Article 20 Right to data portability

2020 ◽  
Author(s):  
Orla Lynskey
Keyword(s):  
Personal Data ◽  
Article 9 ◽  
Data Portability ◽  
Data Subject

Recital 68; Article 6 (Lawfulness of processing); Article 9 (Processing of special categories of personal data); Article 13 (Information to be provided when the personal data are collected from the data subject) (see too recitals 61–62); Article 14 (Information to be provided when the personal data have not been obtained from the data subject); Article 23 (Restrictions) (see further recital 73).

Article 4(11). Consent

2020 ◽  
Author(s):  
Lee A. Bygrave ◽  
Luca Tosoni
Keyword(s):  
Decision Making ◽  
Information Society ◽  
Personal Data ◽  
Individual Decision ◽  
Individual Decision Making ◽  
Article 9 ◽  
Data Portability ◽  
Article 5 ◽  
Data Subject

Article 5 (Principles relating to processing of personal data) (see also recitals 33, 39 and 50); Article 6(1)(a) (Lawfulness of processing on basis of consent) (see too recital 40); Article 7 (Conditions for consent) (see also recital 42); Article 8 (Conditions applicable to child’s consent in relation to information society services) (see too recital 38); Article 9(2)(a) (Processing of special categories of personal data on basis of consent) (see too recital 51); Article 13 (Information to be provided where personal data are collected from the data subject) (see too recitals 60–62); Article 14 (Information to be provided where personal data have not been obtained from the data subject); Article 17 (Right to erasure) (see too recital 65); Article 20 (Right to data portability) (see too recital 68); Article 22 (Automated individual decision-making, including profiling) (see too recital 71); Article 49(1)(a) (Transfer of personal data to third country or international organisation on basis of consent) (see too recitals 111–112).

Article 9 Processing of special categories of personal data

2020 ◽  
Author(s):  
Ludmila Georgieva ◽  
Christopher Kuner
Keyword(s):  
Decision Making ◽  
Data Protection ◽  
Personal Data ◽  
Genetic Data ◽  
Biometric Data ◽  
Individual Decision Making ◽  
Vital Interest ◽  
Data Portability ◽  
Definition Of ◽  
Data Subject

Article 4(1) (Definition of personal data); Article 4(2) (Definition of processing); Article 4(11) (Definition of consent); Article 4(13) (Definition of genetic data, see also recital 34); Article 4(14) (Definition of biometric data); Article 4(15) (Definition of data concerning health, see also recital 35); Article 6(4)(c) (Lawfulness of processing, compatibility test) (see too recital 46 on vital interest); Article 13(2)(c) (Information to be provided where personal data are collected from the data subject); Article 17(1)(b), (3)(c) (Right to erasure (‘right to be forgotten’)); Article 20(1)(a) (Right to data portability); Article 22(4) (Automated individual decision-making, including profiling); Article 27(2)(a) (Representatives of controllers or processors not established in the Union); Article 30(5) (Records of processing activities); Article 35(3)(b) (Data protection impact assessment) (see too recital 91); Article 37(1)(c) (Designation of the data protection officer) (see too recital 97); Article 83(5)(a) (General conditions for imposing administrative fines).

Data Portability as a Data Subject Right

2021 ◽  
pp. 159-188
Author(s):  
Helena U. Vrabec
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Narrow Scope ◽  
Right To Be Forgotten ◽  
Data Protection Law ◽  
Data Portability ◽  
The Right ◽  
Data Subject

Chapter 7 analyses the right to data portability set out in Article 20 of the GDPR. It first provides an overview of several commercial and regulatory initiatives that preceded the GDPR version of the right to personal data portability. Next, it explores the language of Article 20 to demonstrate the effects of the narrow scope of the right. The chapter then shows how data portability interacts with other data subject rights, particularly with the right to access and the right to be forgotten, before it describes manifestations of data portability in legal areas outside of the data protection law. Finally, the chapter explores the specific objective of the right to data portability under the GDPR as an enabler of data subjects’ control.

Article 7 Conditions for consent

2020 ◽  
Author(s):  
Eleni Kosta
Keyword(s):  
Information Society ◽  
Scientific Research ◽  
Personal Data ◽  
Article 9 ◽  
Data Portability ◽  
Definition Of ◽  
General Conditions

Article 4(11) (Definition of consent) (see too recitals 32 and 33 on consent for scientific research purposes); Article 6(1)(a) (Lawfulness of processing—consent) (see also recitals 40 and 42–43); Article 8 (Conditions applicable to child’s consent in relation to information society services); Article 9(2) (Processing of special categories of personal data—consent) (see too recital 50); Article 13(2)(c) (Information to be provided—withdrawal of consent); Article 14(2)(d) (Information to be provided—withdrawal of consent); Article 17(1)(b) (Right to erasure—withdrawal of consent) (see also recital 65); Article 18(2) (Right to restriction of processing); Article 20(1)(a) (Right to data portability) (see also recital 68); Article 22(2)(c) (Automated decisions and profiling) (see also recital 71); Article 49(1)(a) (Derogations for specific situations) (see also recital 111); Article 83 (General conditions for imposing administrative fines) (see also recitals 155 and 171).

Article 23 Restrictions

2020 ◽  
Author(s):  
Dominique Moore
Keyword(s):  
Decision Making ◽  
Personal Data ◽  
Information Communication ◽  
Individual Decision ◽  
Individual Decision Making ◽  
Right To Be Forgotten ◽  
Data Portability ◽  
Article 5 ◽  
Right Of Access ◽  
Data Subject

Article 5 (Principles relating to processing of personal data) (see too recitals 41, 45 and 50); Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject); Article 13 (Information to be provided where personal data are collected from the data subject); Article 14 (Information to be provided where personal data have not been obtained from the data subject); Article 15 (Right of access by the data subject); Article 16 (Right to rectification); Article 17 (Right to erasure, ‘right to be forgotten’); Article 18 (Right to restriction of processing); Article 20 (Right to data portability); Article 21 (Right to object); Article 22 (Automated individual decision-making, including profiling); Article 34 (Communication of a personal data breach to the data subject).

EDUCATIONAL INSTITUTION AS A DATA CONTROLLER: PROBLEMS AND CHALLENGES

2020 ◽  
Vol 1 ◽  
Author(s):  
Marta Kive
Keyword(s):  
Educational Institution ◽  
Personal Data ◽  
Transition Process ◽  
Educational Institutions ◽  
School Year ◽  
Data Portability ◽  
The Right ◽  
Data Controller ◽  
The Relationship ◽  
Data Subject

The right to data portability applies only to personal data provided to the controller by the data subject himself, and only if the processing was initially based on the consent of the user or on the basis of a contract. Most cases when students or their parents submits their personal data to educational institution are cases covered by this right, moreover, in most cases, those are sensitive personal data.In the context of the right to data portability, data subjects directly transmit data from one data controller to another where technically possible. The regulation does not specify what is meant by “technically feasible”. The wording indicates that this should be addressed on a case-by-case basis and a dynamic interpretation of the term "technically feasible" should be ensured. This is limited because the Regulation does not oblige data controllers to accept or maintain compatible processing systems. In case with educational institutions and students’ opportunities to change the study place including mid-school year it’s important to identify problems with data portability and facilitate the transition process to get student into the new study environment and system faster and more effective.For this purpose, the author identifies main problems and challenges that educational institutions can face when they act as a data controllers. The subject of the research is the relationship between the data subject (students) and the data controller (educational institution), implementing the right to data portability.

Protection of Personal Data in Clouds and Rights of Individuals

2021 ◽  
pp. 257-293
Author(s):  
Dimitra Kamarinou ◽  
Christopher Millard ◽  
Felicity Turton
Keyword(s):  
Personal Data ◽  
General Data Protection Regulation ◽  
Computing Services ◽  
Cloud Computing Services ◽  
Data Portability ◽  
In Parenthesis ◽  
Definition Of ◽  
The Individual ◽  
The Right ◽  
Data Subject

This chapter focuses on the rights and remedies that individual users of cloud computing services may enjoy under the EU's General Data Protection Regulation (GDPR). It begins by considering the concept of the individual as 'data subject', which is inextricably linked to the concept of 'personal data'. The term 'data subject' is not defined explicitly in the GDPR. Instead, it is referenced in parenthesis within the definition of personal data. The definition of personal data is purposefully broad so as to include the vast range of information from which an individual may be identified. The chapter then explores the rights afforded to data subjects, including the right to be informed; the rights of access, rectification, and erasure; the right to data portability; the right to object to processing; and the right not to be subject to automated decision making, including profiling. Finally, it looks at the remedies and compensation available to data subjects. One of the biggest challenges to data subjects knowing and being able to exercise their rights is a potential lack of transparency with regard to how and by whom their personal data are collected and further processed in the cloud.

Article 27 Representatives of controllers or processors not established in the Union

2020 ◽  
Author(s):  
Christopher Millard ◽  
Dimitra Kamarinou
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Supervisory Authority ◽  
Criminal Convictions ◽  
Article 9 ◽  
Judicial Remedy ◽  
Data Subject

Article 3 (Territorial scope) (see also recitals 23–24); Article 4(17) (Definitions); Article 9 (Processing of special categories of personal data) (see also recitals 10, 51–54); Article 10 (Processing of personal data relating to criminal convictions and offences) (see also recital 97); Article 13 (Information to be provided where personal data are collected from the data subject) and Article 14 (Information to be provided where personal data have not been obtained from the data subject) (see also recitals 60–62); Article 30 (Records of processing activities) (see also recital 82); Article 31 (Cooperation with the supervisory authority); Article 35 (Data protection impact assessment) (see also recitals 89–93); Article 36 (Prior consultation) (see also recital 94); Article 79 (Right to an effective judicial remedy against a controller or processor) (see also recital 145).

Sign in / Sign up

Export Citation Format

Share Document