Data portability is about compliance… we need to follow the money to empowerment

Hi everyone ??

Thanks for coming back to Customer Futures. Each week I unpack the disruptive shifts around Empowerment Tech. Digital wallets, Personal AI and digital customer relationships.

If you haven’t yet signed up, why not Subscribe Now.

Today is a mini dive into the idea of data portability.

TL;DR… Many countries now have excellent data portability regulations. But adoption and compliance have been sluggish. It’s because data regulations are a what.

We must also look at the why (incentives), the who (the individual) and the where (new digital tools on the side of the customer themselves).

Empowerment Tech might just be a way to finally get data portability moving.

Data portability means giving people access to copies of their data, so they can use it elsewhere.

It’s been a citizen data right enshrined in the GDPR since 2018. (For the nerds amongst you, you’ll know it’s really a competition regulation buried inside a data protection one.. but that’s for another time).

Yet adoption and compliance of data portability regs have been sluggish. Yes, many businesses reluctantly provide a ‘machine-readable’ copy of customer data to the individual. By email. Likely in a CSV file. But it’s clumsy, and almost always in hard-to-use formats.

The EU has now decided that data portability needs to be beefed up. To be implemented at scale. Not just softly ignored by large enterprises with armies of lawyers.

The European Commission believes citizens and consumers have the right to move their data - and experiences - between competing service providers.

Enter stage left: The EU’s Digital Markets Act.

Here’s the important bit, from Article 6(9) (bold mine):

“The gatekeeper shall provide end users and third parties authorised by an end user, at their request and free of charge, with effective portability of data provided by the end user or generated through the activity of the end user in the context of the use of the relevant core platform service, including by providing, free of charge, tools to facilitate the effective exercise of such data portability, and including by the provision of continuous and real-time access to such data.”

Let’s pull out the interesting points:

1. Third parties can ask for the data, authorised by an end-user

Makes sense. It’s how switching services already work in the UK today. I choose a new provider (e.g. a new neo bank) and give them permission to go and ask my previous provider (the stuffy old bank) to hand over basic customer data records. In theory, it makes switching ‘seamless’.

The UK government has gone further with bank account switching. Moving the data between providers must happen within 7 days.

So this part of the DMA will be the same, but for digital providers. Move-request-switch.

1. End users can receive the data themselves

Great. Easy for users to ask for their own data. But what can they really do with it? Download a complicated spreadsheet with random codes in it, and go line by line?

But there’s also this: how will businesses prove that it’s me receiving my data? By email? How is that different to what I can do today under the GDPR (with a Data Subject Access Request)?

1. Free-of-charge tools to facilitate data portability

Now we are getting closer. But does this just mean a user portal? Tools to trigger the request? Or to actually receive the data and make sense of it…?

1. Continuous and real-time access

This is where it gets interesting. The DMA doesn’t specify what ‘continuous’ and ‘real-time access’ mean. Would a daily batch update to the customer count as continuous? Or does the business just need to show that the datasets are continuous and uninterrupted? Or does it only really just mean continuous and real-time access TO REQUEST THE DATA?

Lots to chew over. So we must wait and see how the companies impacted by the DMA respond.

There’s good news on that: we don’t have to wait long. 7th of March?is the deadline for the big tech platforms - at least those designated by the EU as ‘gatekeepers’ - to offer these new digital data portability tools to users.

And there’s more good news: Google has already started. They are the first to respond and have done it pretty quietly. They’ve just published a Data Portability API, plus information for Google users.

But perhaps more interestingly, Google has extended these new data portability tools to the UK. Beyond the scope of the DMA.

Why would they go beyond the minimum needed in the EU? I suspect it’s because the CMA (the UK’s competition regulator) has also just announced 'Pro Competitive Interventions'. Up-to-date enforcement tools for the UK regulator around…. you guessed it… Rights of data transfer. Interoperability. You get it.

It shows that the DMA might just have a broader reach. Impact globally.

OK, why is this important? Because there’s a gap. Something missing.

Here comes Empowerment Tech

Yes, the individual can ask for their data. But where does the data really end up? In most cases, it’s sent to another business. A direct transfer. From here to there as part of switching services.

But what if the data went directly to the user themselves?

Look back at my DMA point number 2. The DMA already allows users to receive the data. But today it’s just not yet practical. Where would they put the data and what would they do with it?

Individuals don’t have their own digital tools to put their data to use…

….yet.

This is the opportunity. Because here comes Empowerment Tech:

• Data vaults and personal data stores: a place to put the personal datasets I receive from companies
• Digital wallets: a way to prove that it’s me asking for my data, and to later prove facts about the data received
• Personal AI: private and secure LLMs on my side, that work for me, making sense of my data

Together these are capabilities that all live on the customer side. And the sum will be greater than the parts. Together they are about much more than data switching.

They are about insights. They are about new data flows. And they are about control.

Here’s what I mean. Just think about the data that’s really moving between two businesses when I’m switching providers. They only share a very skinny customer profile. Mostly identity information for seamless onboarding. And perhaps payment info to move a regular payment instruction.

But think about all the other stuff that’s of interest to me. Reputation. Transactions. Rich identity data. Preferences. Products. Patterns. That’s now portable too, no?

Why should two providers - who are only switching me - share any of that other stuff? I should be able to decide who gets what, when and why.

Together, these capabilities above - the Empowerment Tech Stack - become a way to move personal data around in remarkably disruptive new ways.

For individuals to receive, clean, store and hold their data. And for most of that to be automated. Because most people, most of the time, don’t care about their identity or data.

But they do care about what they can do.

So we now have a data portability what (the regulation). And with the customer now in the picture, we have a who.

But what about the why? What can customers do with the data?

Follow the money

Data portability is an excellent and important ambition. But we must look at the incentives. What really is the business case - the value case - for data portability?

Looking at how regulators are pitching it, it’s about consumer fairness and avoiding customer lock-in. About helping users switch providers.

Yes, switching is important. But you can guess the business response. At best it’s ‘open discussion and engagement’ (nodding heads but no action). At worst it’s stonewalling and obstruction.

Why?

Because data portability - as framed by regulators - is about competition. Why would a business willingly enable customers to switch to a market competitor? Unless the regulator forces them to?

For businesses, compliance is an overhead. A cost to be minimised. Perhaps a rule to be ignored until they get caught. And sadly, for many companies, it’s just a future regulatory fine to ‘priced in’. (I’m looking at you, Facebook).

How do we know?

I offer you exhibits A and B: UK and Australia.

For the last ten years, both countries have made great efforts around data portability. Especially in financial services, telco and the energy sectors. In each case, the government has started by asking nicely. Inviting discussion and collaboration. But ultimately regulators end up forcing businesses into providing data portability APIs.

And it’s worked. Kind of. But it’s not been as seamless, or as scaled, as many had hoped for.

Plus it’s taken years to agree and implement. Blood sweat and tears to drag the large incumbents into compliance. (And in some cases, in some sectors, it’s still on ice).

For two simple reasons:

1. Because compliance is about the economics of minimising business costs; and
2. Because most businesses design their systems so that personal data can't move around.

Put these things together and it’s easy to see why data-portability-as-compliance has been like crawling through mud.

But what if there was a business case to share more data with customers?

It's why we need to follow the money.

Follow the value of portability. Customer freedom and choice? Excellent. But what about looking for other value with the data.

Not selling… but using it.

Beyond compliance

Regular readers of Customer Futures will have spotted the opportunity for Empowerment Tech.

I can already see 11 different revenue streams for a digital identity wallet. And many more across Empowerment Tech generally.

Sharing facts about me, not just the data. Sharing insights about me, not the raw dataset. Subscribing to my customer profile and preferences, so that business can better serve me when it matters. Subscribing to my needs and wishlist profiles so that businesses can serve up better, smarter offers. And many more.

Making data portable is a Good Thing. But we need to look beyond compliance (the business side), and towards new value (the customer side).

It’s how we can uncover new incentives for data portability. By looking at the where (customers), not just the what(regulation) and how (APIs).

The EU is already ahead.

Not only with the Digital Markets Act, where end users can themselves request their data. But with the EU Digital Identity Wallet. Where by 2030, 80% of EU citizens will be offered a portable digital wallet.

Yes, users will be able to hold a portable digital ID. But when viewed as a way to trigger data portability in the DMA, we might just have the kindling for a wave of disruptive new services across the digital economy.

A user (citizen) requesting their data via an approved digital wallet (eIDAS), from a large digital platform (‘Gatekeeer’), under their new continuous and real-time data portability rights (the DMA).

Because ultimately, both eIDAS (with the digital wallet), and the DMA (with real data portability teeth) are about digital empowerment.

And both go way beyond what’s been possible with the GDPR. (Which was always more about data protection than about data use). Yes, Empowerment Tech will unleash the data rights of the consumer.

But it will also change the very economics of data portability.

Pay attention folks. What looks like a compliance overhead today could be a new revenue stream tomorrow. And almost certainly a digital competitive advantage.

Empowerment Tech might just be a way to finally get data portability moving.

Thanks for reading this week’s edition.

If you’ve enjoyed it, and want to learn more about the future of personal data, digital wallets and customer engagement, then why not Subscribe Now.