Download PDF

Interoperability and Portability in the Wild: Lessons from the Data Sharing Practitioners Workshop

Gabriel Nicholas

Executive Summary

A new kind of tech company is on the rise. They are called data users, and they don’t collect data themselves but rather allow consumers to bring their data over from elsewhere to realize its value in new ways. Data users offer novel benefits to consumers and improve competition and innovation in the tech sector at large. They often depend on data sharing regulation, particularly interoperability and portability, to make sure firms that control consumer data, called data holders, offer consumers the technical means to move their data to new services. Much ink has been spilled about how different sectoral regulators can balance the economic and consumer benefits of data sharing with the potential cybersecurity and privacy risks. However, these conversations tend to be dominated by the data holders, who have the resources to make themselves heard and the market incentives not to let consumers move their data. Data holders thus restrict data sharing, and data users, too siloed in their individual sectors to voice their shared concerns, are left to deal with the fallout.

The Engelberg Center on Innovation Law & Policy at NYU Law held the Data Sharing Practitioners Workshop to uncover the common difficulties data users have with data holders in how they allow consumers to share their data. The workshop brought together industry representatives from six sectors: healthcare, finance, energy, agriculture, automotive, and medical devices. Some of these industries have data sharing regulation already; others, particularly hardware-centric industries, have little to none. All face major barriers to portability and interoperability from data holders. This workshop summary paper is intended to give voice to the often-unheard but surprisingly consistent concerns and policy interests of data users. It is not meant to weigh these interests against those of data holders, nor to endorse any specific data sharing policy.

This workshop uncovered a few common strategies data holders employ to make it more difficult for consumers to bring their data to new services. Participants explained how data holders create poor user experiences for consumers sharing data with third parties and give preferential treatment to themselves and partners. When data users do receive data, it can be difficult for them to use because data holders often do not adopt common technical standards or document their proprietary standards. Together, these lead data users to find unsanctioned ways for consumers to bring their data over, such as screenscraping and reverse engineering, which create new privacy and security vulnerabilities for consumers and new opportunities for data holders to discriminate access.

Workshop participants also noted some common policy misconceptions that have let poor data sharing practices to proliferate. They questioned the common wisdom that competition between data holders naturally leads to improved data sharing practices. They also generally believed that debates over data ownership distract from more important questions about who has access to data and how. Finally, participants criticized policymakers for siloing conversations about data sharing from conversations about privacy and security. Workshop participants expressed interest in a few alternative approaches to improving data sharing policy: empowering uncaptured standards bodies, permitting alternative data access methods, and improving the consumer experience of sharing data.