Embed Size (px)
Citation preview
The principle of data portability is set out in Article 20 of the GDPR:
“The data subject shall have the right to receive the personal data concerning him or her... in a structured or commonly used and machine readable format and have the right to transmit those data to another controller without hindrance... where:
(a) the processing is based on [data subject consent for the processing of personal data], or [the data subject’s explicit consent to processing sensitive personal data] or [processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract]; and,
(b) the processing is carried out by automated means.”
Data portability
A new right
The right to data portability introduced by Article 20 of the GDPR is one that does not have an equivalent in the Data Protection Directive that it replaces. In practice, this right allows a data subject to request a copy of all personal data that the data subject has provided and a controller processes electronically and which must then be transmitted directly from controller-to-controller, in order to easily allow the data subject further use of the data.
Interoperability
The purpose of the right to data portability is to promote interoperability between systems and to give greater power to the citizen over the data that controllers hold and an increased level of control and choice.
Data subjects should be able to move between service providers without any loss of data and, therefore, enjoy a seamless transition that avoids the data subject having to re-input any information.
“The wheel of change moves on, and those who were down go up and those who were up go down”Jawaharlal Nehru, first Prime Minister of India
Rationale of the proposal
The aim of the proposed right is to create a “level playing field” for newly established service providers that wish to take on more established providers, but are unable to do so because of the barrier posed by potential customers not wishing to have to re-input all of their data.
Difficulties for businesses
This aspect of the GDPR created consternation among entities with a business model that rely on personal data collected from customers and which view the manipulation and structural format of that data to be one of their main commercial assets. The ability of a data subject to be able to take that data, and the work that has gone into its structural format, and provide it to a competitor service is a potential threat to many such business models, which need to be adapted to fit the new regime.
Further problems will arise for a business in relation to porting that data, such as identifying the appropriate contacts at the other controller entity, the necessary format for the data and effecting the porting of the data. Taking the steps necessary to effect the data porting will, of course, present an additional cost of business that entities need to factor in to future operations.
General Data Protection Regulation
Key Contacts
PwC’s global privacy practice
Western EuropeBelgium, Finland, France, Germany, Italy, Netherlands, Norway, Spain, Sweden, Switzerland, UK
N. AmericaFull coverage
Central and South AmericaMexico, Columbia, Ecuador, Peru
Central and Eastern EuropeBulgaria, Kazakhstan, Latvia, Lithuania, Poland,Russia, Slovakia, Turkey
Middle EastUAE
AfricaMorocco Asia Pac
Australia, China, India, Japan, New Zealand, Singapore, Thailand
This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.
© 2017 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers LLP which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.
Tassos [email protected]: +357 - 22 555 750
Spyros EvangelouPartnerIn charge of Legal PracticeS.A. Evangelou & Co [email protected]: +357 - 22 559 900
Michael TsikourisDirectorPwC Legal PracticeS.A. Evangelou & Co [email protected]: + 357 - 22 559 707
Demetra [email protected]: +357 - 22 555 732
Demos [email protected]: +357 - 22 555 056
![[MS-DPDACPAC]: Data-Tier Application Data …...The Data-Tier Application Data Portability Overview document provides an overview of data portability scenarios for data export and](https://img.pdfslide.net/doc/110x75/5ed292e42ca6542c7c1d9b6d/ms-dpdacpac-data-tier-application-data-the-data-tier-application-data-portability.jpg)
![Cybersecurity Law, GDPR and Data Ethicsprocessing and data portability. [Art 18, 20] • Right to object to processing (including profiling). [Art 21] • No right to restriction of](https://img.pdfslide.net/doc/110x75/5fe7d05422900128041dd347/cybersecurity-law-gdpr-and-data-ethics-processing-and-data-portability-art-18.jpg)
![[MS-DPIS]: Integration Services Data Portability Overview€¦ · The Integration Services Data Portability Overview document provides an overview of data portability for SQL Server](https://img.pdfslide.net/doc/110x75/5f1d517c06eddc366e5ca668/ms-dpis-integration-services-data-portability-overview-the-integration-services.jpg)
![[MS-DPMDS]: Master Data Services Data Portability Overview · 2017-08-16 · The Master Data Services Data Portability Overview document provides an overview of data portability for](https://img.pdfslide.net/doc/110x75/5f0b89e67e708231d431030e/ms-dpmds-master-data-services-data-portability-overview-2017-08-16-the-master.jpg)
