We’ve already talked about the individual rights under the GDPR, but now it’s time to explain them a bit more thoroughly. Today we’ll acquaint you with the right to data portability. (For a more detailed analysis of the right to data portability, click here to view the updated guidelines).
Why ‘Data Portability’?
To start off, let us give you an example. Try putting yourself in your customers’ shoes for a moment. Say you have an e-mail account with Google. You’d like to switch to Microsoft’s email service because you feel it would suit you better (or vice versa, it doesn’t matter). Or say you’ve posted classifieds for car parts on a website, but they decided to up their prices for ads, so you’d like to switch.
Most often you’ll simply grumble and stay with the providers you’re using, even if they’re subpar. The reason is simple: their convenience stems from the time they save you. And they save you time because they have lots of your data, which makes them convenient. (Do you know what happens when services have too much data? Find out more about Tinder’s data collection practices and Google’s location tracking.)
Switching to another provider would mean you’d have to waste hours, possibly even days of your precious time to set up your contacts, ads or transfer your e-mail archive to another service – so you don’t do it.
How Does It Work?
The new piece of legislation, the General Data Protection Regulation (GDPR), will require all companies that collect personal data to answer data portability requests and transfer the data to other services (or to the data subject). It will apply both to large and to small companies.
The principle is straightforward. Upon receiving the request, companies have a month to reply. In the request, they can specify the new data controller (service provider) to whom your company will have to transfer the data.
Note that the individual does not have to do this outright. They can require that the existing service send the data to the user, and they can upload it to a new service themselves. This should be possible since the GDPR encourages the use of common, interoperable data formats.
Thus, in theory, it should be a breeze to switch service providers. Users will no longer be tied to a service just because their data is there. The latter case is manifestly unfair, and it does not benefit anyone but the original service owner.
The right is free of charge to exercise, but you have the right to charge you a small fee for manifestly unfounded or repetitive requests. The fee should cover only the real cost overhead of sifting through the data and purchase of media (paper, CDs) if the data will be sent in a physical form.
We expect most request forms to be made via a dedicated online interface, but there is no reason why e-mail or ‘snail mail’ requests wouldn’t be used as well.
Good for the Economy?
Users should be more likely to try out new, experimental services. From the business perspective, it does feel as if it will facilitate users leaving your platform, but if you offer a good enough service, it can also make it easier to attract new users. If you’re a small company offering a fledgling service, you stand a lot to gain.
Start-ups with novel ideas should be able to find new users more easily. This will encourage competitiveness even among market leaders, since they will have to innovate in order to keep their users, instead of rely on ‘data rents’ and bank on users’ perceived ‘laziness’.
This projected vibrancy in the service sector is great for fostering innovation, economic efficiency, and providing a higher overall quality of services. Note that this does not apply only to online services and profiles. Banking data, for example, should be transferred just as easily.
How well will this work? Your guess is as good as ours, but the predictions above are likely a bit too optimistic.
Is It Safe?
These transfers should be perfectly safe. You must employ password protection or encryption in order to secure the data. Make sure to inform your users on keeping the data safe on their own computers as well.
Note that in order to prevent imposters from stealing others’ personal data, you have the right to demand additional verification if you have doubts about the users’ identity. You could ask for an ID scan or a log-in to their online account with your service.
Overall, the right to data portability is a very important right that essentially ensures the right to a free choice of service providers without much hassle. That way, users will always be able to use the services which suit them the best, and companies can find it easier to attract new users. The overall quality level of services should improve, which is beneficial for everyone involved.