Right to Data Portability

Right to Data Portability is stated in GDPR. It allows data subjects to acquire personal data that has been previously collected about them from a data controller. This data can be further used for personal use or in order to pass it to another controller.

What is the Right to Data Portability?

The Right to Data Portability allows any individual to request and obtain information that has been collected about them. Moreover, their personal data can be further used for either personal use or passed on to be processed by another business. The user can move, transfer or even copy their personal data.

An example of this right is if you, as a user would obtain your personal information from a social media platform and use it for either personal use (e.g. remembering where you were when you posted a certain photo) or in another IT environment (e.g. a marketing agency). You can request web browser history, raw data, location and traffic information. The right is applicable for personal data:

  • collected by a data controller
  • data process automatically
  • that was processed in accordance with the consent given or processed for a contract or a performance.

The full definition of the right in its entirety can be found on the official website for GDPR, in Article 20.

Why is the Right to Data Portability important for businesses?

For business it is important to understand the right to data portability in case a customer wishes to exercise this right. If a user of a website requests their personal data or wants it to be sent to another website it is the obligation of the data controller (e.g. the website owner or designated employee etc.) to do so. However, to be able to do so the controller must store consent and data correctly. Unless the website has a reliable audit trail, this might not be possible.

Learn more about Privacy Hub →