The paper ”Intermediaries do matter: voluntary standards and the Right to Data Portability” (Nebbiai, M.) will be presented at the 11th FSR Annual Conference “From Data Spaces to Data Governance” (9-10 June, 2022).
This paper enlightens an understudied aspect of the GDPR Right to Data Portability (RtDP) application, proposing a theoretical framework to investigate the regulatory schemes that set voluntary data portability standards. A “regulatory scheme” is an assemblage of norms and technical standards, settled by a public or private actor, that can be voluntarily joined by some organizations. By joining a data portability regulatory scheme, these organisations are supported in the implementation of data portability, becoming at the same time the target of the schemes’ regulation. In the GDPR terminology: instead of autonomously implementing data portability options, some data controllers prefer to join voluntary schemes to comply with the RtDP, thus introducing an intermediary in the application and interpretation of the right. The research investigates the evolution and impact of these intermediaries.
The first section of the study analyses the “grey areas” of the RtDP application, which arise from the opaque definition of interoperability, the scope limitations of the right and the unclear balance with IP law. The reason is that data controllers’ interpretation of such grey areas can be affected by voluntary data portability standards. The second section draws upon the Transnational New Governance literature to identify a theoretical framework for data portability voluntary standards. According to Abbott and Snidal (2009), the “regulatory standard-setting” (RSS) schemes are voluntary standards of behaviour settled either by private, public, or non-governmental actors. In the Regulator-Intermediary-Target model developed by Abbott, Levi-Faur and Snidal (2017), the actors that possess the authority to interpret rules emanated by another regulator are “regulatory intermediaries”. For these reasons, data portability voluntary standards can be framed as “regulatory standard-setting (RSS) schemes” settled up by “regulatory intermediaries”.
Research Design and Expected Results:
The empirical section surveys the data portability regulatory schemes that operated in the EU between 2000 and 2020 and employs the “Governance Triangle” model (Abbott and Snidal 2009) to assess whether such schemes were governed by private, public or non-governmental actors. The iterated use of the Governance Triangle in different timespans also portrays the historical evolution of these schemes.
The results show that the number of RSS schemes influencing the RtDP application increases each year and most of them are governed by private actors. The historical analysis exhibits that the RtDP was introduced in a regulatory environment already populated by many private regulatory schemes implementing forms of data portability. Moreover, no evidence indicates that the introduction of the RtDP affected the growth of available data portability RSS schemes. These results suggest that the EU and the regulatory intermediaries do not interact in a zero-sum power game, with RSS schemes filling the void left by the lack of public regulation: instead, broadening the boundaries of public regulation might even stimulate the supply of non-state regulatory intermediaries which act in a complementary way.
The conclusion discusses the consequences of the dominant role of private actors in the intermediation of the RtDP on the accountability and efficiency of the emerging data markets and the potential changes arising from the Data Governance Act.