Visualizing Exports of Personal Data by Exercising the Right of Data Portability in the Data Track - Are People Ready for This?

The article reveals new problems arising in the digital economy and the need for antimonopoly regulation. It also analyzes the legal remedies and procedures for competition law in the context of digitalization. Redesigning competition law procedures for the digital economy can take two forms: 1) ensure the rate of competition law enforcement so as to avoid acting in situations when market tipping has already occurred and it is almost impossible to reverse the anticompetitive outcome; 2) develop remedial action that takes into account the scale of anticompetitive behavior, which might better reflect the complexity of digital markets. Competition authorities should consider utilizing interim measures and commitment decisions in the digital economy, both instruments playing a complementary role. Interim measures can be used within a revised framework with lower thresholds, but this should only be reserved for complicated and lengthy investigations where there is risk of irreversible harm to competition. These measures should be applied to the most harmful violations, such as cartels and abuse of dominance. Commitment decisions can be utilized to address less serious violations where it is also beneficial to the competition authority to reach a swift resolution. The article analyzes the division of companies as a way to eliminate violations. Division can take different forms and need not be structural. A certain ‘light-touch’ separation may be achieved by policies mandating that digital platforms not use personal data that has been harvested by the members of their ecosystems unless they have the explicit consent of their users. The article also addresses issues such as data portability and cross-platform compatibility. The authors have proved that the BRICS countries need to supplement their national legislation on the protection of personal data in terms of norms on their portability. Although it is not mainly designed as a tool to combat monopolies and market power, data portability will have a significant impact on competition in digital markets. Multisided digital platforms are characterized by a high network and lock-in effects. In a winner takes all, or most, where undertakings compete for the market rather than in the market, the right to data portability may provide some relief from the power that large digital platforms hold.

Download Full-text

ECONOMIC AND SOCIAL EXCHANGE OF PERSONAL DATA AND THE RISKS OF THEIR PROTECTION

Vectors of Social Sciences ◽

10.51895/vss2/tskhovrebashvili ◽

2021 ◽

Author(s):

Nino Tskhovrebashvili

Keyword(s):

Social Exchange ◽

Data Exchange ◽

New Technology ◽

Personal Data ◽

Personal Data Protection ◽

Internet Users ◽

Data Portability ◽

Technology And Communication ◽

The Right ◽

Customer Profiles

For the economic sector, new technology and communication have become real challenges. Personal data has become an important key to penetrate new markets and several firms are specialized in their collections and sales. Using customer profiles, marketing departments make it easier for them to predict customer behavior and beat competitors. The free movement of goods, payments and data are increasingly common among countries and the protection of personal data is increasingly called into question. Notably, the postmandemic period has significantly increased the distance relationships and data exchange rates. This situation has also contributed to social media addiction. It should be noted that in such a period it is important to increase the level of awareness of Internet users and to be especially careful when issuing data. An important step has been the introduction of a new regulation (GDPR) in the personal data protection system since 2018, which has revised and refined the existing rules and regulations. Especially noteworthy are the Right to be forgetten and the right to data portability.

Download Full-text

Data Portability as a Data Subject Right

Data Subject Rights under the GDPR ◽

10.1093/oso/9780198868422.003.0007 ◽

2021 ◽

pp. 159-188

Author(s):

Helena U. Vrabec

Keyword(s):

Data Protection ◽

Personal Data ◽

Narrow Scope ◽

Right To Be Forgotten ◽

Data Protection Law ◽

Data Portability ◽

The Right ◽

Data Subject

Chapter 7 analyses the right to data portability set out in Article 20 of the GDPR. It first provides an overview of several commercial and regulatory initiatives that preceded the GDPR version of the right to personal data portability. Next, it explores the language of Article 20 to demonstrate the effects of the narrow scope of the right. The chapter then shows how data portability interacts with other data subject rights, particularly with the right to access and the right to be forgotten, before it describes manifestations of data portability in legal areas outside of the data protection law. Finally, the chapter explores the specific objective of the right to data portability under the GDPR as an enabler of data subjects’ control.

Download Full-text

The Right to Data Portability: conception, status quo, and future directions

Informatik-Spektrum ◽

10.1007/s00287-021-01372-w ◽

2021 ◽

Author(s):

Sophie Kuebler-Wachendorff ◽

Robert Luzsa ◽

Johann Kranz ◽

Stefan Mager ◽

Emmanuel Syrmoudis ◽

...

Keyword(s):

Service Providers ◽

Personal Data ◽

The European Union ◽

Future Directions ◽

General Data Protection Regulation ◽

Digital Service ◽

General Data ◽

Data Portability ◽

The One ◽

The Right

AbstractFor almost three years, the General Data Protection Regulation (GDPR) has been granting citizens of the European Union the right to obtain personal data from companies and to transfer these data to another company. The so-called Right to Data Portability (RtDP) promises to significantly reduce switching costs for consumers in digital service markets, provided that its potential is effectively translated into reality. Thus, of all the consumer rights in the GDPR, the RtDP has the potential to be the one with the most significant implications for digital markets and privacy. However, our research shows that the RtDP is barely known among consumers and can currently only be implemented in a fragmented manner—especially with regard to the direct transfer of data between online service providers. We discuss several ways to improve the implementation of this right in the present article.

Download Full-text

Data Portability and Data Control: Lessons for an Emerging Concept in EU Law

German Law Journal ◽

10.1017/s2071832200023075 ◽

2018 ◽

Vol 19 (6) ◽

pp. 1359-1398 ◽

Cited By ~ 10

Author(s):

Inge Graef ◽

Martin Husovec ◽

Nadezhda Purtova

Keyword(s):

Data Protection ◽

Personal Data ◽

General Purpose ◽

Current Data ◽

Fundamental Rights ◽

Eu Law ◽

General Data Protection Regulation ◽

Data Control ◽

Data Portability ◽

The Right

AbstractThe right to data portability (RtDP) introduced by Article 20 of the General Data Protection Regulation (GDPR) forms a regulatory innovation within EU law. The RtDP provides data subjects with the possibility to transfer personal data among data controllers, but has an impact beyond data protection. In particular, the RtDP facilitates the reuse of personal data that private companies hold by establishing a general-purpose control mechanism of horizontal application. Article 20 of the GDPR is agnostic about the type of use that follows from the ported data and its further diffusion. We argue that the RtDP does not fit well with the fundamental rights nature of data protection law, and should instead be seen as a new regulatory tool in EU law that aims to stimulate competition and innovation in data-driven markets.What remains unclear is the extent to which the RtDP will be limited in its aspirations where intellectual property rights of current data holders—such as copyright, trade secrets andsui generisdatabase rights—cause the regimes to clash. In such cases, a reconciliation of the interests might particularly confine the follow-on use of ported data again to specific set of socially justifiable purposes, possibly with schemes of fair remuneration. Despite these uncertainties, the RtDP is already being replicated in other fields, namely consumer protection law and the regulation of non-personal data. Competition law can also facilitate portability of data, but only for purpose-specific goals with the aim of addressing anticompetitive behavior.We conclude that to the extent that other regimes will try to replicate the RtDP, they should closely consider the nature of the resulting control and its breadth and impact on incentives to innovate. In any case, the creation of data portability regimes should not become an end in itself. With an increasing number of instruments, orchestrating the consistency of legal regimes within the Digital Single Market and their mutual interplay should become an equally important concern.

Download Full-text

Development of a MyData Platform Based on the Personal Health Record Data Sharing System in Korea

Applied Sciences ◽

10.3390/app11178208 ◽

2021 ◽

Vol 11 (17) ◽

pp. 8208

Author(s):

Wona Choi ◽

Ji-Won Chun ◽

Seo-Joon Lee ◽

Se-Hyun Chang ◽

Dai-Jin Kim ◽

...

Keyword(s):

Data Sharing ◽

Dna Analysis ◽

Personal Information ◽

Personal Health Record ◽

Personal Data ◽

Personal Health ◽

Health Record ◽

Record Data ◽

Data Portability ◽

The Right

Objectives: recently, there has been a government-level movement to guarantee the rights of individual entities regarding the use of their personal data worldwide. This movement has been specifically named as ‘MyData’ in South Korea and has variants such as ‘Self data’, ‘Midata’, ‘MesInfos’, ‘Personal Information Management Services’, ‘Personal Data Economy’ and ‘Internet of Me’ in other countries. This research project aimed to establish and demonstrate a system called ‘HiMD’, which allows individuals to select data sharing institutions and control a range of data utilization parameters under the MyData ecosystem. Method: we developed the MyData Platform, a personal health record data sharing system. The HiMD included several user-empowerment functions such as self-determination for data sharing. Actual platform users were recruited from three university-level hospitals for system assessment. Result: females comprised the majority of users with 991 participants (78.1%). Additionally, data consensus results revealed a decrease in given user permissions (from 94.9% to 79.4%) as the range and depth of permissions increased. Most users agreed to open their medical data for commercial uses (n = 1007, 79.4%) and most of those users were interested in DNA analysis (n = 888, 81.2%). Finally, all results for the five questions presented positive answers. All average values on the five questions scored above three on the Likert scale. In other words, over 50% participants gave point 4 and point 5. Conclusion: the contribution of this study is that it developed and demonstrated a MyData system that reflects the right to data portability. It means that the users can proactively make decisions regarding sharing and transferring their own data. These results are expected to contribute to developing future personal health record (PHR) systems of user-oriented and utilization of personal health data.

Download Full-text

An Exploration of Data Interoperability for GDPR

International Journal of Standardization Research ◽

10.4018/ijsr.2018010101 ◽

2018 ◽

Vol 16 (1) ◽

pp. 1-21 ◽

Cited By ~ 3

Author(s):

Harshvardhan J. Pandit ◽

Christophe Debruyne ◽

Declan O'Sullivan ◽

Dave Lewis

Keyword(s):

Personal Data ◽

Use Case ◽

Information Flows ◽

Data Interoperability ◽

General Data Protection Regulation ◽

Data Formats ◽

General Data ◽

Strong Motivation ◽

Data Portability ◽

The Right

The General Data Protection Regulation (GDPR) specifies obligations that shape the way information is collected, shared, provided, or communicated, and provides rights for receiving a copy of their personal data in an interoperable format. The sharing of information between entities affected by GDPR provides a strong motivation towards the adoption of an interoperable model for the exchange of information and demonstration of compliance. This article explores such an interoperability model through entities identified by the GDPR and their information flows along with relevant obligations. The model categorises information exchanged between entities and presents a discussion on its representation using existing standards. An investigation of data provided under the Right to Data Portability for exploring interoperability in a real-world use-case. The findings demonstrate how the use of common data formats hamper its usability due to a lack of context. The article discusses the adoption of contextual metadata using a semantic model of interoperability to remedy these identified shortcomings.

Download Full-text

EDUCATIONAL INSTITUTION AS A DATA CONTROLLER: PROBLEMS AND CHALLENGES

SOCIETY INTEGRATION EDUCATION Proceedings of the International Scientific Conference ◽

10.17770/sie2020vol1.5041 ◽

2020 ◽

Vol 1 ◽

Author(s):

Marta Kive

Keyword(s):

Educational Institution ◽

Personal Data ◽

Transition Process ◽

Educational Institutions ◽

School Year ◽

Data Portability ◽

The Right ◽

Data Controller ◽

The Relationship ◽

Data Subject

The right to data portability applies only to personal data provided to the controller by the data subject himself, and only if the processing was initially based on the consent of the user or on the basis of a contract. Most cases when students or their parents submits their personal data to educational institution are cases covered by this right, moreover, in most cases, those are sensitive personal data.In the context of the right to data portability, data subjects directly transmit data from one data controller to another where technically possible. The regulation does not specify what is meant by “technically feasible”. The wording indicates that this should be addressed on a case-by-case basis and a dynamic interpretation of the term "technically feasible" should be ensured. This is limited because the Regulation does not oblige data controllers to accept or maintain compatible processing systems. In case with educational institutions and students’ opportunities to change the study place including mid-school year it’s important to identify problems with data portability and facilitate the transition process to get student into the new study environment and system faster and more effective.For this purpose, the author identifies main problems and challenges that educational institutions can face when they act as a data controllers. The subject of the research is the relationship between the data subject (students) and the data controller (educational institution), implementing the right to data portability.

Download Full-text

Protection of Personal Data in Clouds and Rights of Individuals

Cloud Computing Law ◽

10.1093/oso/9780198716662.003.0008 ◽

2021 ◽

pp. 257-293

Author(s):

Dimitra Kamarinou ◽

Christopher Millard ◽

Felicity Turton

Keyword(s):

Personal Data ◽

General Data Protection Regulation ◽

Computing Services ◽

Cloud Computing Services ◽

Data Portability ◽

In Parenthesis ◽

Definition Of ◽

The Individual ◽

The Right ◽

Data Subject

This chapter focuses on the rights and remedies that individual users of cloud computing services may enjoy under the EU's General Data Protection Regulation (GDPR). It begins by considering the concept of the individual as 'data subject', which is inextricably linked to the concept of 'personal data'. The term 'data subject' is not defined explicitly in the GDPR. Instead, it is referenced in parenthesis within the definition of personal data. The definition of personal data is purposefully broad so as to include the vast range of information from which an individual may be identified. The chapter then explores the rights afforded to data subjects, including the right to be informed; the rights of access, rectification, and erasure; the right to data portability; the right to object to processing; and the right not to be subject to automated decision making, including profiling. Finally, it looks at the remedies and compensation available to data subjects. One of the biggest challenges to data subjects knowing and being able to exercise their rights is a potential lack of transparency with regard to how and by whom their personal data are collected and further processed in the cloud.

Download Full-text

PROBLEMS OF APPLICATION OF THE RIGHT TO DATA PORTABILITY

Acta Prosperitatis ◽

10.37804/1691-6077-2020-11-116-127 ◽

2020 ◽

pp. 116-127

Author(s):

Marta Kive

Keyword(s):

Personal Data ◽

Legal Framework ◽

The European Union ◽

General Data Protection Regulation ◽

Advantages And Disadvantages ◽

Data Portability ◽

The Right ◽

Data Controller ◽

Machine Readable ◽

Data Subject

The aim of the publication is to analyze the advantages and disadvantages of the right to data portability, as well as to look at them in the context of development of a legal framework for the protection of personal data. The General Data Protection Regulation entered into force on 25 May 2018 and introduced a new legal framework for the protection of personal data in the European Union, and also included several new rights, including the right to data portability. These are rights of the data subject to receive personal data concerning himself, which he has provided to the controller, in a structured, widely used and machine‐readable format, and transmit this information to another controller, if it is possible. The right to data portability applies only to personal data provided by the controller to the data subject himself, and only if the processing was initially based on the consent of the user or on the basis of a contract. This means that the right to data portability is not feasible when data processing is based on another legal basis. In the context of the right to data portability, data subjects directly transmit data from one data controller to another where technically possible. The regulation does not specify what is meant by “technically feasible”. The wording indicates that this should be addressed on a case‐by‐case basis and a dynamic interpretation of the term “technically feasible” should be ensured. This is limited because the Regulation does not oblige data controllers to accept or maintain compatible processing systems.

Download Full-text