Data portability - A tale of two concepts


The new DCD directtive from EU contains data portability which includes all the users data.

Art. 20 of the GDPR introduces a new concept to European data protection law - the right to data portability. This empowers the consumer to prevent lock-in effects on closed platforms. Rather, when requested, data controller must provide personal data to the data subject in a commonly used format, which then gives the opportunity to the subject to transfer their data between controllers. The Art. 20 GDPR leaves room for interpretation. This is why, under the DCD-proposal, the supplier of digital content shall provide the consumer with technical means to retrieve all content provided by the consumer, not just when it comes to personal data; any other data produced or generated through the consumer's use of the digital content.

The proposed provisions are stricter than Art. 20GDPR:

The data portability right under Art. 20 GDPR may be exercised at any point in time, whereas the right to content portability under the DCD-proposal only arises after the contract has been terminated following a rule in said directive. The paper highlights other circumstances which warrant a right to content portability and laments the lack of an exception to safeguard the rights and interest of third parties

There are three case studies that illustrate how the portability rules in the GDPR and the proposed Digital Content Directive might work in practice.

Still unsure as to how to comply with the GDPR? Want to know more about data portability and how you can achieve it? Visit our website where you can find more information, and how you, or your business can benefit. Try a free 30-day trial, you won't be disappointed.

Kristina Lund
Partner at SafeOnline
© 2018 Safe Online