Knowledge Portability beneath India’s Private Knowledge Safety Invoice and Competitors regulation within the digital sector: Key takeaways from the GDPR

The depth of competitors and the problematic conducts of enterprises working in digital markets have been focal factors for dialogue throughout many outstanding jurisdictions, as an example, the European Union.

The Competitors Fee of India has additionally been actively learning the rising traits and challenges to make sure competitiveness within the digital sector. By way of its market research [1] and case inquiries [2] undertaken within the current previous, the fee has recognised the function of knowledge, its financial worth and the aggressive benefit it yields.

Given the rising relevance of client’s knowledge in digitally intensified companies, it’s indispensable to strike a stability between competitors and privateness concerns which are usually seen at a crossroads. Whereas defending the patron’s knowledge is important, its financial relevance for companies in constructing new services can’t be denied. This has prompted many international locations to enact or replace their privateness legal guidelines retaining tempo with the challenges that expertise has infused for companies and shoppers.

The Private Knowledge Safety Invoice, 2019 (proposed invoice) [3] is one such laws proposed to construct a sturdy knowledge safety regime. In December 2021, the Joint Parliamentary Committee (JPC), constituted to check and supply its opinion on the invoice, offered its much-awaited report [4].

The invoice intends to include the appropriate to knowledge portability which can also be recognised as a pro-competitive measure for present competitors regulation points in digital markets [5]. On this background, the evaluation of the appropriate as enshrined within the invoice, the JPC’s suggestions and believable results on creating competitors regulation jurisprudence have many essential implications on how portability ought to be interpreted within the digital sector.


Knowledge portability and its relevance as a treatment

Entry to related databases permits productive functioning of machine-led learnings and utility of algorithms for profit-making enterprises. Knowledge processing and the inferences procured by means of previous person interactions permit enterprises to repeatedly innovate, improve their R&D and create distinctive monetisation alternatives by strategising use-cases [6].

Whereas the info gathered over time additional strengthens the incumbents’ place out there, the inaccessibility to related shoppers’ databases can increase considerations for potential and nascent rivals. This may act as an entry barrier that’s strengthened by existence of robust community results. Moreover, datasets gathered and processed by enterprises are used to over-personalise interfaces, elevating the switching prices. These prices are related to customers’ going through friction in terminating ties with their present service suppliers, given the problem of replicating the info and its worth over a special service supplier.

Knowledge portability is known to scale back these switching prices by permitting customers to manage their knowledge and switch it to different service suppliers. Its inclusion within the regulation may help obtain better contestability, product enchancment, and total development by introducing competitors and superior applied sciences within the markets [7].


Evaluation of the provisions and Committee’s suggestions from competitors regulation lens and the takeaways:

  • Function, compliance price and nascent competitors

Accessible proof from regimes just like the GDPR exhibits that corporations are spending about $1.3 – $ 1.8 million yearly complying with knowledge safety legal guidelines [8]. Research present the expertise/software program sector experiencing the second-highest development in regulatory compliance prices (99%) between 2011 and 2017 after the healthcare sector [9]. Comparable evidences from the US market means that compliance price roughly is estimated to be round $510 million for corporations yearly for knowledge portability alone, costing shoppers and organisations cumulatively round $18 billion yearly [10]. Therefore, portability is cited as probably the most costly and complicated company obligations. The related prices embrace improvement, authentication, processing and upkeep. Furthermore, for digital enterprises that undertake enterprise in borderless our on-line world, prices would additional amplify as enterprises are subjected to totally different portability legal guidelines throughout totally different nations.

Clause 19 of the proposed invoice largely resembles the GDPR in its essence, making use of it alike to all knowledge fiduciaries, and requiring them to permit portability in a machine-readable format. This requires cautious consideration since prices wouldn’t solely differ throughout jurisdictions however would additionally range in several digital markets. The form of market, the corporate’s measurement, operations, variety of customers it caters to, and the utility knowledge yields range throughout markets. Whereas few enterprises could depend on procuring knowledge by means of preliminary investments and subsequently start operations, others may rely extra on the inferences drawn from knowledge already collected as a pure product of its operations out there. Therefore, making use of portability with none differentiation can have an effect on the environment friendly functioning of the enterprises counting on such knowledge.

Furthermore, nascent and small gamers could not have the requisite information or assets to develop methods that permit knowledge portability. Whereas the know-how might be developed over time, making use of portability alike with out contemplating the scale and assets on the disposal of sure gamers may in the end make enterprises devoid of datasets, primarily required for expertise to work and yield outcomes.

Recognising the implications related to portability necessities on the enterprise, the State of California, in its regulation, prescribed necessary knowledge portability just for a worthwhile enterprise, confirming to a minimal threshold. Prices associated burden has additionally been recognized by Commerce Union Advisory Committee (OECD) [11] and nations like Singapore [12] and the UK [13], emphasising the necessity for extra specific trade requirements on portability. As India makes an attempt to ascertain its knowledge safety regime, policymakers have to acknowledge how the related prices can have an effect on companies and shoppers economically in the long term.


  • Portability of non-public knowledge and its aggressive relevance: Classes from EU

Given the worth digital companies derive from datasets, permitting portability with out learning its possible impression may in the end hurt competitors and client welfare, adversely affecting enterprise actions. Inputs from the EU present essential insights into how portability should be interpreted to work as a contest regulation treatment.

The ambit of non-public knowledge

Definition of non-public knowledge beneath the GDPR contains ‘straight or not directly identifiable data’ on ‘identify, an identification quantity, location knowledge, an internet identifier, to a number of elements particular to the id of a pure particular person – bodily, physiological, genetic, psychological, financial, cultural or social’. [14] The proposed invoice, nevertheless, contains knowledge “straight or not directly identifiable” together with any inference drawn from such knowledge for the aim of profiling” beneath private knowledge and prescribes portability for ‘voluntarily offered, generated knowledge or knowledge forming a part of the profile or in any other case obtained’ [15]. It’s pertinent to notice that the invoice nowhere defines generated, obtained or inferred knowledge retaining its scope open to interpretation.

For digital enterprises the worth and utility derived by means of every could differ. Contemplating the identical, Tips on Proper to Knowledge Portability (2017) [16] particularly exempted inferred knowledge or derived knowledge from the purview of portability even in instances the place it’s associated to non-public knowledge. The rationale is that fiduciaries create inferred and derived datasets over time for deriving predictions and; porting, which might have an effect on companies and competitors. Therefore, the inclusion of ‘inference drawn’ and its that means requires deliberation, contemplating its financial relevance.

The Exceptions

The GDPR exempts ‘commerce secrets and techniques’ and ‘data whose portability is technically unfeasible’ from the mandate of knowledge portability. Each the exceptions discover a place within the proposed invoice. On safety to commerce secrets and techniques, the EU grants safety to data comprising – ‘knowledge not recognized to the general public at giant’, ‘has a business worth’ and ‘fiduciaries have taken steps to maintain the knowledge secret’ [17]. As an example, within the digital sector, ‘algorithms’ have been granted safety beneath the GDPR, contemplating the financial significance and worth it generates [18].

The JPC, nevertheless, in its suggestion, has really helpful eradicating the exception citing excessive possibilities of manipulation [19]. It should be thought-about that eradicating this exception would imply compelling enterprises to over-share knowledge, making them extra accountable. This might hamper the functioning of expertise and should negatively impression competitors. Therefore, ‘inclusion of inferences drawn’ and ‘suggesting removing of commerce secrets and techniques’ requires cautious scrutiny from the competitors regulation perspective.

On the technical feasibility exception, Recital 68 of the GDPR signifies that enterprises are required to take care of minimal interoperability [20], permitting customers to gather and switch their knowledge simply between totally different service suppliers. The Committee, nevertheless, has urged leaving interpretation of ‘technical feasibility’ to the fiduciaries in a fashion specified by means of rules [21]. If the suggestion is accepted, the rules should specify the moveable datasets and be sure that exception is just invoked the place crucial, with none manipulation.



The character of the info collected by digital enterprises, the worth so created, and its utility differs throughout markets. Whereas just a few enterprises could derive substantial worth from private knowledge, others may depend upon inferences drawn by means of the processing of such knowledge. Portability could hamper competitors with out making use of intelligible differentia, depreciating the worth that enterprises procure from knowledge. Devising insurance policies, sector and market-specific rules by means of collaborative session between sectoral regulators is important for a good competitors and client welfare stability. Insurance policies should make clear the character of the enterprises topic to necessary porting necessities, those exempted, and their respective thresholds of knowledge volumes contemplating financial points of companies and the prices construction connected.




[1] Competitors Fee of India, ‘Market Research on E-commerce in India (08-01-2020), Accessible at;  Competitors Fee of India, ‘Market Research on the Telecom Sector in India’ (22-01-2021), Accessible at

[2] In Re: Up to date Phrases of Service and Privateness Coverage for WhatsApp Customers, (Case No. 01 of 2021), Accessible at

[3] The Knowledge Safety Invoice, 2019 (Invoice No. 373 of 2019), Accessible at,%202019.pdf

[4] Report of the Joint Parliamentary Committee on The Knowledge Safety Invoice, 2019 (New Delhi, December 2021) Accessible at,%202019/17_Joint_Committee_on_the_Personal_Data_Protection_Bill_2019_1.pdf

[5] OECD, ‘Knowledge Portability, Interoperability and Competitors – Be aware by India’ (DAF/COMP/WD(2021)31,  Might 10, 2021, Accessible at content=Introduction-,1.,topercent20choosepercent20amongpercent20competingpercent20providers.&textual content=Thispercent20wouldpercent20ensurepercent20networkpercent20effects,3.

[6] Julius Baecker, Martin Engert, Matthias Pfaff, Helmut Krcmar, ‘Enterprise Methods for Knowledge Monetization: Deriving Insights from Observe, (March 2020) Accessible at https://www.researchgate.internet/publication/339797599_Business_Strategies_for_Data_Monetization_Deriving_Insights_from_Practice

[7] Centre for Digital Future, ‘Initiative on Alternative, Competitors and Innovation (ICCI) Launch Occasion, Keynote Handle, Accessible at

[8] Edward Longe, ‘GDPR Was Dangerous for Europe; U.S. Wants Its Personal Path’ (December 8, 2021)

Accessible at

[9] globalscape by HelpSystems ‘The True Value of compliance with Knowledge Safety Rules’ (Ponemon Institute LLC, December 2017), Accessible at

[10] The Value of an unnecessarily stringent Federal knowledge privateness regulation, Accessible at

[11] OECD, ‘Knowledge Portability, Interoperability and Competitors – Be aware by TUAC’, Accessible at

[12] Dialogue Paper on Knowledge Portability (Private Knowledge Safety Fee In collaboration with Competitors and Client Fee of Singapore), Level 4.8, Accessible at resource-for-Organisation/Knowledge-Portability/PDPC-CCCS-Knowledge-Portability-Dialogue-Paper—250219.pdf.

[13] OECD, Knowledge Portability, Interoperability and Digital Platform Competitors (2021) Level 5.3, Accessible at

[14] Article 4 (1) GDPR

[15] Clause 19, The Private Knowledge Safety Invoice, 2019, Accessible at,%202019.pdf

[16] Tips on Proper to Knowledge Portability (2017), Working Social gathering, European Fee (16/EN WP 242 rev.01), Accessible at file:///C:/Customers/Admin/Downloads/wp242_rev_01_en_D8A6FCF6-9039-846A-0C8040819826D818_44099.pdf

[17] European Union, ‘Commerce Secrets and techniques’, Accessible at

[18] Ibid at 16

[19] Ibid at 4 No. 2.85, pg.78

[20] Ibid at 16

[21] Ibid at 4 No. 2.85, pg.78

Leave a Comment

Your email address will not be published.