Term: Right to Data Portability
What is the right to data portability?
The Right to Data Portability is a right granted under various global privacy laws, which allows individuals to obtain and reuse their personal data for their own purposes across different services.
It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
The right to data portability under the GDPR
The right to data portability is mentioned under Article 20 of the GDPR: “The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
- the processing is carried out by automated means.”
Key Aspects of Data Portability
- Limited Scope: The right typically applies to specific types of personal data, usually information provided by the user or collected through their use of a service.
- Format Requirements: When applicable, data must be provided in a structured, commonly used, and machine-readable format to facilitate transfer and use.
- Limitations: The right to data portability is not absolute and has significant limitations, including:
- It may not apply to derived or inferred data created by the service provider.
- It’s subject to technical feasibility.
- It may be restricted when it adversely affects the rights of others.
- User Empowerment Within Limits: While it gives individuals some ability to move their data, it’s constrained by the specifications of the relevant laws and technical capabilities of organizations.