Comparison of Legal Systems for Data Portability in the EU, the US and Japan and the Direction of Legislation in Japan

Abstract

AbstractThe General Data Protection Regulation (GDPR) is legislation for the protection of personal data that applies in the EU. Article 20 of the GDPR stipulates the Right to data portability as one of the rights of data subjects. The monopoly on data held by digital platforms, such as GAFA (Google, Amazon, Facebook, Apple), is becoming a significant issue, and in this context, there is a need for the right to data portability in terms of not only the right of data subjects to reclaim their personal data but also promoting competition among businesses. The California Consumer Privacy Act (CCPA) of 2018 is the first comprehensive legislation for the protection of personal data in the US, albeit at the state level, with provisions similar to the EU GDPR; the CCPA establishes the Right of access and portability in Section 1798.100 as one of the rights of consumers. The California Privacy Rights Act (CPRA), passed in 2021, amends the CCPA to further strengthen the rights stipulated therein. The Bill of the Consumer Online Privacy Rights Act of 2019 (CORPA) was introduced in the Congress in 2019 and may become the first comprehensive legislation for the protection of personal information in the US at the state level. In recent years, in addition to the GDPR in the EU and the CCPA, the CPRA and the CORPA in the US, provisions relating to the obligation of data portability from the perspective of policy on competition are also included in the new Digital Markets Act (DMA) proposed in the EU and the (federal-level) ACCESS proposed in the US. This study compares the legal systems of the EU, the US and Japan with regard to data portability and shows the direction of legislation in Japan.KeywordsData portabilityGDPRCCPACPRACORPADMAACCESS