Oliver Price’s Weekly GDPR Blog #21 – Data Portability – A Moving Story
One new right to be introduced by the GDPR on the 25 May 2018 is data portability. This gives data subjects a right to receive their information from a data controller and re-use it with another service provider. It is most easily understood in context where this already takes place, for example the transmission of certain information where consumers change bank account or phone provider.
This right has caused practitioners and business commentators some consternation, because of the practical challenges involved. Therefore the European group called the “Article 29 Working Party” sought to clarify that the right applies only to data processing either by automated means necessary for the performance of the contract, or to personal data processed on the basis of the data subject’s consent. The right allows the data subject to instruct the data controller holding his or her personal data to transmit to another controller where it is technically possible to do so.
Data portability is one reason why relying exclusively upon consent may turn out to be burdensome. Arguably this right is of significant more practical benefit to data subjects than some of the other new rights, for example the right to erase data. It remains to be seen how much use consumers will make of it. Of course for some very competitive B2C sectors, this right may come in for substantial use.
Last updated 05/03/2018