This post, a part of the RFMLR-CAM Blog Series Competition on Emerging Trends and Developments in the Competition Law Regime, is authored by Niyati Prabhu and Alina Sujith, third-year students of the National University of Advanced Legal Studies (NUALS), Kochi.

1. Introduction

In the modern, data-driven world, while data protection and competition law are two majorly intertwined legal arenas, there is very little scholarship on the competitive implications of data portability within the Indian competition regime, thereby necessitating a competition law scrutiny of its potential anti-competitive effects. The right to data portability, which entails the possibility of transferring personal data to different digital platforms, is enshrined within the provisions of various statutes in the global context, such as Article 20 of the General Data Protection Regulation (“GDPR”), §1798.100(d) of the California Consumer Privacy Act, 2018 (“CCPA”), Article 18 of Brazil’s General Personal Data Protection Law and others. However, the Digital Personal Data Protection Act, 2023 (“DPDPA”) does not include within its ambit the right to data portability, while the standards related to data portability and transfer of user data are not developed in India, despite Clause 26 of the 2018 Bill and Clause 19 of the 2019 Bill envisaging the same. Accordingly, there is no existing provision of any Indian statute that provides a framework for data portability allegedly due to lack of technical feasibility, costlier implementation, requirement of organizations to modify their existing technology to provide data in a machine-readable format, etc.

This essay argues for the implementation of the right to data portability in India, the lack of which can result in increased switching costs, reduced demand-side substitutability, and consumer lock-in in addition to new entrants or potential competitors being locked out of the market. The analysis focuses on the inclusion of data portability in the DPDPA and highlights its significance in enhancing competition. Through this, it is contended that the potential drawbacks of introducing data portability can be offset by improving the design mechanism that envisages the framework for the implementation of this right, specifically using selective or collective portability.

1. Unlocking Your Data: How Portability Empowers Consumers

Data portability encompasses the transfer of user data from one entity to another in a structured, machine-readable format. By offering more utility to competitors it grants consumers more control over their data thereby increasing consumer welfare. The absence of data portability could be used as a strategy by firms to prevent users from transferring their data to a competing platform and the consequent migration of their clientele. Discourse regarding data portability becomes crucial especially due to the emergence of Artificial Intelligence ("AI") and Virtual Reality ("VR"), wherein, for instance, in the AI-VR gaming industry, a dominant AI-VR gaming platform can refuse to transfer user data/gaming progress to other AI-VR gaming platforms, thereby effectively precluding users from switching to other platforms while also reducing competition on merits in a market that is still in a relatively nascent stage.

In the Indian context, the right to data portability, which stems from the right to receive information as per Secretary, Ministry of Information and Broadcasting v. Cricket Association of Bengal and Ors., is one of the three rights delineated in the White Paper of the Committee of Experts on a Data Protection Framework for India, which concluded that data portability should be included as a right to empower users to gain control over their data. The Report of the Committee of Experts under the Chairmanship of Justice B.N. Srikrishna (“Report”) placed significant emphasis on the need to enable individuals to exercise control over their personal data by granting them the capacity to transfer their data in a machine-readable, interoperable format. This is in line with Article 29 of the Guidelines on the Right to Data Portability adopted by the European Commission, wherein individuals can either obtain a copy of their personal data in the requisite format or have their data transferred from one data controller to another.

Across the globe, tech giants have recognised the importance of data portability for users. Since 2010, Facebook’s Download Your Information and Google’s Takeout have allowed users to access their transferred data. In 2018, Google, Microsoft, Apple, Facebook, and Twitter collaborated on the Data Transfer Project, facilitating data portability between their platforms. These initiatives emanating from significant controlling players in the market demonstrate the utility this right offers to enhance consumer welfare and generate benefits in terms of recombinant innovation and product efficiency.

1. Potential Antitrust Concerns Stemming from Lack of Data Portability

The success model of a firm can inadvertently hinge on extensive data collection practices to achieve consumer commercialisation potential, which is ultimately monetised. Data disparity held by major firms causes entry barriers, making it difficult for non-dominant players to compete. Lack of data portability can result in users not being empowered to choose between different platforms, resulting in consumer harm, which is the seminal issue in an abuse of dominance case, as can be inferred from Matrimony.com Limited vs. Google LLC & Others. Inhibiting data mobility can substantially reduce interoperability between competitors, resulting in a lock-in effect, which creates a monopolistic market system. This could also potentially result in increased network effects due to status quo bias, reduction in demand-side substitutability, and foreclosure of market access.

a)    Network Effects and Status Quo Bias:

​​The presence of a highly developed network is recognized as a factor for dominance. In Hoffmann-La Roche, Roche’s well-developed sales network was cited as a relevant factor conferring competitive advantages, hence making it dominant. In FHRAI v. Make My Trip, the CCI noted that network effects in conjunction with even minor actions by platforms have the potential to marginalise and exclude competitors, further strengthening these effects that may be hard to reverse later. Moreover, given that the suppliers’ side of the market may be diminished substantially due to the anticompetitive conduct, any remedy at that stage was said to be ‘too little, too late’.

Network effects, coupled with status quo bias of customers who are unwilling to switch over to a new network, social media or service provider due to having to leave behind their personal data, increases switching costs and prevents new entrants from competing effectively. Due to a dominant undertaking’s network externalities, it is difficult for its users to coordinate migration to a new platform, leaving space for only a small number of platforms, thereby resulting in a distorted ‘winner-takes-all-market’. 

b)    Reduction in Demand-side substitutability:

A significant factor in the empirical assessment of a relevant product market is the substitutability (or interchangeability) test. Demand-side substitutability is decisive in determining whether consumers would consider other products as interchangeable or substitutable with the products manufactured by the dominant undertaking. Lack of data portability can potentially reduce demand substitutability because users refrain from switching to other substitutable products or services due to increased switching costs, network effects and difficulties in accessing the previous data. This situation is worsened in markets without adequate countervailing buying power as per §19(4)(i) of the Competition Act (“Act”), as undertakings with high market shares will then be able to distort competition because consumers do not have sufficient bargaining strength.

c)     Foreclosure of market access:

Dominant undertakings have a special responsibility to not create entry barriers and allow their conduct to distort competition. As per Shamsher Kataria vs Honda Siel Cars India Ltd. & Ors, any entry barrier created by the dominant firm through its direct or indirect conduct in any manner, will be abusive as per §4(2)(c) of the Act. Concerns of foreclosure owing to not having data portability can also arise due to leveraging as per §4(2)(e) of the Act. Per Mcx Stock Exchange & Ors vs National Stock Exchange Of India Ltd., dominant undertakings can leverage their power in one market to foreclose another market, wherein the resulting market power in the second market is not due to competition on merits, but rather because of leveraging of market power in the first market. Leveraging due to strong network effects and increased switching costs caused by a lack of data portability will, thus, allow firms to ‘tip’ the market in their favour in a difficult-to-reverse manner.

IV.  Data Portability as a Futuristic Right

The rationale posed while claiming the exclusion of data portability often indicates a design problem within the structural mechanism. Accordingly, the creation of a framework for the operationalisation of the right to data portability while optimizing its pro-competitive benefits seems to be challenging. In this regard, two alternative solutions that adapt to the Indian competition regime are proposed:

a)    Selective Portability

Selective portability draws its origin from the CCPA wherein rather than a blanket-general applicability, selective applicability is being effectuated for firms that meet the three-fold criteria, i.e., (i) a yearly gross turnover of more than USD 25 million; (ii) the receipt, sale, buying or sharing of personal data for commercial purposes of at least 50,000 individuals, households, or devices, and (iii) at least half of the company's income is derived from customer data.

The DPDPA could adapt selective portability to potentially mitigate implementation issues such as increased compliance costs and switching costs. This could preclude smaller firms from being affected disproportionately due to significant entry barriers, while consumers will not be incentivised to migrate to different platforms.

Selective portability can offset these concerns as, firstly, the compliance cost problem is largely mitigated due to compliance requirements falling squarely for data-rich, profitable firms, which are better suited financially as opposed to non-dominant firms. Secondly, consumers will be exempted from paying switching costs for platforms operated by dominant undertakings. Accordingly, irrespective of network effects, the risk of portability precluding users from migrating to different platforms is mitigated.

b)    Collective Portability

Collective portability, a more consumer-centric approach, essentially provides a group of users sharing access to co-created data on a specific platform to completely migrate to a new platform, with the original platform facilitating the data transfer. This results in a seamless transition of data across platforms for a group of users collectively. For example, if a music streaming service were to adopt collective portability, it would facilitate users in transferring data (music library, playlists, listening history, etc.) to its competitors and, in turn, allow the user to pause, cancel or delete the previous streaming service account.

This model could also be considered for inclusion in the DPDPA as, firstly, this would minimise switching costs since users need not leave behind their data while migrating, thus benefiting new entrants. Secondly, this strategy countervails network effects and reduces transaction costs by integrating different stakeholders. It also reduces entry barriers by onboarding several users at once, thereby catalysing growth. Overall, collective portability meets the dual requirement of reaping pro-competitive benefits while enabling user control over data.

 IV.         Conclusion

Despite several antitrust concerns arising from not having data portability, there can be concerns in its implementation, including those related to technology, security and financial sustainability. However, upon closer inspection, it becomes clear that the objections levied against the inclusion of data portability are insufficient to warrant its omission, notably with the introduction of viable remedies that promote competition, such as selective or collective portability. The phased implementation of data portability entails a number of conceptual, technical and practical issues that warrant an ex-ante investigation to stay ahead of regulatory developments and ensure compatibility between the Data Protection Board of India and the CCI. This is significant as the scope of the CCI’s jurisdiction also includes the analysis of data collection by dominant firms, irrespective of sectoral regulations. The Srikrishna Committee Report, which emphasised the importance of giving people the ability to transmit their data in an interoperable and machine-readable format, can be used as a model for India to adopt data portability. While the Report enables consumers to have greater control over their user data, it also ensures that only those data fiduciaries who have the necessary technical feasibility for porting the data will be required to comply with the necessary data portability requisites as will be warranted by any guidelines implemented in India in the future.