The forthcoming Art. 6(9) DMA contains rules with a reference to data portability. Here is the full text of the provision for better comprehension:
The gatekeeper shall not restrict technically or otherwise the ability of end users to switch between, and subscribe to, different software applications and services that are accessed using the core platform services of the gatekeeper, including as regards the choice of Internet access services for end users.
Art. 6 (9) DMA
Objective of the regulation
This provision is intended to supplement the regulations on data portability according to Art. 20 GDPR. There, it is merely a data subject right without direct reference to competition. The effects on the market position of a platform or even its contestability are at best side effects there. Similarly, individual aspects regarding the circumstances of data portability were still open.
This is now to be compensated for by Art. 6 para. 9 DMA, which aims more at the data advantage. Easier and more effective access is also intended to improve the contestability of the gatekeeper and the innovation potential of the digital sector. According to recital 59, real-time access by the end user is of particular importance.
Overview of the regulation
Art. 6 para. 9 DMA covers the end user’s own data access. Commercial users are not covered. Their access to data is governed by other provisions of the DMA, in future by the Data Act as well as the general antitrust provisions and supplementary sector-specific bases for claims.
In contrast to Art. 20 GDPR, the end users are not to receive only the personal data concerning them. It includes all data provided by the end user or generated by his activity in connection with the use of the relevant central platform service. This goes beyond personal data and may include, for example, factual data related to third party uses (e.g. a connected machine) or usage data of the platform itself.
Due to the clarification at the end of the provision, effective data portability also includes permanent real-time access of the end-user to the aforementioned data. Article 20 of the GDPR only states that the data subject should “receive” the data, which can also include the sending of a file. Permanent real-time access includes immediate and direct access to the platform service. This is also clear from the third and fourth sentences of recital 59:
“Gatekeepers benefit from access to vast amounts of data that they collect while providing the core platform services, as well as other digital services. To ensure that gatekeepers do not undermine the contestability of core platform services, or the innovation potential of the dynamic digital sector, by restricting switching or multi-homing, end users, as well as third parties authorised by an end user, should be granted effective and immediate access to the data they provided or that was generated through their activity on the relevant core platform services of the gatekeeper. The data should be received in a format that can be immediately and effectively accessed and used by the end user or the relevant third party authorised by the end user to which the data is ported. Gatekeepers should also ensure, by means of appropriate and high quality technical measures, such as application programming interfaces, that end users or third parties authorised by end users can freely port the data continuously and in real time. This should apply also to any other data at different levels of aggregation necessary to effectively enable such portability. For the avoidance of doubt, the obligation on the gatekeeper to ensure effective portability of data under this Regulation complements the right to data portability under the Regulation (EU) 2016/679. Facilitating switching or multi-homing should lead, in turn, to an increased choice for end users and acts as an incentive for gatekeepers and business users to innovate.”
Recital 59 DMA
Access shall be free of charge for the end user. This wording does not in principle preclude the platform from pursuing further monetisation strategies. After all, the provision assumes that the end user could remain a customer of the central platform service. However, the principle of effectiveness must not be limited in this respect.
The principle of effectiveness becomes particularly important in the details of data portability. This is because the regulation does not specify a structured, common and machine-readable format such as Art. 20 GDPR. This is based on a market standard, which is not required for Art. 6 (9) DMA. Rather, the gatekeeper would have to enable every requested data access within the framework of effective data portability and provide the required cooperation or provisions free of charge. Effectiveness here depends on the — in each case concrete-individual — user perspective. As soon as it is no longer a matter of data portability, the gatekeeper may refuse to cooperate.
Access must be granted upon request. Conversely, this means that it is easier for the gatekeeper not to always have to provide access by default. However, as soon as a request is received from a user or a third party commissioned by the user, the gatekeeper must provide the full range of cooperation and provisions required for effective data portability.