Definition:

Right to data portability (Ro: dreptul la portabilitatea datelor cu caracter personal, Gr: δικαίωμα στη φορητότητα των δεδομένων) (International Trade law, Internet law, Data Protection law) = the right of the data subject to receive their personal data  previously provided to a controller, in a structured, commonly used and machine-readable format (the data should be easy to download, organised and machine-parsable) and to transmit the data to another controller. This right is one of the fundamental data subject rights enshrined in the General Data Protection Regulation and it represents one of the new issues enacted by this European regulation.

Essentially, this data portability refers to the right to transfer personal data from a controller – usually an organisation – to another controller – another organisation.

Two categories of personal data fall under the scope of the right to portability: (i) actively and knowingly provided data by the data subject to the controller – such as name, hobbies, interests, e-mail address and so on, and (ii) observed data indirectly provided by the data subject – for example, raw localisation data provided by the apps/services used by the natural person, activity logs or online history and so on. Inferred and derived data does not fall under this right (e.g. health assessment, credit scores and so on).

 

Useful links:

Legislation

http://www.legislation.gov.uk/ukpga/2018/12/contents/enacted - Data Protection Act 2018, United Kingdom [English]

https://rm.coe.int/convention-108-convention-for-the-protection-of-individuals-with-regar/16808b36f1 - Council of Europe, Convention 108+ for the protection of individuals with regard to the processing of personal data [English]

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679 – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [English]

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32018R1725&from=EN - Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the EU institutions, bodies, offices and agencies [English]

https://www.isipp.com/resources/full-text-of-the-california-consumer-privacy-act-of-2018-ccpa/ - California Consumer Privacy Act 2018, United States of America [English]

 

Online Publications

Banda C., Enforcing Data Portability in the Context of EU Competition Law and the GDPR (September 13, 2017). MIPLC Master Thesis Series (2016/17), available at SSRN: https://ssrn.com/abstract=3203289

Graef I., Husovec M., Purtova N., Data Portability and Data Control: Lessons for an Emerging Concept in EU Law (December 15, 2017), TILEC Discussion Paper No. 2017-041 in German Law Journal 2018, vol. 19 no. 6, Tilburg Law School Research Paper No. 2017/22; TILEC Discussion Paper No. 2017-041, available at SSRN: https://ssrn.com/abstract=3071875 or http://dx.doi.org/10.2139/ssrn.3071875

Hert P., Papakonstatinou V., Malgieri G., Beslay L., Sanchez I., The right to data portability in the GDPR towards user-centric interoperability of digital services, in Computer Law & Security Review, vol 34, issue 2, April 2018, available at https://www.sciencedirect.com/science/article/pii/S0267364917303333

Swire P., Lagos Yianni, Why the right to data portability likely reduces consumer welfare: antitrust and privacy critique, in Maryland Law Review, vol 72, issue 2, 2013, available at http://digitalcommons.law.umaryland.edu/mlr/vol72/iss2/1 [English]

Urquhart L., Sailaja N., McAuley D., Realising the right to data portability for the domestic Internet of things, in Personal and Ubiquitous Computing, April 2018, vol 22, issue 2, available at https://link.springer.com/article/10.1007/s00779-017-1069-2 [English]

Ursic H., Unfolding the new-born right to data portability: four gateways to data subject control, in a Journal of Law, Technology & Society, vol 15, issue 1, August 2018, available at https://script-ed.org/article/unfolding-the-new-born-right-to-data-portability-four-gateways-to-data-subject-control/

Van der Auwermeulen B., How to attribute the right to data portability in Europe: a comparative analysis of legislations, in Computer Law & Security Review, vol 33, issue 1, February 2017, available at https://www.sciencedirect.com/science/article/pii/S0267364916302175

Wong J., Henderson T., How portable is portable? Exercising the GDPR’s right to data portability, in UbiComp/ISWC 18, 2018, available at https://tnhh.org/research/pubs/claw2018.pdf

 

Practical Use

Article 29 Data Protection Working Party, Guidelines on the right to data portability, adopted on 13 December 2016, WP 242 rev.01

European Union Agency for Fundamental Rights (FRA), European Data Protection Supervisor (EDPS) and the Council of Europe (2018), Handbook on European Data Protection Law – Edition 2018, Luxembourg, Publications Office, May 2018 [English]

 

By Andreea Serban