Have you ever bought or been gifted a new device, maybe a smart watch or a fitness tracker, that is a competing brand to the one that you currently have? If so, maybe you thought “Great, a new toy! But what about all the data I’ve got stored in my old device? Will I have to start from scratch?” If you could move your data from the old device to the new, this wouldn’t be an issue... This movement of data is technically referred to as “data portability”.
What is Data Portability?
Data Portability, as defined in Article 20 of the GDPR, is “the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance fro m the controller to which the personal data have been provided” .
This means that you, as a customer, have the right to take your personal data from your current device and provider and move it to your new one. Great! So when you buy a new device and you make the decision to switch between service providers, you are entitled to take your data with you.
Furthermore, the Right to Data Portability continues as such: “In exercising his or her right to data portability… the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible” (Article 20.2 GDPR)
So this means, when you receive your new device, all you should have to do is go to your old product provider and say to them “I have a new device with X company, please send them all the data you have on me to X so it can be put into my new device.”
Our helpful illustration below demonstrates to you how the Right to Data Portability should work.
Does Data Portability Work?
Now that we know about the existence of the right and how it works, the next question is, how well does it work?
Well, back in 2019, July and Sarah, co-founders of voliot, alongside Jess and Simon formed a research team that performed a data portability experiment. The team extracted their data from two Fitness Trackers and two Smart Speakers and attempted to input that data into the corresponding device. This mirrored the experience a user would have to undertake if they wanted to exercise their data portability right between devices.
The results showed that there was no problem receiving the data back from the companies, but it was virtually impossible to input that data into a different device.
Frustratingly, this means that the ability to move and reuse your data between devices is not as seamless or hassle free as it could be.
There is still much to be done to ensure that data portability exists for users in the way that the GDPR envisages. Having a legal framework is necessary but not sufficient, however. Technical solutions that make it easy for the user to reuse their data are vital for building awareness of this novel right and empowering consumers in managing their own, personal, data.
If you would like to read further about our Data Portability Experiment and research, you can read our article here.