The proposals would grant consumers increasing rights to require providers to share access to their data directly with chosen third parties.
The UK government has released a consultation advocating the introduction of sweeping new requirements for service providers to share both consumer data (upon request) and data regarding their own products and services, with third parties. The proposals, released on 11 June 2019 by the Department for Business, Energy and Industrial Strategy (BEIS) in its Smart Data report and consultation, are indicative of a wider drive toward requiring companies to free up access to the data they hold. The drivers behind this include a desire to increase competition, foster the growth of data-driven services, and improve consumer choice.
The proposals follow the introduction of a range of sector-specific initiatives in the UK and is part of a concerted government focus on digital strategy, as evidenced in its recent white paper on Regulation for the Fourth Industrial Revolution, as well as the National Data Strategy introduced last year.
Focus on Data Portability in Regulated Markets
At the heart of the proposals is the concept of “Smart Data,” or data that is “easily and instantly accessible” and capable of being “safely and securely transferred to third-party services”. In practice, this means consumers are entitled to require existing providers to share with chosen third parties — either immediately or on an ongoing, real-time basis and via a common format and means of transmission (APIs) — access to the data (including personal data) these providers hold about them. This is in addition to requirements for providers to share information about their own products and services in the same or similar ways (i.e. on an ongoing, real-time basis and via common format etc.). One example of the kind of new data-driven service that the Smart Data initiatives is trying to encourage is an app that tracks a consumer’s usage of a particular service, draws in market data from competing providers, and then prompts the consumer when better deals become available for his or her circumstances.
While the General Data Protection Regulation already grants consumers a right to ‘data portability’ in relation to personal data held about them, Smart Data broadens this concept out significantly, both in terms of the way in which data must be shared (see above) and the type of data in scope (not restricted to personal data). In terms of the third party recipients of the data (e.g. the app provider in the example above), these parties will be subject to certain restrictions – while the precise rules are likely to vary from one initiative to another, the report proposes that for certain high risk data (e.g. pensions) there should be a requirement to seek accreditation.
In its consultation, BEIS advocates introducing individual Smart Data initiatives across the “regulated markets”, i.e. utilities, communications, rail, and financial services. These initiatives would essentially be separate from one another and subject to specific rules, albeit with a high degree of coordination as outlined below. The report acknowledges that a number of market-specific initiatives are already in progress — including the Open Banking and Pensions Dashboard regimes in financial services — and, with one exception, does not specify when further initiatives can be expected to be formally introduced. The report does, however, introduce an Open Communications initiative that would roll out the Smart Data concept in the communications sector by requiring communications providers to share consumer and product data (likely to include e.g. personal usage data and information regarding deals across the market) with third parties in the way described above. Looking ahead, the report also proposes introducing legislation that would make it easier and quicker for the government to give effect to future Smart Data initiatives, by enabling them to be introduced via secondary legislation on a case-by-case basis – at this stage it is unclear exactly what this process might look like in practice.
Aside from addressing market-specific initiatives, the report advocates the consolidation and coordination of rollouts through the establishment of a cross-sectoral “Smart Data Function”. This body would oversee Smart Data initiatives across markets, review effectiveness, and facilitate the sharing of knowledge and experience, among other functions.
Potential Expansion Into Digital Markets
Strikingly, the proposals also touch upon the potential extension of Smart Data into the “digital market” (e.g., social media companies). This aspect, with a view to allowing users to, for example, port their social media history across platforms, will be consulted on separately later in the year. The focus on the digital market follows another recent (albeit separate) set of proposals that target user-content platforms such as social media providers, in the form of the proposed new Online Harms regime.
Two further focus points of the proposals are examining how to maximise the benefits of Smart Data for vulnerable consumers and protecting the security of data. “Vulnerable consumers” include, for example, those who rely on others for care and who may not be in a position to access internet-based solutions themselves. In these cases it is envisaged that trusted third parties (such as carers) might be given the ability to access solutions on behalf of those consumers, thereby ensuring that they still receive the benefit of the reforms. In terms of security, it is proposed that third-party providers who receive “high risk” (e.g., transactional) data would need to be accredited (as is the case under the Open Banking regime) and onward transfers of such data would be permitted only for certain approved purposes.
In forcing banks to provide certain third parties with real-time access to consumer and bank data, the Open Banking regime was viewed by many as a pioneering way of increasing competition, facilitating new technology-driven services, and empowering consumers. It is therefore no surprise to see the government broaden that concept out into other markets. However, the extent of the proposed rollout and the suggestion that it may soon encompass the digital market (including social media providers) may catch some off guard.
Many — not least potential third-party recipients of data — are likely to welcome attempts to both coordinate the rollout of Smart Data and leverage the experience of existing initiatives such as Open Banking. However, serious questions remain as to how future Smart Data initiatives might interact with existing regulatory regimes. For example, who will be tasked with regulating the new proposals (and will these regulators be sector-specific)?
The BEIS consultation will be open until 6 August 2019. Organisations are advised to keep abreast of the outcome and start taking preparatory steps to ensure they will be able to comply with the new requirements they are likely to face, particularly if they fall within the scope of the Open Communications initiative.