THE PARADOX OF DATA PORTABILITY AND LOCK-IN EFFECTS.

• Author: Zhang, Jiawei

TABLE OF CONTENTS I. INTRODUCTION 658 II. WHY DATA PORTABILITY? 663 A. Data Autonomy of Individuals 664 B. Competition in Digital Markets 665 C. Solving Lock-In Effects as a Bridge in Between 666 III. LOCK-IN EFFECTS 667 A. User Lock-In and Switching Costs 668 1. Market-Inherent Switching Costs ("MISCs") 670 2. Artificially Raised Switching Costs ("ARSCs") 671 B. Data Lock-In and Essential Facility Doctrine 673 IV. THE MISALIGNMENT OF DATA PORTABILITY AND LOCK- IN EFFECTS 675 A. Misalignments 675 1. Data Portability & Non-Data-Based Features 676 2. Data Portability & Switching Costs 677 3. Data Portability & Data-Based Concerns 679 B. Recalibration 680 V. CONCLUSION 682 I. INTRODUCTION

Data, considered the new oil, (1) is arguably the most valuable resource in the digital age. Data has also been compared to the plankton that nourishes ocean life in a Darwinian Sea, as free access to data is indispensable for companies to continuously innovate and engage in effective competition. (2) Accordingly, intensive discussions in the last decade have taken place concerning the role of data in the digital economy. A keenly debated topic is the most appropriate regulatory approach toward the tech giants that control unprecedented volumes of data. In these debates, support for data portability rules (3) has overwhelmingly outweighed opposition. (4) One of the most widely cited arguments for data portability is that it is pivotal to competition and innovation due to its ability to solve lock-in problems in digital markets. (5)

Lock-in effects (6) are ubiquitous, especially in digital markets. Users will be locked into a system "[w]hen the costs of switching from one brand of technology to another are substantial." (7) Some argue that platform users face substantial lock-in effects because they "can only change to another platform at the cost of leaving their data." (8) Tech companies have significant incentives to entrench their dominant positions by guarding their exclusive access to the data they collect from users and keeping their systems closed. (9) In this situation, users might be less likely to switch to an alternative system and will eventually be locked into a single system. Hence, data portability rules have frequently been identified as an appropriate tool to mitigate lock-in effects and ensure a more competitive market. (10)

The European Union ("EU") has led the way in accepting data portability rules through the General Data Protection Regulation ("GDPR"). (11) It has subsequently sought to expand the scope of data portability in the Digital Markets Act ("DMA"). (12) Some U.S. scholars and policymakers also advocate that the U.S. federal government follow the EU's path and apply data portability rules more widely. (13) Those advocating this approach clearly assume that data portability provides an effective solution to user lock-in effects. (14) However, there is cause to question whether this is necessarily true.

Most studies have approached this issue from the perspective of the competitive relationships among digital platforms. Relevant discussions include, but are not limited to, whether big data is a valuable resource for companies; (15) whether big data has created entry barriers and entrenched the market dominance of the tech giants; (16) whether data portability can mitigate the anticompetitive effects of data monopolies; (17) and whether data portability will create free-riding problems and harm platform incentives to collect and analyze data. (18) However, data portability involves more than the relationships among digital entities; users also play an indispensable role in the process of data porting.

This Note approaches data portability from the user perspective and discusses how the current preference for data portability overestimates its capacity to solve platforms' lock-in problems. Through a discussion of the concrete example of the web browser market, this Note highlights that users may not have sufficient motivation to port inferred and derived data that are functionally essential to digital market competition. Instead, users will only port data that would otherwise raise their switching costs but is less important for enhancing competitiveness. (19) This Note concludes that such limited data porting is insufficient to remedy the digital marketplace's lack of competition and innovation.

Parts II and III lay the theoretical foundations for the following discussions. Specifically, Part II analyzes two proposed objectives for data portability, which are first, to enhance the data autonomy of individuals and, second, to reinvigorate competition in digital markets. While the first, individual-oriented objective requires a relatively small applicable scope of data portability, the second ambition to resurrect digital markets entails much broader portability of derived or inferred data. These two objectives are logically bridged by the expectation of solving lock-in effects.

Part III, which uses the web browser market as an example, illustrates user lock-in and data lock-in problems. This analysis is split into two Sections. The first categorizes different sources of user lock-in effects, such as lock-in by non-data-based features and data-based features. It also explains how market-inherent switching costs ("MISCs") and artificially raised switching costs ("ARSCs") create user lock-in problems. The second Section then focuses on data lock-in problems and argues that the essential facility doctrine is not applicable to all kinds of data, because not all data are functionally essential to digital market competition.

Part IV comprises the main contribution of this Note by highlighting the paradox of data portability and lock-in effects. It first illustrates three ways in which the goals of data portability and its actual functions are misaligned. First, data portability is not capable of solving lock-in effects by non-data-based features. Second, data portability is less competent to mitigate the lock-in effects generated by MISCs. Third, although data portability can lower ARSCs, it is far from sufficient to handle data-based concerns. Part IV then recalibrates the relationship between the real functions of data portability and the goal of eliminating detrimental lock-in effects. It argues that data portability rules governed by individualistic goals have already been sufficient to address potential market-related concerns--that is, to reduce ARSCs. Expanding the applicable scope of data portability to address further market goals is therefore unnecessary and meaningless.

Finally, Part V advises policymakers not to expect data portability to have the same functionalities as mandatory data sharing.

2. WHY DATA PORTABILITY?

   The concept of data portability discussed in the following Parts should be clarified upfront. It includes both "one-off export" portability and interoperability as two types of portability. (20) One-off export portability enables users to "download a snapshot of the data they have on one platform in a form that can be uploaded to another," (21) while interoperability "allow[s] two or more platforms to exchange information directly with one another." (22) However, other researchers define data portability more narrowly and use it in parallel with the concept of interoperability. (23) This Note chooses to conduct its analysis using a narrower conceptualization and focuses only on so-called "one-off export" portability.

   Goals for data portability can be primarily distilled into two clusters: the first cluster relates to enhancing data subjects' autonomy over their data, and the second cluster is aimed at invigorating competition and innovation in digital markets. (24) Different policy goals require different scopes of data subject to the portability rules. For example, in legislative documents, the GDPR primarily prioritizes the individual side (25) and, as such, data portability applies only to the data that a data subject "has provided to a controller" (26) ("provided data"). In contrast, the DMA aims to complement the GDPR by accommodating market objectives with a greater range of data portability. (27) Thus, under the DMA, apart from provided data, any data "generated through the activity of the end user in the context of the use of the relevant core platform service" is also included. (28)

   1. Data Autonomy of Individuals

      The primary objective of data portability is to enhance individuals' control over their personal data. For instance, the right to data portability under the GDPR mainly aims to "empower data subjects regarding their own personal data," although it may also objectively facilitate service switching and enhance competition. (29) Similarly, the data portability arrangements in the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA") elevate autonomy considerations of data subjects over competition considerations of the digital market because, under the CCPA, it is not mandated that ported data be in a machine-readable format. (30)

      The rationale behind this goal is that data portability can enable data subjects to establish control over the transfer and reuse of their data and better facilitate equality (31) and the "free development of personality." (32) This goal represents individuals' data autonomy or informational self-determination--to "determine for themselves when, how, and to what extent information about them is communicated to others." (33) Moreover, by enhancing data subjects' control over their data, data portability can also improve the transparency of data processing and bridge the information asymmetry between tech giants and internet users. (34)

      Based on this individualistic objective, the scope of data that is subject to data portability rules should be properly tailored, not only to protect data subjects' autonomy and self-determination, but also to avoid disproportionate disclosure. For example...