WASHINGTON, D.C. – On April 17, 2024, the Responsible Online Commerce Coalition (ROCC) signed on to a letter applauding Margrethe Vestager, the Executive Vice-President and Commissioner for Competition of the European Commission, for all the work that has been done thus far to ensure gatekeepers comply with the EU’s Digital Markets Act. ROCC signed alongside a coalition of business organizations to support global efforts to combat abuse of monopoly power by Big Tech gatekeepers like Amazon. The organizations also drew the attention of the Commissioner to the enforcement of data portability requirements that may go overlooked under the EU Digital Markets Act.
“We urge the Commission to prioritize this issue and dedicate resources to this effective and timely enforcement,” stated the letter. “Data Portability is not just a regulatory requirement; it is a key mechanism for empowering consumers and driving economic growth in the digital age, and the European Commission has a crucial role to play in ensuring the effective implementation of data portability requirements under the EU Digital Markets Act.”
Full text of the letter is available HERE and below:
Dear Madam Vice-President,
Today marks 40 days since the implementation deadline for gatekeepers to comply with
the EU’s flagship Digital Markets Act (DMA). Important steps have been taken by
gatekeepers in this time, and we applaud all of the work that has been done to level the
playing field and give consumers more choices, but there remain significant gaps to
address. We are writing to draw your attention to a critical area of non-compliance that
we fear might not receive the urgent attention that it deserves.
The organisations behind this letter (MyData Global, The Coalition for Online Data
Empowerment, and the Ethical Commerce Alliance) collectively represent hundreds of
organisations around the world that are seeking to empower individuals to take control of
their personal data online. The right to data portability, as enshrined within the GDPR, has
to date failed to deliver on its tremendous promise – we urge you not to allow the DMA to
become another missed opportunity.
Clear evidence of non-compliance
The DMA requires designated gatekeepers (Alphabet, Amazon, Apple, ByteDance, Meta,
Microsoft) to facilitate, free, continuous and real-time portability “of data that is provided
by the end-user or generated through the activity of the end user in the context of the use”
on their platforms. By enabling individuals to control their personal data and seamlessly
switch between digital services, data portability promotes competition, innovation, and
user autonomy in the digital ecosystem. This is a critical, but often overlooked aspect of
the DMA, which is essential to empowering consumers and fostering a common digital
market aligned with the human-centric principles of the European data strategy.
Since the DMA’s implementation deadline of 7 March 2024, there is ample evidence
that its data portability requirements have not been fully complied with. This presents
an urgent need for action by the Commission and the series of workshops held on
Gatekeeper compliance in early March was an excellent first step.
The Commission’s attention to these issues reflects increasing awareness among the
broad set of stakeholders committed to ethical and responsible data practices, that data
portability plays a pivotal role in realising the vision of a digital Europe that prioritises the
rights and interests of its citizens. Data portability empowers consumers by providing
them with greater control over their personal data, allowing them to choose the services
that best meet their needs and preferences. Moreover, data portability fosters
competition by lowering barriers to entry for new market entrants and encouraging
innovation through the development of new services and applications that leverage user
data responsibly. Failure to enforce the data portability requirements of the DMA risks
undermining the principles of fairness, transparency, and user empowerment that
underpin the European data strategy.
Urgent and robust action is needed
In light of these challenges, we call upon the European Commission to take decisive
action to enforce data portability requirements under the EU Digital Markets Act.
Specifically, we urge the Commission to:
1. Ensure Immediate Implementation of Authorization for Recurring Transfers:
All six gatekeepers must be compelled to implement tools that allow for extended
authorization of daily recurring downloads for up to one year, applied to all user
data across their Core Platform Services (CPS). While some have chosen to deliver
this functionality from the outset, there are some significant exceptions. To be
clear, this outcome should be viewed as an interim solution only, and the
Commission must therefore be prepared to initiate investigations and enforce
sanctions where gatekeepers fail to deliver this baseline level of compliance.
2. Provide Robust Oversight of Implementation and Usage:
The Commission must closely monitor how gatekeeper platforms operate data
portability tools, ensuring transparency and accountability in their deployment. If
developers from other services are unable to access the tools, then the tools are a
facade to mask non-compliance. Gatekeepers must not be allowed to hide behind
superficial privacy measures to evade their responsibilities; meaningful
enforcement and oversight are essential to safeguard user rights.
3. Demand Commitment to Continuous and Real-time Data Flow:
Gatekeeper platforms must commit to implementing Continuous and Real-Time
(C&RT) data portability mechanisms, ensuring a continuous flow of data that is
critical to its value and utility. No ifs, no buts. We urge the Commission to secure
firm commitments from the gatekeepers regarding the timeline for implementing
C&RT mechanisms to prevent indefinite delays. The gatekeepers must no longer
be allowed to discuss C&RT as if it is a hypothetical policy debate for the future – it
is a legal obligation that has been placed on them, and they are choosing not to
deliver.
We recognise that data portability is not easy, and there are strong incentives for the
largest technology firms to delay its progress. It is a cost line for large data holders with
no immediate associated revenue. It also represents a threat to incumbent companies’
market power and associated profits. As a result, we do not expect significant
implementation of data portability requirements without meaningful enforcement by the
Commission. But that enforcement is necessary, and it will need to be robust.
Data portability is not just a regulatory requirement; it is a key mechanism for
empowering consumers and driving economic growth in the digital age, and the
European Commission has a crucial role to play in ensuring the effective implementation
of data portability requirements under the EU Digital Markets Act. We urge the
Commission to prioritize this issue and dedicate resources to its effective and timely
enforcement.
Thank you for your efforts to drive forward these critical changes that will transform EU
citizens’ relationship with their personal data for generations to come. We stand ready to
support and collaborate with the Commission in advancing the cause of data portability
and ensuring a fair and transparent digital future for all.
Sincerely,
Eric Pol
Chairman of the Board
MyData Global
Tom Fish
Director
Coalition for Online Data Empowerment (CODE)
Borja Santaolalla
Senior Advisor
Ethical Commerce Alliance (ECA)