Right to Data Portability is stated in GDPR. It allows data subjects to acquire personal data that has been previously collected about them from a data controller. This data can be further used for personal use or in order to pass it to another controller.
The Right to Data Portability allows any individual to request and obtain information that has been collected about them. Moreover, their personal data can be further used for either personal use or passed on to be processed by another business. The user can move, transfer or even copy their personal data.
An example of this right is if you, as a user would obtain your personal information from a social media platform and use it for either personal use (e.g. remembering where you were when you posted a certain photo) or in another IT environment (e.g. a marketing agency). You can request web browser history, raw data, location and traffic information. The right is applicable for personal data:
The full definition of the right in its entirety can be found on the official website for GDPR, in Article 20.
For business it is important to understand the right to data portability in case a customer wishes to exercise this right. If a user of a website requests their personal data or wants it to be sent to another website it is the obligation of the data controller (e.g. the website owner or designated employee etc.) to do so. However, to be able to do so the controller must store consent and data correctly. Unless the website has a reliable audit trail, this might not be possible.
Find out how you can collect and store consent using a reliable Audit Trail.
Join our free bi-weekly newsletter focused on news and updates from the legal landscape of data privacy.