The right to data portability in the GDPR: Towards user-centric interoperability of digital services

Paul de Hert, V. Papakonstantinou, G. Malgieri, Laurent Beslay, Ignacio Sanchez

Research output: Contribution to journalArticleScientificpeer-review

3 Downloads (Pure)

Abstract

The right to data portability is one of the most important novelties within the EU General Data Protection Regulation, both in terms of warranting control rights to data subjects and in terms of being found at the intersection between data protection and other fields of law (competition law, intellectual property, consumer protection, etc.). It constitutes, thus, a valuable case of development and diffusion of effective user-centric privacy enhancing technologies and a first tool to allow individuals to enjoy the immaterial wealth of their personal data in the data economy. Indeed, a free portability of personal data from one controller to another can be a strong tool for data subjects in order to foster competition of digital services and interoperability of platforms and in order to enhance controllership of individuals on their own data. However, the adopted formulation of the right to data portability in the GDPR could benefit from further clarification: several interpretations are possible, particularly with regard to the object of the right and its interrelation with other rights, potentially leading to additional challenges within its technical implementation. The aim of this article is to propose a first systematic interpretation of this new right, by suggesting a pragmatic and extensive approach, particularly taking advantage as much as possible of the interrelationship that this new legal provision can have with regard to the Digital Single Market and the fundamental rights of digital users. In sum, the right to data portability can be approximated under two different perspectives: the minimalist approach (the adieu scenario) and the empowering approach (the fusing scenario), which the authors consider highly preferable.
Original languageEnglish
Pages (from-to)193-203
Number of pages11
JournalComputer Law and Security Review
Volume34
Issue number2
DOIs
Publication statusPublished - 2018

    Fingerprint

Keywords

  • gdpr

Cite this