The question should be as you state, but you should have also add at the end "..for achieving the same level of security," I'd assume this is what you meant.
To get a reasonable security in modular exponentiation over an elementary number theoretic group (say, prime order group) one needs to get a security of 2^80 say, an exponent size of about 1000 (or even 2000, more or less, I am not doing exact calculations), given the various methods to extract discrete log in these group representation over the modular subset of the integers. For elliptic curve (if chosen wisely) the best algorithm for d. log. is the generic one, so a size of 160-200 bit scalar is needed so already 5 -- 6 (or even 10) times less bits to perform on, thus making the ECC curve multiplication much faster (even if the basic per bit op is more involved).
The ECC is therefore faster and consumes less space.
But: the fields of characteristic 2 as in the paper presented above are not suitable for cryptographic operations.... (I guess the question was motivated by these, the results are good for many other operations).
For direct computation both have a polynomial time, then
for the inverse Modular exponentiation has a time under expontial such that Elliptic curve scalar multiplication has a expontial time. ECSM is more efficient for cryptography than Modular exponentiation