Skip to content

Research at St Andrews

The Right to Data Portability in practice: Exploring the implications of the technologically neutral GDPR

Research output: Contribution to journalArticlepeer-review

DOI

Open Access Status

  • Embargoed (until 6/07/21)

Abstract

Key Points

The European General Data Protection Regulation (GDPR) introduces one new data subject right, Article 20’s right to data portability (RtDP). The RtDP aims to allow data subjects to obtain and reuse their personal data for their own purposes across different services.

We investigate the RtDP by making 230 real-world data portability requests across a wide range of data controllers. The RtDP is interesting to study as it operates under a framework that aims to be technologically neutral while requiring specific technologies for implementation. Our objective is to assess the ease of the RtDP process from the perspective of the data subject and to examine the file formats returned by data controllers.

From our results, including responses indicating that no personal data were stored, only 172 (74.8 per cent) of RtDP requests were successfully completed. However, compliance with the GDPR varied where not all file formats meet the GDPR requirements. There was also confusion amongst data controllers about data subject rights more generally.

Based on our observations, we revisit the current guidance for data portability. We suggest new technical definitions to clarify how data should be made portable and determine the appropriateness of certain file formats for different data types.

We suggest recommendations and future work for various stakeholders to address the legal implications derived from our study. This includes discussing possibilities for new data portability standards and codes, conducting further empirical research, and building technological solutions to ensure that the RtDP can be better understood in theory and exercised in practice.
Close

Details

Original languageEnglish
Number of pages19
JournalInternational Data Privacy Law
VolumeAdvance article
Early online date6 Jul 2019
DOIs
Publication statusE-pub ahead of print - 6 Jul 2019

    Research areas

  • Data portability, Data subject rights, General Data Protection Regulation, Technological neutrality

Discover related content
Find related publications, people, projects and more using interactive charts.

View graph of relations

Related by author

  1. Data Protection for the Common Good: Developing a framework for a data protection-focused data commons

    Wong, J., Henderson, T. & Ball, K., 15 Sep 2020, Data for Policy Conference 2020.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

  2. How portable is portable? Exercising the GDPR's Right to Data Portability

    Wong, J. & Henderson, T., 8 Oct 2018, Proceedings of the 2018 ACM International Joint Conference and 2018 International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers . ACM, p. 911-920

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

  3. Integrating the Data Protection Impact Assessment into the Software Development Lifecycle

    Irvine, C., Balasubramaniam, D. & Henderson, T., 17 Sep 2020, Proceedings of the 15th DPM International Workshop on Data Privacy Management.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

  4. The ‘Personal’ in Personal Data: Who is Responsible for Our Data and How Do We Get it Back?

    Wong, J., 16 Sep 2020, In: Legal Information Management. 20, 2, p. 103 105 p.

    Research output: Contribution to journalArticlepeer-review

ID: 259035782

Top