The Data Protection Reform which the European Parliament, the EU Commission and the member states agreed upon last night, will allow Internet users to regain control over their personal data. Users will have the right to request the deletion of their data (“right to be forgotten”) and to know when their data has been hacked. Companies will only be allowed to collect personal data with the consent of the user.

The EU regards data protection as competitive advantage. Indeed, a single regulatory system will simplify cross-border business especially for small and medium-sized enterprises. But too general rules might stifle innovation and weaken the European economy. This is especially the case for the per-se approach to data portability.

The right to data portability will enable Internet users to transfer their personal data from one online platform to another. This is to prevent the likely case that users are “locked in“ a particular service platform like Facebook or eBay when it would take too much time and effort to transfer the already invested data such as messages, pictures or emails to another, competing provider. The right to data portability is therefore established to foster competition among online platforms.

But the regulation is too general: Not in every platform market, competition is compromised. Some users voluntarily remain with a particular online service provider. In this case, the new data portability regulation will weaken competition and impede innovation. If even small businesses are obliged to ensure data portability, they might withdraw from the market or not enter the market at all due to prohibitively high costs. Therefore, the EU should revise the rules on data portability in order to ensure an innovative and internationally competitive European business location.