss how this development may impact your business operations in Singapore.