Immaterialgüter- und Wettbewerbsrecht

B2B Data Portability: A Case for Mandatory Data Porting in Cloud Services?

The proposed Digital Markets Act includes mandatory rules for business data portability, steering away from current self-governing models for cloud services. The ability of some providers to control ecosystems powered by their marketplace may support the shift, but a more defined approach is needed.

Last Update: 22.03.22

The proposed Digital Markets Act explicitly lists cloud computing as ‘core platform services,’ characterized, as per the proposal, by extreme economies of scale, strong network effects, business dependence, lock-in effects, lack of multihoming, vertical integration, and data-driven advantages. Its core argument is that certain providers are in the condition to take advantage of these seemingly natural characteristics by engaging in ‘unfair conducts,’ thereby undermining the ability of competitors to contest these services, which effectively positions them as ‘Gatekeepers.’

Proposed criteria for the designation of ‘gatekeeper’ include the provider's ability to impact the internal market, entrenched and durable position, and role as a ‘gateway’ for businesses. Most cloud providers usually host a marketplace where customers can acquire compatible services offered by third-party vendors. This strategy fosters the creation of dynamic and innovative ecosystems. While the proposal intents to target hyperscalers, this description may also include some of their customers or resellers in relation to their respective platforms.

The measures included in the proposal aspire to create a balance in the Provider/Vendor relationship. Article 6 consists of a series of obligations that support this view, including data portability obligations. Despite its well-intentioned goal, the main challenge for this proposal is that it presents an overly broad approach.

The proposal attempts to regulate all types of platforms with the same measures, disregarding differences in business models between cloud and other ‘core platforms.’ Additionally, it includes both individuals and legal entities as ‘end-users.’ This may be seeking to remediate some shortcomings in the GDPR. Still, these two groups should not be mixed since neither their needs nor level of sophistication are equal.

Moreover, it creates portability obligations for all business cases. In cloud ecosystems, business relationships' heterogeneous nature requires individual analysis with sound economic and factual support for specific cases. This includes the role of each player in the ecosystem. The proposal did not limit the focus on the ecosystem conditions for third-party vendors and resellers, or particular groups within this category who are especially vulnerable, such as SMEs, making a balanced analysis difficult.

Finally, the proposal’s broad approach requires a thorough analysis of interactions with existing regulations and upcoming proposals, such as the Data Act. In the case of the Free Flow of Non-Personal Data Regulation, if the proposal were to focus only on the Provider/vendor side of the platform, some boundaries between this proposal and the FFDR could be established by excluding providers/business customer side (business who do not offer further services in the ecosystem). Otherwise, Article 6 of the FFDR may lose legal relevance.


Doctoral Student

Jeniffer Rodriguez

Doctoral Supervisor

Prof. Dr. Matthias Leistner, LL.M. (Cambridge)

Main Areas of Research

II.3 Vernetzte Datenwirtschaft