The right to data portability in the GDPR: Towards user-centric interoperability of digital services

Paul de Hert, V. Papakonstantinou, G. Malgieri, Laurent Beslay, Ignacio Sanchez

Research output: Contribution to journalArticleScientificpeer-review

2 Downloads (Pure)

Abstract

The right to data portability is one of the most important novelties within the EU General Data Protection Regulation, both in terms of warranting control rights to data subjects and in terms of being found at the intersection between data protection and other fields of law (competition law, intellectual property, consumer protection, etc.). It constitutes, thus, a valuable case of development and diffusion of effective user-centric privacy enhancing technologies and a first tool to allow individuals to enjoy the immaterial wealth of their personal data in the data economy. Indeed, a free portability of personal data from one controller to another can be a strong tool for data subjects in order to foster competition of digital services and interoperability of platforms and in order to enhance controllership of individuals on their own data. However, the adopted formulation of the right to data portability in the GDPR could benefit from further clarification: several interpretations are possible, particularly with regard to the object of the right and its interrelation with other rights, potentially leading to additional challenges within its technical implementation. The aim of this article is to propose a first systematic interpretation of this new right, by suggesting a pragmatic and extensive approach, particularly taking advantage as much as possible of the interrelationship that this new legal provision can have with regard to the Digital Single Market and the fundamental rights of digital users. In sum, the right to data portability can be approximated under two different perspectives: the minimalist approach (the adieu scenario) and the empowering approach (the fusing scenario), which the authors consider highly preferable.
Original languageEnglish
Pages (from-to)193-203
Number of pages11
JournalComputer Law and Security Review
Volume34
Issue number2
Publication statusPublished - 2018

Fingerprint

Data privacy
Interoperability
Consumer protection
data protection
personal data
Intellectual property
scenario
legal provision
consumer protection
interpretation
Law
fundamental right
Controllers
intellectual property
Portability
privacy
pragmatics
EU
regulation
economy

Keywords

  • gdpr

Cite this

de Hert, Paul ; Papakonstantinou, V. ; Malgieri, G. ; Beslay, Laurent ; Sanchez, Ignacio. / The right to data portability in the GDPR: Towards user-centric interoperability of digital services. In: Computer Law and Security Review. 2018 ; Vol. 34, No. 2. pp. 193-203.
@article{6fe79fd097ab4e06ace46c506cc788aa,
title = "The right to data portability in the GDPR: Towards user-centric interoperability of digital services",
abstract = "The right to data portability is one of the most important novelties within the EU General Data Protection Regulation, both in terms of warranting control rights to data subjects and in terms of being found at the intersection between data protection and other fields of law (competition law, intellectual property, consumer protection, etc.). It constitutes, thus, a valuable case of development and diffusion of effective user-centric privacy enhancing technologies and a first tool to allow individuals to enjoy the immaterial wealth of their personal data in the data economy. Indeed, a free portability of personal data from one controller to another can be a strong tool for data subjects in order to foster competition of digital services and interoperability of platforms and in order to enhance controllership of individuals on their own data. However, the adopted formulation of the right to data portability in the GDPR could benefit from further clarification: several interpretations are possible, particularly with regard to the object of the right and its interrelation with other rights, potentially leading to additional challenges within its technical implementation. The aim of this article is to propose a first systematic interpretation of this new right, by suggesting a pragmatic and extensive approach, particularly taking advantage as much as possible of the interrelationship that this new legal provision can have with regard to the Digital Single Market and the fundamental rights of digital users. In sum, the right to data portability can be approximated under two different perspectives: the minimalist approach (the adieu scenario) and the empowering approach (the fusing scenario), which the authors consider highly preferable.",
keywords = "gdpr",
author = "{de Hert}, Paul and V. Papakonstantinou and G. Malgieri and Laurent Beslay and Ignacio Sanchez",
year = "2018",
language = "English",
volume = "34",
pages = "193--203",
journal = "Computer Law and Security Review",
issn = "0267-3649",
publisher = "ELSEVIER ADVANCED TECHNOLOGY",
number = "2",

}

de Hert, P, Papakonstantinou, V, Malgieri, G, Beslay, L & Sanchez, I 2018, 'The right to data portability in the GDPR: Towards user-centric interoperability of digital services', Computer Law and Security Review, vol. 34, no. 2, pp. 193-203.

The right to data portability in the GDPR: Towards user-centric interoperability of digital services. / de Hert, Paul; Papakonstantinou, V.; Malgieri, G.; Beslay, Laurent; Sanchez, Ignacio.

In: Computer Law and Security Review, Vol. 34, No. 2, 2018, p. 193-203.

Research output: Contribution to journalArticleScientificpeer-review

TY - JOUR

T1 - The right to data portability in the GDPR: Towards user-centric interoperability of digital services

AU - de Hert, Paul

AU - Papakonstantinou, V.

AU - Malgieri, G.

AU - Beslay, Laurent

AU - Sanchez, Ignacio

PY - 2018

Y1 - 2018

N2 - The right to data portability is one of the most important novelties within the EU General Data Protection Regulation, both in terms of warranting control rights to data subjects and in terms of being found at the intersection between data protection and other fields of law (competition law, intellectual property, consumer protection, etc.). It constitutes, thus, a valuable case of development and diffusion of effective user-centric privacy enhancing technologies and a first tool to allow individuals to enjoy the immaterial wealth of their personal data in the data economy. Indeed, a free portability of personal data from one controller to another can be a strong tool for data subjects in order to foster competition of digital services and interoperability of platforms and in order to enhance controllership of individuals on their own data. However, the adopted formulation of the right to data portability in the GDPR could benefit from further clarification: several interpretations are possible, particularly with regard to the object of the right and its interrelation with other rights, potentially leading to additional challenges within its technical implementation. The aim of this article is to propose a first systematic interpretation of this new right, by suggesting a pragmatic and extensive approach, particularly taking advantage as much as possible of the interrelationship that this new legal provision can have with regard to the Digital Single Market and the fundamental rights of digital users. In sum, the right to data portability can be approximated under two different perspectives: the minimalist approach (the adieu scenario) and the empowering approach (the fusing scenario), which the authors consider highly preferable.

AB - The right to data portability is one of the most important novelties within the EU General Data Protection Regulation, both in terms of warranting control rights to data subjects and in terms of being found at the intersection between data protection and other fields of law (competition law, intellectual property, consumer protection, etc.). It constitutes, thus, a valuable case of development and diffusion of effective user-centric privacy enhancing technologies and a first tool to allow individuals to enjoy the immaterial wealth of their personal data in the data economy. Indeed, a free portability of personal data from one controller to another can be a strong tool for data subjects in order to foster competition of digital services and interoperability of platforms and in order to enhance controllership of individuals on their own data. However, the adopted formulation of the right to data portability in the GDPR could benefit from further clarification: several interpretations are possible, particularly with regard to the object of the right and its interrelation with other rights, potentially leading to additional challenges within its technical implementation. The aim of this article is to propose a first systematic interpretation of this new right, by suggesting a pragmatic and extensive approach, particularly taking advantage as much as possible of the interrelationship that this new legal provision can have with regard to the Digital Single Market and the fundamental rights of digital users. In sum, the right to data portability can be approximated under two different perspectives: the minimalist approach (the adieu scenario) and the empowering approach (the fusing scenario), which the authors consider highly preferable.

KW - gdpr

M3 - Article

VL - 34

SP - 193

EP - 203

JO - Computer Law and Security Review

JF - Computer Law and Security Review

SN - 0267-3649

IS - 2

ER -