Right of Data Portability
What is Right of Data Portability?
Right of Data PortabilityThe GDPR right of a data subject to receive their personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
The right of data portability is established in Article 20 of the European Union General Data Protection Regulation (GDPR). It applies when processing is based on consent or on the performance of a contract and is carried out by automated means. The data subject is entitled to receive the personal data they have provided to a controller in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance. Where technically feasible, the data subject can require direct controller-to-controller transmission. The right is intended to foster competition and user control, complementing other rights such as access and rectification, and is enforced by national data-protection authorities.
● Examples
- 01
A user exports their playlists and listening history from one streaming service and imports them into a competitor.
- 02
A patient asks a wearable provider to send heart-rate data to a new clinical platform in JSON format.
● Frequently asked questions
What is Right of Data Portability?
The GDPR right of a data subject to receive their personal data in a structured, commonly used, machine-readable format and transmit it to another controller. It belongs to the Privacy & Data Protection category of cybersecurity.
What does Right of Data Portability mean?
The GDPR right of a data subject to receive their personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
How does Right of Data Portability work?
The right of data portability is established in Article 20 of the European Union General Data Protection Regulation (GDPR). It applies when processing is based on consent or on the performance of a contract and is carried out by automated means. The data subject is entitled to receive the personal data they have provided to a controller in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance. Where technically feasible, the data subject can require direct controller-to-controller transmission. The right is intended to foster competition and user control, complementing other rights such as access and rectification, and is enforced by national data-protection authorities.
How do you defend against Right of Data Portability?
Defences for Right of Data Portability typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Right of Data Portability?
Common alternative names include: GDPR Article 20, Data portability.
● Related terms
- privacy№ 931
Right of Rectification
The GDPR right of a data subject to obtain from the controller, without undue delay, the correction of inaccurate or incomplete personal data concerning them.
- privacy№ 932
Right to Be Forgotten
The right of an individual to obtain the erasure of personal data concerning them when there is no overriding legal reason to keep processing it, under GDPR Article 17.
- compliance№ 440
GDPR
The European Union's General Data Protection Regulation governing the processing of personal data of individuals in the EU and EEA.