Data portability

FPF Response to CFPB Data Portability Proposal

Retrieved on: 
Saturday, January 28, 2023

FPF Response to CFPB Data Portability Proposal

Key Points: 
  • FPF Response to CFPB Data Portability Proposal
    In response to the Consumer Financial Protection Bureau’s (CFPB) request for comment regarding data portability for financial products and services, the Future of Privacy Forum filed comprehensive comments and recommendations, urging the Bureau to craft balanced, informed privacy rules that protect individuals’ personal information while enhancing trust in the privacy and security of emerging data portability mechanisms in this space.
  • In our submission, FPF provides more than 20 specific recommendations to the CFPB, reflecting FPF’s expertise in this area and in the interplay of developing business practices and technology.
  • FPF looks forward to continued progress on these important topics, which can also advance thought leadership about data portability and open data across other industry sectors.
  • FPF distributed a paper at the event, Data Portability in Open Banking: Privacy and Other Cross-Cutting Issues, detailing how different jurisdictions’ laws impacted open banking activities and intersected with data protection law, including issues surrounding consent, security, and data subject portability rights.

EDPB adopts opinions on first transnational codes of conduct, Statement on Data Governance Act, Recommendations on the legal basis for the storage of credit card data. 

Retrieved on: 
Friday, May 21, 2021

64 GDPR opinions on the first draft decisions on transnational1Codes of Conduct (Codes) presented to the Board by the Belgian and French supervisory authorities (SAs).

Key Points: 
  • 64 GDPR opinions on the first draft decisions on transnational1Codes of Conduct (Codes) presented to the Board by the Belgian and French supervisory authorities (SAs).
  • The EDPB adopted a statement on the Data Governance Act (DGA) in light of developments in the legislative process.
  • Finally, the EDPB adopted recommendations on the legal basis for the storage of credit card data for the sole purpose of facilitating further online transactions.
  • 6(1)(a) GPDR should be considered the sole appropriate legal basis for storing credit card data after the purchase.

Your car knows how much you weigh: AIA Canada Statement on Canada’s Digital Charter

Retrieved on: 
Friday, March 26, 2021

The Digital Charter outlined in the bill will enshrine important principles for data portability and a level playing field which should ensure consumer choice in vehicle repair.

Key Points: 
  • The Digital Charter outlined in the bill will enshrine important principles for data portability and a level playing field which should ensure consumer choice in vehicle repair.
  • Since late 2020 over 22,000 people have signed a petition on Change.org in support of the Your Car.
  • The Automotive Industries Association (AIA) of Canada is the national trade association that brings together the entire automotive aftermarket supply and service chain.
  • For more information please contact: AIA Canada Communications 1-800-808-2920 ext 2285 [email protected]

Now Available in AWS Marketplace, Hammerspace Uses Storageless Data to Remove the Complexity Generated by Hybrid IT

Retrieved on: 
Tuesday, March 23, 2021

Amazon Web Services (AWS) customers can now enjoy the benefits of storageless data to take the complexity out of storing and managing file data.

Key Points: 
  • Amazon Web Services (AWS) customers can now enjoy the benefits of storageless data to take the complexity out of storing and managing file data.
  • Storageless data enables data portability and simplifies how data is stored and managed on-premises and across AWS Regions so you can run your apps anywhere.
  • Storageless data eliminates data gravity, said Douglas Fallstrom, SVP Product at Hammerspace.
  • Our customers are leveraging AWS to store most of their file data while still keeping their active data close to the application.

ICO statement in response to the publication of a draft adequacy decision from the European Commission

Retrieved on: 
Friday, February 19, 2021

The European Commission has today published its draft UK adequacy decisions.

Key Points: 
  • The European Commission has today published its draft UK adequacy decisions.
  • If adopted these decisions will allow for continued free flow of personal data from the EU into the UK.
  • As well as its decision under the General Data Protection Regulation (GDPR), the EU also published another draft decision for personal data related to law enforcement.
  • The adequacy decisions are now with the European Data Protection Board (EDPB) who will deliver an opinion to the European Commission and representatives from the EU member states.

CommonHealth, a Free Mobile App for Patients to Share Health Data - including COVID Test and Vaccine Status - Connects to 230 US Health Systems

Retrieved on: 
Friday, December 4, 2020

CommonHealth extends the privacy-centered data portability and interoperability model pioneered by Apple Health to the 55 percent of Americans who have Android devices.

Key Points: 
  • CommonHealth extends the privacy-centered data portability and interoperability model pioneered by Apple Health to the 55 percent of Americans who have Android devices.
  • CommonHealth plans to integrate with an additional 110 health systems in December, connecting to more than 340 health systems before the year ends.
  • CommonHealth was first deployed at UCSF Health and underwent substantial testing and user experience research in multiple diverse populations in San Francisco.
  • CommonHealth brings long-overdue innovation to electronic health record systems and nearly half the population that uses an Android device.

ROSEN, A TOP RANKED LAW FIRM, Reminds OneSpan Inc. Investors of Important Deadline in Securities Class Action – OSPN

Retrieved on: 
Wednesday, September 23, 2020

Rosen Law Firm, a global investor rights law firm, reminds purchasers of the securities of OneSpan Inc. (NASDAQ: OSPN) between May 9, 2018 and August 11, 2020, inclusive (the Class Period), of the important October 19, 2020 lead plaintiff deadline in the securities class action.

Key Points: 
  • Rosen Law Firm, a global investor rights law firm, reminds purchasers of the securities of OneSpan Inc. (NASDAQ: OSPN) between May 9, 2018 and August 11, 2020, inclusive (the Class Period), of the important October 19, 2020 lead plaintiff deadline in the securities class action.
  • Rosen Law Firm represents investors throughout the globe, concentrating its practice in securities class actions and shareholder derivative litigation.
  • 1 by ISS Securities Class Action Services for number of securities class action settlements in 2017.
  • Rosen Law Firm has achieved the largest ever securities class action settlement against a Chinese Company.

FPF Testifies at FTC Data Portability Workshop

Retrieved on: 
Wednesday, September 23, 2020

Yesterday, on September 22, 2020, the Federal Trade Commission held a public workshop, “Data To Go,” examining the benefits and challenges of data portability frameworks for consumers and competition. As a panelist during the first discussion, FPF’s Gabriela Zanfir-Fortuna discussed: how data portability operates in different commercial sectors; lessons learned from the GDPR and other global laws; and observations on the dual nature of data portability, as both a means to facilitate competition and a right of individuals to exercise control over their data.See the agenda here,Watch the recording (FPF’s Gabriela Zanfir-Fortuna’s remarks begin at 01:16),Read comments submitted from 25+ stakeholders in advance of the workshop (see the full comments here).  The day-long workshop featured a wide range of privacy advocates, academics, government regulators, economists, and other experts.

Key Points: 
  • Yesterday, on September 22, 2020, the Federal Trade Commission held a public workshop, “Data To Go,” examining the benefits and challenges of data portability frameworks for consumers and competition. As a panelist during the first discussion, FPF’s Gabriela Zanfir-Fortuna discussed: how data portability operates in different commercial sectors; lessons learned from the GDPR and other global laws; and observations on the dual nature of data portability, as both a means to facilitate competition and a right of individuals to exercise control over their data.
    • See the agenda here,
    • Watch the recording (FPF’s Gabriela Zanfir-Fortuna’s remarks begin at 01:16),
    • Read comments submitted from 25+ stakeholders in advance of the workshop (see the full comments here). 
    • The day-long workshop featured a wide range of privacy advocates, academics, government regulators, economists, and other experts.
    • Below we provide key highlights from the workshops four panels: (1) Data Portability initiatives in the European Union, California, and India, (2) financial and health portability regimes, (3) reconciling the benefits and risks of data portability, and (4) realizing data portabilitys potential: material challenges and solutions.
    Panel 1: Data Portability Initiatives in the European Union, California, and India
      • FPFs Gabriela Zanfir-Fortuna served as a panelist during Panel 1 of the workshop, discussing lessons learned from the European Unions General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other data portability initiatives in India, Brazil, and Singapore.
      • Other panelists included Inge Graef (Tilburg University), Rahul Mattan (Trilegal India), Stacey D. Schesser (Office of the California Attorney General), and Karolina Mojzesowics (European Commission), and the panel was moderated by Guilherme Roschke (FTC).
      • Panelists agreed that the GDPR and the CCPA both conceptualize data portability as a right of the data subject, underpinned by the idea that individuals should have control over how personal data is collected and used.
      • The right of data portability is more limited and nuanced under the GDPR, excluding inferences from its scope.
      • Unlike the GDPR, the CCPA also combines the right of access and portability requiring personal data to be provided in a portable format following an access request.
      • This is an issue that the European Commission intends to work on, increasing awareness, but also through initiatives to make portability practical.
    Panel 2: Financial and Health Portability Regimes (Case Studies)
      • Panel 2, moderated by Katherine White (FTC), explored case studies from the financial and health care sectors, including new health IT rules from the U.S. Office of the National Coordinator of Health Information Technology (ONC) and the UKs Open Banking Initiative.
      • Panelists from both the financial and healthcare sectors discussed the growing role of data portability in each sector, agreeing that consumer trust remains an important underlying issue for both.
      • In the healthcare industry, panelists remarked on the trend of data portability being used to improve individual access to their medical records.
      • Dan Rucker (US Department of Health and Human Services) remarked that individual data portability has long been a goal of HIPAA.
      • In the financial sector, panelists discussed Open Banking efforts in the United States and the UK.
      • Open Banking refers to the use of open Application Programming Interfaces (APIs) to enable third-party financial service providers to access consumer transactions and other financial data from banks through new financial apps and services.
    Panel 3: Reconciling the Benefits and Risks of Data Portability
      • In Panel 3, moderated by Ryan Quillian (FTC), panelists discussed the benefits and risks of data portability with an eye toward the twin aims of protecting consumers and promoting competition.
      • For example, Gabriel Nicholas (New York University) commented that the competitive effect of data portability is not uniform across sectors, arguing that the FTC should use alternative methods to promote competition.
      • Hodan Omaar (Center for Data Innovation) explained that there is a greater need for data portability in sectors where there is a greater disparity between the goals of organizations that hold data and the intent of the data subjects.
      • Peter Swire (Georgia Tech) argued in favor of keeping the theory of data portability in check with practical scenarios, pointing out that studying use cases in detail can be very helpful to understanding the limits and benefits of portability.
      • Thus, data portability might help create a place for users to have multiple homes.
    Panel 4: Realizing Data Portability’s Potential: Material Challenges and Solutions
      • Overall, panelists agreed on the need to: promote trust among individuals; provide individuals with greater control over their data; and protect and use consumer data responsibly.
      • According to Erika Brown Lee (Mastercard), a consumer-centric approach to data portability involves basing the data transfers between services on consumer requests (i.e., consent), and reducing friction for consumers.
      • Brown Lee also noted that security is the critical challenge for companies offering data portability, referring to verification and authentication in particular.
      • Discussing how responsibility and liability for downstream data should be allocated in the data portability context, Cyphers stated that liability should rest with an actor responsible for wrongdoing.
      • However, in cases where data is shared without the consumers knowledge, he stated that liability ought to rest with the data transferrer.
    Moving Forward 
      • Many complex questions remain in terms of how to make data portability workable for organizations to implement in practice.
      • In his keynote remarks for the FTC workshop, Peter Swire (FPF Senior Fellow) discussed his recently published article, Portability and Other Transfers Impact Assessment (PORT-IA).
      • Due to the sectoral nature of the issues that arise involving data portability, there is unlikely to be a one-size-fits-all solution.
      • However, as legal regimes and policymakers around the world increasingly conceptualize and implement portability and interoperability regimes, data portability tools and commercial practices will continue to develop in the data ecosystem.
  • Data to Go is a GO today

    Retrieved on: 
    Tuesday, September 22, 2020

    By: Lesley Fair | Sep 22, 2020 7:43AM

    Key Points: 
    • By: Lesley Fair | Sep 22, 2020 7:43AM
      Data To Go: An FTC Workshop on Data Portability begins at 8:30 Eastern Time this morning, Tuesday, September 22, 2020.
    • Hosted by the FTCs Bureau of Competition and Bureau of Consumer Protection, the virtual event will examine the potential benefits and challenges to consumers and competition of data portability when people can move data (for example, emails, contacts, calendars, financial or health information, favorites, friends, or social media content) from one service to another or to themselves.
    • Minutes before the 8:30 ET start, the webcast will go live from a link on the Data to Go page .
    • Staff also will be live tweeting today from the FTCs Twitter page (@FTC), using the hashtag #DataToGoFTC.