Proposed legislation in India would grant people a “right to data portability” (RDP), allowing them to retrieve their personal data from data controllers and transfer it to other such controllers. This, in effect, would give people a right to social graph portability as well. While there is a foundation in law and policy for such rights in India, it is not necessarily a strong one.
This paper analyzes the legally nuanced pros and cons of RDP to determine if it has a net benefit. Specifically, the paper takes a look at seven issues, including: (1) how the legal doctrine of ‘privity of contract’ applies here; (2) the differences between User Loaded Data and User Generated Data; and (3) the cyber-security risk associated with moving data from platform to platform.
The authors conclude that while the RDP may be a credible solution to the lock-in effect of large social networking platforms, it may pose several practical and technical challenges which may outweigh its benefits.