About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

3 Eur. Data Prot. L. Rev. 119 (2017)
Bringing Your Data Everywhere: A Legal Reading of the Right to Portability

handle is hein.journals/edpl3 and id is 125 raw text is: Reports | 119 Bringing Your Data Everywhere: A Legal Reading Of The Right To Portability Lucio Scudiero* The General Data Protection Regulation introduces a brand new right to data portability that should en- able the data subject 'to transmit those data to anoth- er controller without hindrance from the controller to which the data have been provided'. This brief ar ticle sheds light on the legal and technical limitations to this new right, also in the light of the recent guid- ance provided by Article 29 Working Party: without standards which lead to interoperability the right to data portability is destined to remain more a decla- ration of principle than a real and effective tool for individual self-determination in the digital environ- ment. 1. Introduction In April 2016, the European Union (EU) legislator adopted Regulation 679/2016 on the protection of natural persons with regard to the processing of per sonal data and on the free movement of such data (General Data Protection Regulation or GDPR), in- cluding a new right to data portability (RDP), so as to enable the data subject 'to transmit those data to another controller without hindrance from the con- troller to which the data have been provided'. The main scope of the RDP is to strengthen the control of individuals on their personal data, as stated in Recital 68 GDPR and to enable the data subject to ex- ercise the freedom to transfer personal data from one Lucio Scudiero, Lawyer, Executive Director at Lex Digital, Rome (Italy), Researcher at Archimede Solutions, Geneva (Switzerland). The author acknowledges that the first version of this report was drafted with the support of the Istituto Italiano per la Privacy, lFP Rome, and wishes to thank his former colleague Camilla Bistolfi, a researcher in the project Privacy Flag, for her initial contribution to it. For correspondence: <lscudiero@lexdigital.it>. DOL 10.21552/edpl/2017/1/19 1 European Commission, 'Fact Sheet Questions and Answers - Data protection reform' (2015) <http://europa.eu/rapid/press -release MEMO-1 5-6385_en.htm> accessed 10 April 2017. 2 See also Article 29 Data Protection Working Party (A29 WP), 'Guidelines on the right to data portability' (13 December 2016) 16/EN WP 242, 4 <http://ec.europa.eu/information-society/ newsroom/image/document/2016-51/wp242_en_40852.pdf> ac- cessed 8 March 2017. data controller to another. An ancillary scope pursued by the European Commission when proposing such a right was also to ease for start-ups and smaller com- panies the access to data markets dominated by 'IT giants' and attract more consumers with privacy- friendly solutions. From a data protection law standpoint, the RDP is an evolution of the right of access as granted by the Data Protection Directive currently in force. Its foundations can be retrieved in Article 12 thereof, which states that: Member States shall guarantee every data subject the right to obtain from the con- troller: (a) without constraint at reasonable inter vals and without excessive delay or expense: [...] - communication to him in an intelligible form of the data undergoing processing and of any avail- able information as to their source [... ].2 This report will present the new RDP as enshrined in Article 20 GDPR. 11. The Scope and Conditions of the Right To Data Portability Concerning the scope of the new RDP Article 20 stip- ulates that: 1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: (a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is carried out by automated means. This first paragraph of the provision refers to sever al different elements. According to the norm the out- EDPL 1|2017

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most