The EU’s Digital Markets Act requires six big tech “gatekeepers” (Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft) to provide continuous and real-time data portability mechanisms to users. We’re calling on the MyData community to help us test those tools and encourage improvements, to help drive real accountability and open up the field for consumer control and third-party services. Check out the below, and join us for a testing workshop on September 25.
What’s the problem?
Each of the 6 gatekeepers named in the DMA has produced some kind of tool in response to the Act’s data portability requirements, but these were not generally or consistently meaningful and appeared to provide little actual control or accessibility to users. In response, we partnered in April with the Coalition for Online Data Empowerment (CODE) and the Ethical Commerce Alliance (ECA) to call on the European Commission to enforce the DMA’s data portability requirements, and over 50 organisations and businesses signed our open letter to the Commission’s competition chief, Vice President Margrethe Vestager.
Since then, the Commission has asked us for concrete feedback on which they can act. We also know that there has been a running dialogue between the Commission and the gatekeepers about the non-compliance of these tools, and we have seen some improvements to some of them. None of those improvements are yet clearly sufficient to meet the requirements of the law, however, and all fall short of providing users with an accessible and useful tool to port their data.
Here is an overview of what we know about each gatekeeper’s tool:
| Gatekeeper | Summary | User authorisation | Geography | Developer Guidance |
| Amazon | API for Marketplace and Ads data. | Auth for daily downloads for up to one year. | EU only | Amazon data portability API |
| Apple | API for app store data.*** | Auth for daily downloads for 30 days / or weekly downloads for 180 days. | EU only* | Apple account data transfer API |
| API for data from Chrome, Search, Play, and Android. | Single downloads. Users need to re-auth every time.** | EEA and UK | Google Data Portability API | |
| API for LinkedIn data for individual members and company pages. | Auth for daily downloads for up to one year. | EU only | Member data portability APIsPages data portability API | |
| Meta | Tools for data transfers that are hosted on Facebook and Instagram. | Daily downloads for up to one year. | Global | Guidance not yet published.Blog from 2022 is the latest public info. |
| TikTok | API for TikTok user data. | Auth for daily downloads – auth duration unclear. | EU only | TikTok data portability API. |
Why does it matter?
This is about compliance with a small part of the DMA, but the impacts can be huge and far-reaching. Importantly, implementing tools that fully comply with the spirit of the DMA will demonstrate the feasibility of enabling real data portability for users, undermining lobbying resistance and clearing the path for regulatory requirements in other jurisdictions. Showing that this can be done technically in the EU, could matter legally everywhere.
Secondly, we have reason to believe that this kind of advocacy through the European Commission is impactful. Coordinated action shows that these issues, as technical and inside baseball as they may seem, really do matter to wide the technical experts, changemakers, and businesses that constitute the MyData community. That credibility resonates with the Commission and helps keep these issues on their agenda.
What can you do to help?
Help us test these tools, to understand what data they actually provide and what the obstacles are for users. Do the APIs work? What are the authorization requirements? Is it accessible in different regions? We are hoping for a handful of volunteers whose testing efforts we can coordinate over the next few weeks. We will then consolidate the results into a short report to the European Commission, that will help to drive further improvements, accountability, and control for users.
This is the kind of grass-roots action where the MyData Global community can make a real difference, leveraging small contributions for major impacts. Come to our tool testing workshop on September 25 to help out or learn more.