scholarly journals The Right to Data Portability: conception, status quo, and future directions

2021 ◽  
Author(s):  
Sophie Kuebler-Wachendorff ◽  
Robert Luzsa ◽  
Johann Kranz ◽  
Stefan Mager ◽  
Emmanuel Syrmoudis ◽  
...  
Keyword(s):  
Service Providers ◽  
Personal Data ◽  
The European Union ◽  
Future Directions ◽  
General Data Protection Regulation ◽  
Digital Service ◽  
General Data ◽  
Data Portability ◽  
The One ◽  
The Right

AbstractFor almost three years, the General Data Protection Regulation (GDPR) has been granting citizens of the European Union the right to obtain personal data from companies and to transfer these data to another company. The so-called Right to Data Portability (RtDP) promises to significantly reduce switching costs for consumers in digital service markets, provided that its potential is effectively translated into reality. Thus, of all the consumer rights in the GDPR, the RtDP has the potential to be the one with the most significant implications for digital markets and privacy. However, our research shows that the RtDP is barely known among consumers and can currently only be implemented in a fragmented manner—especially with regard to the direct transfer of data between online service providers. We discuss several ways to improve the implementation of this right in the present article.

Personal Data Portability In The Platform Economy: Economic Implications And Policy Recommendations

2020 ◽  
Author(s):  
Jan Krämer
Keyword(s):  
Service Providers ◽  
Personal Information ◽  
Personal Data ◽  
The European Union ◽  
Economic Implications ◽  
Digital Platform ◽  
General Data Protection Regulation ◽  
Digital Service ◽  
Data Portability ◽  
Platform Economy

Abstract Article 20 of the General Data Protection Regulation (GDPR) gave consumers in the European Union the right to port their personal data between digital service providers. We critically assess the economic implications of this new right in the light of the extant economic literature and with a focus on competition and innovation in the digital platform economy. In particular, we conclude that observed user behaviour data should clearly fall under the scope of data portability and that, above and beyond the regulations set out under GDPR, a right to port personal data continuously and in real-time would be necessary to truly empower consumers in the context of the digital platform economy. We also discuss the economics of Personal Information Management Systems (PIMSs), which many policymakers see as an essential tool for consumers in an economy where data portability becomes more widespread. However, we are sceptical that PIMS will be self-sustainable and instead advocate to facilitate the development of open-source projects, which have made little progress so far due to a lack of interfaces (which would come about with a right to continuous data portability) and due to a lack of common standards.

scholarly journals The Right to Communications Confidentiality in Europe: Protecting Privacy, Freedom of Expression, and Trust

2019 ◽  
Vol 20 (1) ◽  
pp. 291-322
Author(s):  
Frederik J. Zuiderveen Borgesius ◽  
Wilfred Steenbruggen
Keyword(s):  
Service Providers ◽  
Freedom Of Expression ◽  
Personal Data ◽  
European Convention ◽  
The European Union ◽  
Communication Services ◽  
General Data Protection Regulation ◽  
Individual Privacy ◽  
General Data ◽  
The Right

Abstract In the European Union, the General Data Protection Regulation (GDPR) provides comprehensive rules for the processing of personal data. In addition, the EU lawmaker intends to adopt specific rules to protect confidentiality of communications, in a separate ePrivacy Regulation. Some have argued that there is no need for such additional rules for communications confidentiality. This Article discusses the protection of the right to confidentiality of communications in Europe. We look at the right’s origins to assess the rationale for protecting it. We also analyze how the right is currently protected under the European Convention on Human Rights and under EU law. We show that at its core the right to communications confidentiality protects three individual and collective values: privacy, freedom of expression, and trust in communication services. The right aims to ensure that individuals and organizations can safely entrust communication to service providers. Initially, the right protected only postal letters, but it has gradually developed into a strong safeguard for the protection of confidentiality of communications, regardless of the technology used. Hence, the right does not merely serve individual privacy interests, but also other more collective interests that are crucial for the functioning of our information society. We conclude that separate EU rules to protect communications confidentiality, next to the GDPR, are justified and necessary.

scholarly journals The General Data Protection Regulation in Plain Language

2020 ◽  
Author(s):  
Bart Sloot
Keyword(s):  
Data Protection ◽  
The European Union ◽  
Security Measures ◽  
Plain Language ◽  
Process Data ◽  
General Data Protection Regulation ◽  
General Data ◽  
Data Portability ◽  
Right To Information ◽  
The Right

The General Data Protection Regulation in Plain Language is a guide for anyone interested in the much-discussed rules of the GDPR. In this legislation, which came into force in 2018, the European Union meticulously describes what you can and cannot do with data about other people. Violating these rules can lead to a fine of up to 20 million euros. This book sets out the most important obligations of individuals and organisations that process data about others. These include taking technical security measures, carrying out an impact assessment and registering all data-processing procedures within an organisation. It also discusses the rights of citizens whose data are processed, such as the right to be forgotten, the right to information and the right to data portability.

scholarly journals Identity Management and Protection Motivated by the General Data Protection Regulation of the European Union—A Conceptual Framework Based on State-of-the-Art Software Technologies

Technologies ◽  
2018 ◽  
Vol 6 (4) ◽  
pp. 115
Author(s):  
Pascal Birnstill ◽  
Erik Krempel ◽  
Paul Wagner ◽  
Jürgen Beyerer
Keyword(s):  
Data Protection ◽  
Service Providers ◽  
State Of The Art ◽  
Personal Data ◽  
Legal Rights ◽  
Data Provenance ◽  
The European Union ◽  
Usage Control ◽  
General Data Protection Regulation ◽  
General Data

In times of strongly (personal) data-driven economy, the inception of the European General Data Protection Regulation (GDPR) recently reinforced the call for transparency and informational self-determination—not only due to the penalties for data protection violations becoming significantly more severe. This paper recaps the GDPR articles that should be noticed by software designers and developers and explains how, from the perspective of computer scientists, the summarized requirements can be implemented based on state-of-the-art technologies, such as data provenance tracking, distributed usage control, and remote attestation protocols. For this, the challenges for data controllers, i.e., the service providers, as well as for the data subjects, i.e., the users whose personal data are being processed by the services, are worked out. As a result, this paper proposes the ideal functionality of a next-generation privacy dashboard interacting with data provenance and usage control infrastructure implemented at the service providers to operationalize the legal rights of the data subject granted by the GDPR. Finally, it briefly outlines the options for establishing trust in data provenance tracking and usage control infrastructures operated by the service providers themselves.

scholarly journals An Exploration of Data Interoperability for GDPR

2018 ◽  
Vol 16 (1) ◽  
pp. 1-21 ◽  
Author(s):  
Harshvardhan J. Pandit ◽  
Christophe Debruyne ◽  
Declan O'Sullivan ◽  
Dave Lewis
Keyword(s):  
Personal Data ◽  
Use Case ◽  
Information Flows ◽  
Data Interoperability ◽  
General Data Protection Regulation ◽  
Data Formats ◽  
General Data ◽  
Strong Motivation ◽  
Data Portability ◽  
The Right

The General Data Protection Regulation (GDPR) specifies obligations that shape the way information is collected, shared, provided, or communicated, and provides rights for receiving a copy of their personal data in an interoperable format. The sharing of information between entities affected by GDPR provides a strong motivation towards the adoption of an interoperable model for the exchange of information and demonstration of compliance. This article explores such an interoperability model through entities identified by the GDPR and their information flows along with relevant obligations. The model categorises information exchanged between entities and presents a discussion on its representation using existing standards. An investigation of data provided under the Right to Data Portability for exploring interoperability in a real-world use-case. The findings demonstrate how the use of common data formats hamper its usability due to a lack of context. The article discusses the adoption of contextual metadata using a semantic model of interoperability to remedy these identified shortcomings.

scholarly journals PROBLEMS OF APPLICATION OF THE RIGHT TO DATA PORTABILITY

2020 ◽  
pp. 116-127
Author(s):  
Marta Kive
Keyword(s):  
Personal Data ◽  
Legal Framework ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Advantages And Disadvantages ◽  
Data Portability ◽  
The Right ◽  
Data Controller ◽  
Machine Readable ◽  
Data Subject

The aim of the publication is to analyze the advantages and disadvantages of the right to data portability, as well as to look at them in the context of development of a legal framework for the protection of personal data. The General Data Protection Regulation entered into force on 25 May 2018 and introduced a new legal framework for the protection of personal data in the European Union, and also included several new rights, including the right to data portability. These are rights of the data subject to receive personal data concerning himself, which he has provided to the controller, in a structured, widely used and machine‐readable format, and transmit this information to another controller, if it is possible. The right to data portability applies only to personal data provided by the controller to the data subject himself, and only if the processing was initially based on the consent of the user or on the basis of a contract. This means that the right to data portability is not feasible when data processing is based on another legal basis. In the context of the right to data portability, data subjects directly transmit data from one data controller to another where technically possible. The regulation does not specify what is meant by “technically feasible”. The wording indicates that this should be addressed on a case‐by‐case basis and a dynamic interpretation of the term “technically feasible” should be ensured. This is limited because the Regulation does not oblige data controllers to accept or maintain compatible processing systems.

scholarly journals Standardisation, Data Interoperability, and GDPR

2020 ◽  
pp. 199-225
Author(s):  
Harshvardhan Jitendra Pandit ◽  
Christophe Debruyne ◽  
Declan O'Sullivan ◽  
Dave Lewis
Keyword(s):  
Personal Data ◽  
Data Interoperability ◽  
General Data Protection Regulation ◽  
General Data ◽  
Data Portability ◽  
The Right ◽  
Machine Readable ◽  
The Given ◽  
Readable Format ◽  
Machine Readable Format

The General Data Protection Regulation (GDPR) has changed the ecosystem of services involving personal data and information. It emphasises several obligations and rights, amongst which the Right to Data Portability requires providing a copy of the given personal data in a commonly used, structured, and machine-readable format – for interoperability. The GDPR thus explicitly motivates the use and adoption of data interoperability concerning information. This chapter explores the entities and their interactions in the context of the GDPR to provide an information model for the development of interoperable services. The model categorises information and exchanges and explores existing standards and efforts towards use for interoperable interactions. The chapter concludes with an argument for the use and adoption of structured metadata to enable more expressive services through semantic interoperability.

scholarly journals How Has the General Data Protection Regulation Changed the Routine of a Public Authority in Romania?

2020 ◽  
Vol 3 (1) ◽  
pp. 17
Author(s):  
Kajcsa Andrea
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Public Authorities ◽  
General Data Protection Regulation ◽  
General Data ◽  
Data Portability ◽  
The Right ◽  
The Impact ◽  
The Eu ◽  
Public Bodies

The changes that have been brought about by the General Data Protection Regulation starting with May 2018 are complex and ambitious. The General Data Protection Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years, and it introduces many concepts that are yet to be fully discovered in practice, such as the right to be forgotten, data portability and data breach notification. This paper intends to analyze the main obligations that public bodies, particularly, have after the GDPR has entered into force, and to evaluate the impact this legislative act has on the routine activities carried out by public authorities in Romania. To reach our goal, we will make reference to the obligations that are specific to public administration authorities as well as to those that public bodies are exempted from. We will also analyze the national legislative measures adopted in Romania after GDPR started to be in force, and the degree to which these have particularized the way public bodies are allowed and obliged to process personal data in Romania.

scholarly journals Algorithms that remember: model inversion attacks and data protection law

2018 ◽  
Vol 376 (2133) ◽  
pp. 20180083 ◽  
Author(s):  
Michael Veale ◽  
Reuben Binns ◽  
Lilian Edwards
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Training Data ◽  
Theme Issue ◽  
Future Directions ◽  
Model Inversion ◽  
General Data Protection Regulation ◽  
General Data ◽  
Inference Attacks ◽  
Use Of Models

Many individuals are concerned about the governance of machine learning systems and the prevention of algorithmic harms. The EU's recent General Data Protection Regulation (GDPR) has been seen as a core tool for achieving better governance of this area. While the GDPR does apply to the use of models in some limited situations, most of its provisions relate to the governance of personal data, while models have traditionally been seen as intellectual property. We present recent work from the information security literature around ‘model inversion’ and ‘membership inference’ attacks, which indicates that the process of turning training data into machine-learned systems is not one way, and demonstrate how this could lead some models to be legally classified as personal data. Taking this as a probing experiment, we explore the different rights and obligations this would trigger and their utility, and posit future directions for algorithmic governance and regulation. This article is part of the theme issue ‘Governing artificial intelligence: ethical, legal, and technical opportunities and challenges’.

scholarly journals Data Sharing Under the General Data Protection Regulation

Hypertension ◽  
2021 ◽  
Vol 77 (4) ◽  
pp. 1029-1035
Author(s):  
Antonia Vlahou ◽  
Dara Hallinan ◽  
Rolf Apweiler ◽  
Angel Argiles ◽  
Joachim Beige ◽  
...  
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Research Approach ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Protection Legislation ◽  
General Data ◽  
Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

Sign in / Sign up

Export Citation Format

Share Document