A Longitudinal Analysis of Corporate Data Portability Practices Across Industries

Lock-in practices of online services hinder consumers from switching frictionlessly to a competitor once they are unsatisfied with the company’s service offering, privacy practices, or philosophy. The right to data portability (RtDP) is one of the strongest measures introduced by recent privacy regulations to unlock continuously collected user data from centralized silos of market leaders. Introducing the obligation to provide means of data transfers between services, it aims to establish decentralized online markets and to foster competition. In this longitudinal study comprising a unique dataset of 129 online services over three consecutive years, we are the first to provide evidence on the development of the effectiveness of the EU’s RtDP. Astonishingly, only 16% of services could provide a compliant data export in all years, with services from the industries Entertainment and Travel performing worst. Overall, Finance & Insurance and Social Networks & Messaging include the services with the highest compliance rates. Regarding the usefulness of data portability, our analysis unveils that data export scope and data import options have stagnated between 2020 and 2022. Further, we are able to show that online services with a high presence of third-party trackers are less compliant and ready to export data from their systems. Lastly, our regression analyses show that service popularity significantly increases format compliance, export scope, and import options. This suggests that competitors to incumbents still perceive the regulation more as a bureaucratic burden than a unique opportunity to attract new consumers and their data.