Many are struggling to uderstand data portability, are you?

Jun
03

With the changing policies across data portability, many are still struggling to understand how it works.

Lawyers and experts say it is not clear how far the right for individuals to move their data from one service provider to another will stretch.

David Hoffman, director of security policy and global privacy officer at Intel, said: "I think the data portability rights are pretty significant and are going to take a while for people to figure out what the bounds of them are and how to go about complying with them."

For example, music streaming services like Spotify create playlists for users based on their music preferences. While a user seeking to exercise the data portability right would be able to move playlists he or she created, the situation becomes fuzzy if the playlists are created by the streaming service using algorithms.

EU data protection authorities said individuals should be able to transfer data provided by them but not "derived data" created by the service provider such as algorithmic results.

Tanguy Van Overstraeten of Linklaters said the data portability right could raise issues of intellectual property. "It's not obvious that you can necessarily migrate the data from your system to somebody else's system."

On the business side, companies are rushing to renegotiate contracts with suppliers and service providers because GDPR increases their liability if something goes wrong.

Under the current rules, it is generally the company that determines the purposes of data collection that is directly liable for any breaches.

GDPR changes that, and data processors which only process or store the data on behalf of their clients, such as cloud computing providers, will be directly liable for sanctions and could face lawsuits from individuals, and that needs to be reflected in contracts.

Companies can have hundreds, thousands or tens of thousands of agreements which need to be revisited to ensure they comply with GDPR.

"After 20 years of data protection legislation in place, it's only now with the GDPR they (companies) start to think about 'what's my role in the whole story? Am I a data controller or data processor?'" said Mr Van Eecke. REUTERS

Are you finding it hard to meet data portability, let alone understand it? Let the professionals help at IDLink www.idlink.eu

Kristina Lund
Partner at SafeOnline
© 2018 Safe Online