The ACCESS Act Raises More Questions Than It Answers

Executive Summary

  • The Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act establishes a data portability mandate and an interoperability mandate for large companies that meet certain user and revenue criteria, with the bill affecting primarily those commonly known as “big tech.”
  • Advocates for such mandates argue they will reduce the advantages that incumbents have, but the competitiveness of tech platforms involves far more than just user counts.
  • The interoperability and data portability mandates in the ACCESS Act are vague, defer important questions to the Federal Trade Commission (FTC), and neglect to answer many of the key questions around interoperability and data portability, such as who is responsible for data security and privacy.


Recently, a package of antitrust bills aimed at “big tech” companies such as Amazon, Google, Facebook, and Apple was introduced in the House of Representatives. One of the key bills in this legislative package is the Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act, which establishes mandates for interoperability and data portability. Specifically, the legislation would require large platforms to make their interfaces compatible with competing platforms and to establish data transfer protocols. Advocates for these types of mandates claim the nature of the digital marketplace locks in consumers to bigger platforms, regardless of the quality of the service, as switching to a new platform implies losing access to a valuable network of users.

While both data portability and interoperability may be beneficial in some scenarios, the ACCESS Act has the potential to severely disrupt the digital economy and the tech industry in the United States. Many key aspects of the bill focus on the Federal Trade Commission (FTC), increasing the agency’s power as well as the government intervention into this market. The bill establishes new technical committees inside the FTC, which will determine the conditions of these mandates for each covered platform. This primer reviews the bill’s main provisions and its potential impact on the tech industry.

The Key Measures of The ACCESS Act

While often confused with each other, the mandates for data portability and interoperability have two different implications. Data portability allows users to initiate a transfer of their data from one service to another, while interoperability requires a platform to allow other parties to interact and exchange data with it. These definitions can seem broad, and there is a spectrum of portability and interoperability options. The impact of these mandates depends highly on the definition of these concepts, as it can raise different technical, economic, and privacy concerns.

The central proposals of the ACCESS Act establish a data portability mandate and interoperability mandate for large companies that meet certain thresholds established in the bill. Platforms that are considered to be violating these mandates will be considered to be in violation of Section 5 of the FTC Act, which prohibits unfair or deceptive business practices. For a platform to be subject to the bill’s requirements, it must meet the following criteria:

  • Have at least 500,000 U.S.-based monthly active users or 100,000 U.S.-based monthly active business users in the year preceding the filing of a complaint;
  • Be owned or controlled by a person, partnership, or corporation with net annual sales or a market cap greater than $600 billion in the 2 years preceding the filing of a complaint; and
  • Be considered a critical trading partner for the sale or provision of any product or service offered on or directly related to the online platform.

The act defines a critical trading partner as a “trading partner that has the ability to restrict or impede (A) the access of a dependent business to its users or customers; or (B) the access of a dependent business to a tool or service that it needs to effectively serve its users or customers.”

The covered platform designation applies for 10 years, a significant time in a perpetually evolving field such as technology, and the designation can only be dropped with approval from the FTC.

ACCESS requires the FTC to establish requirements for portability and interoperability and enforce compliance with these requirements. To aid the FTC in this task, the bill also establishes a technical committee for each covered entity. Each committee is composed of representatives of businesses that the FTC considers users or competitors of the platform, representatives of competition or privacy advocacy organizations, a representative from the National Institute of Standards and Technology, and a nonvoting representative of the covered platform.

Reassessing the Impact of Switching Costs

Advocates for interoperability and portability mandates often cite concerns about the switching costs consumers face that create a “lock-in” to existing social media platforms or mobile operating systems. Advocates for these mandates claim that these costs are particularly high in the tech space, as digital platforms benefit from “network effects,” a term used to describe products that become more useful as their user base increases. Mandating interoperability and data portability would significantly reduce such costs and enable newer platforms to compete on a more level playing field, they contend.

Assessing the competitiveness of the digital market merely on user count ignores other relevant metrics, however, such as screen time, user engagement, or marketability. In the digital market, unlike the physical goods and services market, competition in not zero-sum. While buying one particular box of cereal in a grocery store usually means that a competing brand’s similar cereal isn’t being bought, this is typically not the case in the digital marketplace. There, signing up for Facebook does not bar a user from signing up to other social media platforms such as Twitter or TikTok, as there are no sign-up fees. Getting users to sign up to a platform is the first level of competition, while the fiercest competition is for users’ attention and advertisement revenue.

Establishing mandates is not necessary  to spur competition or lead consumers to new products. Innovators are aware of the necessities of growing their user base to compete in these markets and have incorporated measures to do so. For example, Tik Tok and Snapchat severely limit the content users are able to access without signing up and downloading their applications. This way, they increase the incentives for users to sign up for their service, thus making their content more exclusive. Mandated interoperability would prohibit this strategy, damaging competition and aiding established players.

Mandated interoperability also diminishes the ability of platforms to stand out for their ad-targeting strategy, as all information they collect on users is automatically shared with competitors. Initially, this sharing would be helpful for small platforms, as it gives access to the customer data from bigger platforms. This interoperability would prevent them from gaining an edge by implementing new data-collection strategies, however, a crucial step in the consolidation of platforms such as Facebook and Google. Any new data collected would automatically be shared with competitors, preventing emerging platforms to stand out to advertisers for their targeting mechanisms.

Additionally, major platforms Google, Apple, Microsoft, Facebook, and Twitter co-created the Data Transfer Project, an initiative to establish a protocol to enact data portability in a way that is compatible with multiple platforms, while also addressing privacy and security concerns for their users. This project acknowledges the benefits portability could give to consumers, but it also has enabled the involved companies to work through the challenges that may come with portability apart from ill-considered mandates. As a voluntary, open-source initiative, this project will allow for the establishment of a shared portability protocol and platform, where platforms that deem it useful will make use of it. On the other hand, ACCESS will create a one-size-fits-all blanket mandate that will lock down companies and users who may not agree with it, reducing overall choice in the market.

The Questions Left Unanswered by ACCESS

ACCESS fails to address many practical concerns regarding the implementation of its new mandates. As mentioned previously, many key aspects will be left to the newly established FTC committees. For example, while the bill requires platforms to implement an interoperability interface that is transparent and third-party-accessible, it also mandates that competing business have reasonable data security for the data they request. ACCESS does not, however, define what the terms “transparent,” “accessible,” or “secure” look like, leaving those definitions to the FTC committees. In general, ACCESS establishes the mandates, but leaves many of the specifics—such as its terms or how they are to be implemented—vague and for the future determination of the FTC.

In addition to data security questions, the interoperability aspects of the bill also raise concerns about how they may apply to existing understandings of data privacy. In order for interoperability to be effective, third parties must have access to the data of users who may or may not have signed up to the competing platform. When implementing interoperability, it is important to consider what data are to be shared, what steps platforms can take to limit how much of that data is accessible to competing platforms, and how appropriate liability for data access will be established. ACCESS does not clearly establish the legal framework for such key elements, leaving existing privacy concerns unanswered.

An overly broad access standard could force platforms to share sensitive user data with potentially insecure third parties. Additionally, some have expressed concerns over the implementation of the data security requirement, as the bill stipulates platforms will be held liable not only for the data they acquire from the interoperability platform, but from their systems as a whole, a liability that would have a significant impact on the current platform ecosystem.


The ACCESS Act seems to raise more questions than it answers. Its interoperability and data portability mandates defer largely to the FTC and neglect to answer many of the key questions around interoperability and portability. Even if it were to lower “switching costs,” as its proponents claim, it could do so at the expense of users’ privacy and safety. When assessing tech platforms, ACCESS focuses too narrowly on certain elements such as user count, and it ignores many important metrics such as screen time and ad revenue that show the digital economy is already both highly competitive and diverse. As a result, despite its intentions to improve the technology market, the interventions in ACCESS could harm consumers as well as both current and emerging platforms.