¹ Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions on a Digital Single Market Strategy for Europe 14, COM (2015) 192 final (May 6, 2015).Google Scholar

² Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Building a European Data Economy, COM (2017) 9 final (Jan. 10, 2017).Google Scholar

³ Commission Staff Working Document on the Free Flow of Data and Emerging Issues of the European Data Economy, Accompanying the Document Communication Building a European Data Economy 46, SWD (2017) 2 final (Jan. 10, 2017).Google Scholar

⁴ Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation), 2016 O.J. (L 119) (EU) [hereinafter GDPR].Google Scholar

⁵ See id. art. 4(1) (defining a data subject as “an identified or identifiable natural person” and specifying that an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person … .) In this article, the terms “data subject,” “individual,” “consumer,” and “user” will be used interchangeably.Google Scholar

⁶ Id. art. 4(7).Google Scholar

⁷ Id. art. 99.Google Scholar

⁸ See Directive 2002/22/EC of the European Parliament and of the Council of March 7, 2002 on Universal Service and the Rights of Users Relating to Electronic Communications Networks and Services (Universal Service Directive), 2002 O.J. (L 108) 51, as amended by Directive 2009/136/EC of the European Parliament and of the Council of November 25, 2009, 2009 O.J. (L 337) 11 (stating that under Art. 30 of the Universal Service Directive, porting of telephone numbers and their subsequent activation has to take place against a cost-oriented price and within the shortest possible time which is interpreted as maximum one working day); see also Directive 2015/2366 of the European Parliament and of the Council of November 25, 2015 on Payment Services in the Internal Market, 2015 O.J. (L 337) 35 (EU) (stating that under Art. 66 and 67 of the Payment Services Directive 2 to be implemented in national law by January 13, 2018, third party providers are able to access a customer's payment account information on the customer's request in order to provide payment initiation or account information services).Google Scholar

⁹ Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data, COM (2012) 11 final (Jan. 25, 2012).Google Scholar

¹⁰ Commission Staff Working Paper Impact Assessment Accompanying the Document Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data (General Data Protection Regulation) and the Directive of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data by Competent Authorities for the Purposes of Prevention, Investigation, Detection or Prosecution of Criminal Offences or the Execution of Criminal Penalties, and the Free Movement of such Data, at 43, SEC (2012) 72 final [hereinafter Impact Assessment].Google Scholar

¹¹ Resolution on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), Eur. Parl. Doc. P7_TA(2014)0212 (2014) http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P7-TA-2014-0212.Google Scholar

¹² See GDPR, supra note 4, art. 20.Google Scholar

¹³ Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), COD (2014) 10614/14 (June 6, 2014) 3 n.1.Google Scholar

¹⁴ WP29 is composed of the following parties: a representative from the National Data Protection Authority of each EU Member State; a representative of the European Data Protection Supervisor (the independent supervisory authority that is responsible for ensuring that all EU institutions and bodies respect people's right to personal data protection and privacy when processing their personal data); and a representative of the European Commission.Google Scholar

¹⁵ Art. 29 Data Protection Working Party, Guidelines on the Right to Data Portability, 16/EN WP 242 (Dec. 13, 2016).Google Scholar

¹⁶ Art. 29 Data Protection Working Party, Guidelines on the Right to Data Portability, 16/EN WP 242 rev.01 (Apr. 5, 2017) [hereinafter WP29].Google Scholar

¹⁷ See, e.g., GDPR, supra note 4, art. 99(2).Google Scholar

¹⁸ WP29, supra note 16, at 4 n.1 (emphasis added).Google Scholar

¹⁹ Impact Assessment, supra note 10, at 62.Google Scholar

²⁰ Impact Assessment, supra note 10.Google Scholar

²¹ See EU Network of Independent Experts on Fundamental Rights Commentary of the Charter of Fundamental Rights of the European Union, at 95 (June 2006), http://ec.europa.eu/justice/fundamental-rights/document/index_en.htm (stating, namely, that secondary legislation is adopted to give effect to the fundamental right to data protection, and that “the protection of personal data shall be exercised in accordance with the conditions and limits defined by the measures adopted to give effect to it.”).Google Scholar

²² See GDPR, supra note 4, art. 5(1) (a), (b) (featuring a parallel structure).Google Scholar

²³ See id. at art. 6, 9.Google Scholar

²⁴ See id.at art. 15.Google Scholar

²⁵ See id. at art. 19.Google Scholar

²⁶ See generally id. at art. 51.Google Scholar

²⁷ See Charter of Fundamental Rights of the European Union, 2012/C 326/02, art. 8(2), 2012 O.J. (C 326) 391 (“Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.”).Google Scholar

²⁸ See GDPR, supra note 4, art 15(1), (3).Google Scholar

²⁹ See id. at art 20(1).Google Scholar

³⁰ See discussion infra Section C.II. on the notion of provided data.Google Scholar

³¹ See GDPR, supra note 4, art. 20(1)(b).Google Scholar

³² See id. at art. 6(1)(a), 9(2)(a).Google Scholar

³³ See id. at art. 6(1)(b).Google Scholar

³⁴ But see Lynskey, Orla, Aligning Data Protection Rights with Competition Law Remedies? The GDPR Right to Data Portability, 42(6) Eur. L. Rev. 793, 809–10 (2017) (claiming that the right to data portability “sits coherently within the data protection regime” because it promotes individual control over personal data by enhancing informational self-determination as “a central objective of the EU data protection regime.”).Google Scholar

³⁵ See, e.g., Rubinstein, Ira, Big Data: The End of Privacy or a New Beginning?, 3 Int'l Data Privacy L., 74–87 (2013); see also Peter Swire & Yianni Lagos, Why the Right to Data Portability Likely Reduces Consumer Welfare: Antitrust and Privacy Critique, 72 Md. L. Rev. 335, 373 (2013); Paul De Hert et al., The Right to Data Portability in the GDPR: Towards User-Centric Interoperability of Digital Services, 34 Comput. L. & Sec. Rev. 193, 201 (2018).Google Scholar

³⁶ Rubinstein, supra note 35, at 84.Google Scholar

³⁷ Nadezhda Purtova, Property Rights in Personal Data: a European Perspective 57 (2011).Google Scholar

³⁸ Id. at 86–88; but see Elinor Ostrom & Charlotte Hess, Private and Common Property Rights, in 5 Prop. L. & Econ. 53, 59 (Boudewijn Bouckaert ed., 2010) (“Property-rights systems that do not contain the right of alienation are considered to be ill-defined.”).Google Scholar

³⁹ WP29, supra note 16, at 7.Google Scholar

⁴⁰ Drexl, Josef, Designing Competitive Markets for Industrial Data — Between Propertisation and Access, 8 JIPITEC 257, 286, para. 155 (2017).Google Scholar

⁴¹ WP29, supra note 16, at 4 n.1 (emphasis added).Google Scholar

⁴² Id. at 5.Google Scholar

⁴³ Id. at 4, 14.Google Scholar

⁴⁴ Id. at 15.Google Scholar

⁴⁵ See generally WP29, supra note 16.Google Scholar

⁴⁶ Koops, Bert-Jaap, The Trouble with European Data Protection Law, 4 Int'l Data Privacy L., 250–61 (2014).Google Scholar

⁴⁷ See GDPR, supra note 4, art. 6(1)(a), 9(2)(a) (specifying this point for special categories of data).Google Scholar

⁴⁸ See id. Google Scholar

⁴⁹ Cuijpers, Colette et al., Data Protection Reform and the Internet: The Draft Data Protection Regulation, in Research Handbook on EU Internet Law 543, 558 (Andrej Savin & Jan Tzarkowski eds., 2014).Google Scholar

⁵⁰ See GDPR, supra note 4, art. 6(1)(f).Google Scholar

⁵¹ Directive 2003/98/EC of the European Parliament and of the Council of November 17, 2003 on the Re-Use of Public Sector information 2003 O.J. (L 345) 90, last amended by Directive 2013/37/EU of the European Parliament and of the Council of June 26, 2013 2013 O.J. (L 175) 1 [hereinafter PSI Directive] (stating that the amendments are in effect from July 18, 2015).Google Scholar

⁵² PSI Directive, supra note 51, at art. 4; but see id. at recital 8, 9 of the preamble (explaining that article 4 does not apply if access is, for instance, restricted or excluded under national access rules and due to third-party interests).Google Scholar

⁵³ See CJEU, Joined Cases C-141/12 and C- 372/12, YS et al. v. Minister of Immigration, Integration and Asylum, ECLI:EU:C:2014:2081, Judgement of July 17, 2014 (concerning the relationship between data protection rights and the right to access to documents).Google Scholar

⁵⁴ WP29, supra note 16, at 8 n.16.Google Scholar

⁵⁵ Id. (referring to the relevant pages of WP29, “Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC,” April 9, 2014, WP217).Google Scholar

⁵⁶ See, e.g., Nadezhda Purtova, The Law of Everything. Broad Concept of Personal Data and Future of EU Data Protection Law, 10 Law, Innovation & Tech. 40–81 (2018) (discussing the broad notion of personal data).Google Scholar

⁵⁷ See GDPR, supra note 4, art. 4(5).Google Scholar

⁵⁸ See also De Hert et al., supra note 35, at 202 (distinguishing between a restrictive and an extensive approach to data portability).Google Scholar

⁵⁹ WP29, supra note 16, at 10.Google Scholar

⁶⁰ Id. Google Scholar

⁶¹ Id. at 10 n.21.Google Scholar

⁶² Id. Google Scholar

⁶³ Id. at 10.Google Scholar

⁶⁴ Org. for Econ. Co-operation and Dev. [OECD], Summary of the OECD Privacy Expert Roundtable on Protecting Privacy in a Data-driven Economy: Taking Stock of Current Thinking 5 (Mar. 21, 2014), http://www.oecd.org/officialdocuments/publicdisplaydocumentpdf/?cote=dsti/iccp/reg(2014)3&doclanguage=en; see also World Econ. Forum, Rethinking Personal Data: A New Lens for Strengthening Trust 5 (May 2014) http://www3.weforum.org/docs/WEF_RethinkingPersonalData_ANewLens_Report_2014.pdf.Google Scholar

⁶⁵ OECD, supra note 64, at 5.Google Scholar

⁶⁶ Id. Google Scholar

⁶⁷ See WP29, supra note 16 (devoting substantial attention to how data protection rights of other data subjects should be respected when portable data concerns data subjects other than the one invoking the RtDP—think of the contact lists or email recipients).Google Scholar

⁶⁸ Id. at 12.Google Scholar

⁶⁹ Id. at 18.Google Scholar

⁷⁰ Id. at 12.Google Scholar

⁷¹ See GDPR, supra note 4, at recital 63 of the preamble (emphasis added).Google Scholar

⁷² WP29, supra note 16, at 12.Google Scholar

⁷³ Id. Google Scholar

⁷⁴ In the area of data-enabled innovation, the state could offer prizes or research grants to facilitate or speed-up certain types of innovations.Google Scholar

⁷⁵ Public Sector Information (PSI) is an area where the state actively promotes reuse of data which is produced by the governments and its agencies. PSI policies—see the PSI Directive—are meant to spur broader availability of such data. This is supporting supply of information for data applications—such as travel navigators.Google Scholar

⁷⁶ See Directive 2001/29/EC, of the European Parliament and of the Council of May 22, 2001 on the Harmonisation of Certain Aspects of Copyright and Related Rights in the Information Society, 2001 O.J. (L 167) 10 [hereinafter InfoSoc Directive]; see also CJEU, Case C-5/08, Infopaq Int'l A/S v. Danske Dagblades Forening, ECLI:EU:C:2009:465, Judgement of July 16, 2009.Google Scholar

⁷⁷ See Directive 96/9/EC, of the European Parliament and of the Council of March 11, 1996 on the Legal Protection of Databases 1996 O.J. (L 77) 20 [hereinafter Database Directive]; see also CJEU, Case C-203/02, British Horseracing Board Ltd. V. William Hill Organization Ltd., ECLI:EU:C:2004:695, Judgement of November 9, 2004.Google Scholar

⁷⁸ See BGH, Dec. 1, 2010, I ZR 196/08, https://juris.bundesgerichtshof.de/cgi-bin/rechtsprechung/document.py?Gericht=bgh&Art=en&sid=ddaeb8a77db54f5f3e77f66c04e774ff&nr=56329&pos=0&anz=1 (explaining that the German Federal Court of Justice accepted the amount of 4,000 EUR as sufficient); see also, Martin Husovec, The End of (Meta) Search Engines in Europe?, 14 Chi.-Kent J. of Intell. Prop. 145, 145–72 (2014) (discussing the different thresholds across the EU).Google Scholar

⁷⁹ Directive 2016/943, of the European Parliament and of the Council of June 8, 2016 on the Protection of Undisclosed Know-How and Business Information (Trade Secrets) Against Their Unlawful Acquisition, Use, and Disclosure, 2016 O.J. (L 157) 1 [hereinafter Trade Secret Directive].Google Scholar

⁸⁰ See InfoSoc Directive, supra note 76, art. 2, 3.Google Scholar

⁸¹ See Database Directive, supra note 77, art. 7.Google Scholar

⁸² See Trade Secret Directive, supra note 79, art. 4(2).Google Scholar

⁸³ See generally Herbert Zech, Information als Schutzgegenstand (2012); see also Herbert Zech, Information as Property, 6 JIPITEC, 192 (2015).Google Scholar

⁸⁴ At the moment, there is an ongoing policy debate and a lot of academic interest in ownership of data discussing who owns data, when and whether we need to introduce new exclusive rights, such as a right of data producers. See European Commission, Legal Study on Ownership and Access to Data, SMART No. 2016/0085 (2016); see also Anette Gärtner & Kate Brimsted, Let's Talk About Data Ownership, 39 Eur. Intell. Prop. Rev., 461, 461–66; see also Daria Kim, No One's Ownership as the Status Quo and a Possible Way Forward: A Note on the Public Consultation on Building a European Data Economy, 13 J. of Intell. Prop. L. & Prac., 154 (2017).Google Scholar

⁸⁵ It might still invoke, however, a right to conduct business. See GDPR, supra note 4, art. 20(4). Such objections are probably less likely to be persuasive than ones backed with existing IP rights. This is because any ownership of this information is not a result of legal allocation by means of exclusive rights, but only a mere consequence of the service's set-up, such as its technological design coupled with market power leveraged through contract law. The grey area between IP-encumbered and IP-free data might be information which are not covered by any exclusive rights but can be protected against misappropriation through unfair competition laws. Unless such tortious claims qualify for protection as a form “intellectual property” under Art. 17(2) of the Charter, they might be taken into account only within a right to conduct a business. Today, such doctrines are not harmonized on the EU level, and differ greatly across the countries. See Ansgar Ohly, Interfaces Between Trade Mark Protection and Unfair Competition Law: Confusion About Confusion and Misconceptions About Misappropriation?, in Intellectual Property, Unfair Competition and Publicity: Convergences and Development 33 (Nari Lee et al. eds., 2014); see also Dirk Visser, Misrepresentation and Misappropriation: Two Common Principles or Common ‘Basic Moral Feelings’ of Intellectual Property and Unfair Competition Law, in Common Principles of European Intellectual Property Law 247, 247–54 (Ansgar Ohly ed., 2012).Google Scholar

⁸⁶ WP29, supra note 16, at 12.Google Scholar

⁸⁷ See Technomed Ltd. v. Bluecrest Health Screening Ltd. [2017] EWHC (Ch) 2142 [75].Google Scholar

⁸⁸ See GDPR, supra note 4, art. 20(1).Google Scholar

⁸⁹ See Husovec, Martin, Trademark Use Doctrine in the European Union and Japan, 21 Marq. Intell. Prop. L. Rev. 1 (2017) (explaining that in trademark law, “adverse effect” has its use in the area of trademark functions).Google Scholar

⁹⁰ See Jaeger, Till, Legal Opinion – Legal Aspects of European Electricity Data, JBB Rechtsanwälte (2017), https://open-power-system-data.org/legal-opinion.pdf (discussing the limits on follow-on use of energy data).Google Scholar

⁹¹ See WP29, supra note 16, at 4 (“The new right to data portability aims to empower data subjects regarding their own personal data, as it facilitates their ability to move, copy or transmit personal data easily from one IT environment to another.”).Google Scholar

⁹² At the moment, an exclusive licensee seems like a rare model. Many services take a non-exclusive license with a possibility to sub-license. See Steven Hetcher, User-Generated Content and the Future of Copyright: Part Two -Agreements Between Users and Mega-Sites, 24 Santa Clara High Tech. L. J. 829, 847 (2008) (discussing Facebook's Terms of Service); Terms of Service, Facebook (Apr. 19, 2018), https://www.facebook.com/terms.php; see also TripAdvisor Widget Terms of Use, TripAdvisor (Sept. 2017), https://www.tripadvisor.com/pages/widget_terms.html; Terms of Service, Airbnb (Apr. 16, 2018), https://www.airbnb.com/terms; Twitter Terms of Service, Twitter (May 25, 2018), https://twitter.com/en/tos; Terms of Service, YouTube (May 25, 2018), https://www.youtube.com/static?template=terms&gl=US. Sometimes, however, the borderline between the user's and site's content can be murky.Google Scholar

⁹³ For simplicity, assume a safe harbor scenario, such as the application of art. 14 of the E-Commerce Directive.Google Scholar

⁹⁴ See InfoSoc Directive, supra note 76, art. 5.Google Scholar

⁹⁵ As an illustration, Facebook has already invoked trade secret protection as a justification for not disclosing all personal data in response to an access request of an individual user. The social network provider claimed that one of the sections of the Irish Data Protection Acts, to which Facebook is subject because its international headquarters are in Ireland, “carves out an exception to subject access requests where the disclosures in response would adversely affect trade secrets or intellectual property.” See Email from Facebook to Max Schrems, (Sept. 28 2011), http://www.europe-v-facebook.org/FB_E-Mails_28_9_11.pdf.Google Scholar

⁹⁶ See Trade Secret Directive, supra note 79, art. 2(1).Google Scholar

⁹⁷ In IP scholarship, there is lively debate about whether trade secrets are a form of “intellectual property.” See Lionel Bentley, Trade Secrets: “Intellectual Property” but not “Property?”, in Concepts of Property in Intellectual Property Law 60 (Helena Howe & Jonathan Griffiths eds., 2013) (arguing that they are predominantly being accepted as “intellectual property,” but not “property”).Google Scholar

⁹⁸ See Trade Secret Directive, supra note 79, art. 3.Google Scholar

⁹⁹ See supra Section C.II.Google Scholar

¹⁰⁰ See Trade Secret Directive, supra note 79, art. 2(1)(a).Google Scholar

¹⁰¹ See id. Google Scholar

¹⁰² See also Bentley, supra note 97, at 77 (discussing the Veolia case and whether disclosure would be in conflict with Article 8 ECHR or Article 1 of the First Protocol of the ECHR).Google Scholar

¹⁰³ See GDPR, supra note 4, art. 15(3) (“For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs.”).Google Scholar

¹⁰⁴ See generally JRC Science and Policy Report on Fair, Reasonable and Non-Discriminatory (FRAND) Licensing Terms, (2015), http://is.jrc.ec.europa.eu/pages/ISG/EURIPIDIS/documents/05.FRANDreport.pdf.Google Scholar

¹⁰⁵ Inge Graef & Martin Husovec, Response to the Public Consultation on “Building a European Data Economy,“ Tilburg Law School Research Paper Series No. 10/2017 (Apr. 25, 2017) (discussing this trade-off between short term and long term).Google Scholar

¹⁰⁶ Examples include private levies for private reproduction, licensing through collective management organizations, FRAND-licensing in the area of standardization, compulsory licensing, etc.Google Scholar

¹⁰⁷ See Drexl, supra note 40; see also P. Bernt Hugenholtz, Something Completely Different: Europe's Sui Generis Database Right, in The Internet and the Emerging Importance of New Forms of Intellectual Property (Susy Frankel & Daniel Gervais eds., 2016); Wolfgang Kerber, A New (Intellectual) Property Right for Non-Personal Data? An Economic Analysis, GRUR Int. 989, 989–98 (2016); Husovec, supra note 78, at 145–72.Google Scholar

¹⁰⁸ See Husovec, supra note 78, at 145–72 (discussing this aspect in the context of database sui generis right).Google Scholar

¹⁰⁹ CJEU, Case C-170/13, Huawei Technologies Co. v. ZTE Corp., ECLI:EU:C:2015:477, Judgement of July 16, 2015.Google Scholar

¹¹⁰ WP29, supra note 16, at 3.Google Scholar

¹¹¹ See also Lynskey, supra note 34, at 804–06.Google Scholar

¹¹² See Swire & Lagos, supra note 35, at 352; see also Legal Memo with Respect to the Article 29 Guidelines on the Right to Data Portability, European Telecommunications Network Operators’ Association 8–9, (Feb. 16, 2017) https://etno.eu/datas/positions-papers/2017/170131%20ETNO_Data%20Portability_Memo/170131%20ETNO_Data%20Portability_Memo.pdf [hereinafter ETNO Memo] (arguing that the interpretation of the RtDP as put forward by WP29—namely that the concept of data “provided by the data subject” includes not only data actively and knowingly inserted by a data subject, but also data obtained by observing the behavior of a data subject—places a disproportionate obligation on telecom operators which are already subject to portability duties under the EU framework for electronic communications).Google Scholar

¹¹³ See Accessing & Downloading Your Information, Facebook (2018) https://www.facebook.com/help/131112897028467; see also Download Your Data, Google, https://takeout.google.com/settings/takeout; see also Introducing Data Transfer Project: an open source platform promoting universal data portability, Google Open Source Blog (Jul. 20, 2018), https://opensource.googleblog.com/2018/07/introducing-data-transfer-project.html (stating that in July 2018, Google Facebook, Microsoft and Twitter announced the Data Transfer Project which is “an open source initiative dedicated to developing tools that will enable consumers to transfer their data directly from one service to another, without needing to download and re-upload it.”).Google Scholar

¹¹⁴ See ETNO Memo, supra note 112, at 7–8.Google Scholar

¹¹⁵ See Vanberg, Aysem Diker & Ünver, Mehmet Bilal, The Right to Data Portability in the GDPR and EU Competition Law: Odd Couple or Dynamic Duo?, 8 Eur. J. of L. & Tech. 1, 2 (2017).Google Scholar

¹¹⁶ See also Rubinstein, supra note 35, at 80.Google Scholar

¹¹⁷ See Engels, Barbara, Data Portability Among Online Platforms, 5 Internet Pol'y Rev. 6–10 (2016) (making a distinction between platforms offering substitute and complementary services when examining the possible impact of the right to data portability on competition and innovation).Google Scholar

¹¹⁸ See Costa-Cabral, Francisco & Lynskey, Orla, Family Ties: The Intersection Between Data Protection and Competition in EU Law, 54 Common Mkt L. Rev. 11, 39 (2017) (arguing that standard-setting to ensure a good functioning of the right to data portability “may necessitate an agreement between competitors and therefore entail a potential violation of Article 101 TFEU”).Google Scholar

¹¹⁹ See discussion supra Section C.II. regarding the concepts of derived and inferred data.Google Scholar

¹²⁰ See also Lynskey, supra note 34, at 801–02 (comparing the personal and material scope of the GDPR right versus the competition law remedy of data portability).Google Scholar

¹²¹ These are the preconditions for the right to data portability to apply under Art. 20(1)(a) and (b) GDPR.Google Scholar

¹²² See Marc Bourreau et al., Big Data and Competition Policy: Market Power, Personalised Pricing and Advertising 25 (2017), http://cerre.eu/sites/cerre/files/170216_CERRE_CompData_FinalReport.pdf (comparing enforcements of data portability on the basis of data protection and competition law in).Google Scholar

¹²³ Press Release, Almunia, Joaquin, Competition Comm'r, European Comm'n, Remarks on Competition and Personal Data Protection at the Privacy Platform Event: Competition and Privacy in Markets of Data in Brussels, (Nov. 26, 2012), http://europa.eu/rapid/press-release_SPEECH-12-860_en.htm.Google Scholar

¹²⁴ Id. Google Scholar

¹²⁵ See, e.g., Graef, Inge et al., Mandating Portability and Interoperability in Online Social Networks: Regulatory and Competition Law Issues in the European Union, 39 Telecomm. Pol'y 502, 508–09 (2015); see also Inge Graef et al., Putting the Right to Data Portability into a Competition Law Perspective, Law. J. of the Higher Sch. of Econ. Ann. Rev. 7–8 (2013).Google Scholar

¹²⁶ Case No COMP/M.7217, October 3, 2014, paras. 113–15, 134, 2014 O.J., http://ec.europa.eu/competition/mergers/cases/decisions/m7217_20141003_20310_3962132_EN.pdf.Google Scholar

¹²⁷ For Commitments of Google, see Case COMP/C-3/39.740 Foundem and others, April 3, 2013, paras. 27–31, 2013 O.J., http://ec.europa.eu/competition/antitrust/cases/dec_docs/39740/39740_8608_5.pdf; see also Joaquin Almunia, Competition Comm'r, European Comm'n, Remarks on the Google Antitrust Case: What is at Stake?, (Oct. 1, 2013), http://europa.eu/rapid/press-release_SPEECH-13-768_en.htm (stating that Google offered improved commitments to the Commission which included a new proposal providing stronger guarantees against circumvention of the earlier commitments regarding portability of advertising campaigns).Google Scholar

¹²⁸ Google Agrees to Change Its Business Practices to Resolve FTC Competition Concerns in the Markets for Devices Like Smart Phones, Games and Tablets, and in Online Search, FTC (Jan. 3 2013), http://www.ftc.gov/news-events/press-releases/2013/01/google-agrees-change-its-business-practices-resolve-ftc.Google Scholar

¹²⁹ See Yoo, Christopher, When Antitrust Met Facebook, 19 Geo. Mason L. Rev. 1147, 1154–55 (2012); see also Damien Geradin & Monika Kuschewsky, Competition Law and Personal Data: Preliminary Thoughts on a Complex Issue 11, (SSRN Working Paper, 2013), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2216088.Google Scholar

¹³⁰ See Costa-Cabral, Francisco, The Preliminary Opinion of the European Data Protection Supervisor and the Discretion of the European Commission in Enforcing Competition Law, 23 Maastricht J. Eur. and Comp. L. 495, 511 (2016).Google Scholar

¹³¹ See Inge Graef, EU Competition Law, Data Protection and Online Platforms: Data as Essential Facility 249–80 (2016) (discussing in detail the application of the essential facilities doctrine to data).Google Scholar

¹³² See, e.g., CJEU, Joined Cases C-241/91 and C-242/91, Radio Telefis Eireann and Indep. Television Publ'ns Ltd v. Comm'n of the European Communities, ECLI:EU:C:1995:98, Judgement of April 6, 1995; CJEU, Case C-7/97, Oscar Bronner GmbH & Co. KG v. Mediaprint Zeitungs, ECLI:EU:C:1998:569, Judgement of November 26, 1998; CJEU, Case C-418/01, IMS Health GmbH & Co. OHG v. NDC Health GmbH & Co. KG, ECLI:EU:C:2004:257, Judgement of April 29, 2004; CJEU, Microsoft Corp. v. Comm'n of the European Communities, Case T-201/04, ECLI:EU:T:2007:289, Judgement of September 17, 2007.Google Scholar

¹³³ Council Regulation (EC) 139/2004 of Jan. 20, 2004 on the Control of Concentrations Between Undertakings (EU Merger Regulation), art. 2(3), 2004 O.J. (L 24) 1, 7.Google Scholar

¹³⁴ Case No COMP/M.4726 February 19, 2008, 2008 O.J., http://ec.europa.eu/competition/mergers/cases/decisions/m4726_20080219_20600_en.pdf.Google Scholar

¹³⁵ See Van der Auwermeulen, Barbara, How to Attribute the Right to Data Portability in Europe: A Comparative Analysis of Legislations, (2017) 33 Computer L. & Security Rev. 57, 63 (“It cannot be excluded that article 102 of the TFEU may apply to some anti-competitive situations resulting from restrictions on data portability. Nevertheless, it appears to be challenging to apply European Competition Law to data portability.”).Google Scholar

¹³⁶ See Graef, Inge et al., Fairness and Enforcement: Bridging Competition, Data Protection, and Consumer Law, Int'l Data Privacy L. (forthcoming 2018).Google Scholar

¹³⁷ CJEU, European Comm'n v. Alrosa Co., Case C-441/07 P, ECLI:EU:C:2010:377, para. 48 (June 29, 2010).Google Scholar

¹³⁸ See also Costa-Cabral, supra note 130, at 511.Google Scholar

¹³⁹ Proposal for a Directive of the European Parliament and of the Council on Certain Aspects Concerning Contracts for the Supply of Digital Content, COM (2015) 634 final (Dec. 9, 2015) [hereinafter Proposal for a Digital Content Directive].Google Scholar

¹⁴⁰ See id. at art. 16(4)(b) (providing for a similar obligation for suppliers with regard to long term contracts for the supply of digital content). Interestingly, art. 16(4)(b) does not state that consumers are entitled to receive the content free of charge and thus seems to allow suppliers to ask for a fee.Google Scholar

¹⁴¹ See id. at art. 13(2)(b)Google Scholar

¹⁴² See id. at recital 39 of the preamble.Google Scholar

¹⁴³ See discussion supra Section C.II.Google Scholar

¹⁴⁴ WP29, supra note 16, at 10–11.Google Scholar

¹⁴⁵ General Approach of the Council (June 8, 2017), art. 13a(3), http://data.consilium.europa.eu/doc/document/ST-9901-2017-INIT/en/pdf (emphasis added).Google Scholar

¹⁴⁶ See also Metzger, Axel et al., Data-Related Aspects of the Digital Content Directive, 9 JIPITECH 90, 102–04 (2018) (comparing the RtDP in the GDPR and the data retrieval obligations in the Digital Content Directive).Google Scholar

¹⁴⁷ See Opinion of the European Data Protection Supervisor 4/2017 on the Proposal for a Directive on Certain Aspects Concerning Contracts for the Supply of Digital Content 8–9, 18–20, (Mar. 14, 2017), https://edps.europa.eu/sites/edp/files/publication/17-03-14_opinion_digital_content_en.pdf (making recommendations to ensure that the Digital Content Directive does not change the balance found by the GDPR under which the processing of personal data may take place in the digital market); see also Natali Helberger et al., The Perfect Match? A Closer Look at the Relationship Between EU Consumer Law and Data Protection Law, 54 Common Mkt. L. Rev., 1427–66 (2017) (discussing the relationship between data and consumer protection law more generally).Google Scholar

¹⁴⁸ General Approach of the Council, supra note 145, art. 13a(3).Google Scholar

¹⁴⁹ See ETNO Memo, supra note 112, at 9 (explaining—within the context of the GDPR and the EU electronic communications framework—that, “[w]hile the data protection oriented data portability right of the GDPR has a different scoping and orientation, one should be careful not to impose cumulative, redundant and potentially contradictory portability obligations on the telecoms industry.”).Google Scholar

¹⁵⁰ See Regulation of the European Parliament and of the Council on a framework for the free flow of non-personal data in the European Union, art. 6(1) (Nov. 9, 2018), http://data.consilium.europa.eu/doc/document/PE-53-2018-INIT/en/pdf.Google Scholar

¹⁵¹ See Art. L. 224-42-1 - L. 224-42-4 of Loi 2016-1321 du 7 octobre 2016 pour une République numérique [Law 2018-132 of October 7, 2016 for a Digital Republic] Journal Officiel de la République Française [J.O.] [Official Gazette of France], Oct. 7, 2016, pp. 14–15 (stating that providers of online public communications service have to enable a consumer to recover free of charge all data that he or she has stored online—as well as all data resulting from the use of his or her user account that can be consulted online—with the exception of the data which has been significantly enhanced by the provider concerned). This provision resembles the data retrieval obligation that has been included in the proposal for a Digital Content Directive. The difference is that the latter is still under consideration in the EU legislative process while the former has already been adopted in its final form. As a result, regardless of what will happen to the relevant provisions in the proposal for a Digital Content Directive, providers of online public communications services in France have already had to comply with the data retrieval obligation set out in French consumer law as of the entry into force of the new duty enters in May 2018 (simultaneously with the start of the applicability of the GDPR).Google Scholar