Overcoming roadblocks to porting your data

SWIPO (SWitching from provider and POrting non-personal data) is the name for the working groups, comprising users and providers, set up to address EU Regulation 2018/1807 on the free transfer of non-personal data in the EU. One goal of the Regulation is to resolve the legal, contractual and technical roadblocks that make it difficult or impossible for companies using data processing services, to port their data from one service provider to another, or even back to their own systems.

The SWIPO working groups are drafting self-regulating ‘Codes of Conduct’ to address these roadblocks. These codes should define best practices and information requirements that reduce vendor lock-in, by making it smoother to switch providers and simplifying data porting. And they should ensure that Cloud Service Providers supply business users with detailed, clear and transparent information before signing a contract for data storage and processing.

The general SWIPO Principles
  1. Switching between service providers and data porting must be possible, effective, not cost consuming, and easy.
  2. The ability to port data without hindrance is a key factor in facilitating user choice and effective competition on markets for data processing services. [Consideration 29]
  3. In order to take full advantage of the competitive environment, professional users should be able to make informed choices and to easily compare the individual components of various data processing services offered in the internal market, including in respect of the contractual terms and conditions of porting data upon the termination of a contract. [Consideration 30]
  4. Trust enhancement in the security of cross-border data processing is a key factor to improve the legal certainty for companies as regards compliance with the applicable security requirements when organisations outsource their data processing activities to service providers, including to those in other Member States. [Consideration 33]
  5. All security requirements related to data processing that are applied in a justified and proportionate manner on the basis of Union or national law in compliance with Union law in the Member State of residence or establishment of the natural or legal persons whose data are concerned, will continue to apply to processing of that data in another Member State. [Consideration 34]

(Source: SWIPO Common Scope and Approach Version 0.10 10 June 2019, our bold and references to the corresponding considerations of the Regulation.)

The above principles do not appear in the 2020 version of the document. This is very unfortunate, as they could be inspirational for the future evolution of the Code of Conduct.