The Right to Data Portability in practice: Exploring the implications of the technologically neutral GDPR

Janis Wong, Tristan Henderson

Research output: Contribution to journalArticlepeer-review

24 Citations (Scopus)
7 Downloads (Pure)

Abstract

Key Points

The European General Data Protection Regulation (GDPR) introduces one new data subject right, Article 20’s right to data portability (RtDP). The RtDP aims to allow data subjects to obtain and reuse their personal data for their own purposes across different services.

We investigate the RtDP by making 230 real-world data portability requests across a wide range of data controllers. The RtDP is interesting to study as it operates under a framework that aims to be technologically neutral while requiring specific technologies for implementation. Our objective is to assess the ease of the RtDP process from the perspective of the data subject and to examine the file formats returned by data controllers.

From our results, including responses indicating that no personal data were stored, only 172 (74.8 per cent) of RtDP requests were successfully completed. However, compliance with the GDPR varied where not all file formats meet the GDPR requirements. There was also confusion amongst data controllers about data subject rights more generally.

Based on our observations, we revisit the current guidance for data portability. We suggest new technical definitions to clarify how data should be made portable and determine the appropriateness of certain file formats for different data types.

We suggest recommendations and future work for various stakeholders to address the legal implications derived from our study. This includes discussing possibilities for new data portability standards and codes, conducting further empirical research, and building technological solutions to ensure that the RtDP can be better understood in theory and exercised in practice.
Original languageEnglish
Number of pages19
JournalInternational Data Privacy Law
VolumeAdvance article
Early online date6 Jul 2019
DOIs
Publication statusE-pub ahead of print - 6 Jul 2019

Keywords

  • Data portability
  • Data subject rights
  • General Data Protection Regulation
  • Technological neutrality

Fingerprint

Dive into the research topics of 'The Right to Data Portability in practice: Exploring the implications of the technologically neutral GDPR'. Together they form a unique fingerprint.

Cite this