Skip to main content

Data Portability

Eline N. Lincklaen Arriens

Views, thoughts, and opinions expressed in the text belong solely to the author, and do not represent the views of the Support Centre for Data Sharing or the European Commission.

If you’re involved in the data sharing community in any way, shape, or form, you will have heard about data portability. Mark Zuckerberg neatly summarised the principle of data portability in a Facebook post on March 2019. He stated that if you share data with one service, you should also be able to move it to another, effectively giving people a choice on how to share their data and enabling developers to innovate and compete in the market.1 The implications of data portability make it vital for the Internet and the digital world as it enables people to create services to satisfy consumers demands. Thus, due to its significance, it’s one of the areas in the digital world where experts in the field argue more regulation is needed, next to aspects such as harmful content, election integrity, and privacy.

So, what is the status of data portability? In the EU, Article 20 of the General Data Protection Regulation (GDPR) is titled “Right to data portability”.2 To break it down, data portability is one of the eight rights enforced by the EU GDPR and allows data subjects to obtain their data from the ‘controller’ who is holding it and to re-use this data for their own purposes. This data must be received “in a structured, commonly used and machine-readable format”.3 In the USA, there is a Data Portability Act where there is the right to receive, or download data, and where companies are required to establish a mechanism to export data.4 However, though companies are required to establish this mechanism, the Act does not require them to import data or impose any requirements on importing data.

In terms of real-life initiatives that are exploring data portability, there are several ongoing examples or experiments. One example is the Data Mobility Infrastructure Sandbox – a project facilitated by Ctrl-Shift that includes the partners Barclays, British Telecom, Centrica plc, BBC, and Facebook. The project aims to explore how to enable organisations and citizens to access the economic and social benefits of what they called “Personal Data Mobility”. In the experiment, Ctrl-Shift and the participating organisations examine how to deliver safe data sharing and investigated how new markets can be unlocked by making data sharing safe for individuals and organisations. Ctrl-Shift will continue developing the Personal Data Mobility Infrastructure Sandbox. In this research, they will focus on personal data sharing and the infrastructure needed to share personal data. In addition, they will look at how to ensure that personal data is being shared safely between public and private organisations in a way that is legally compliant.

Looking for more pieces on data portability, on legislation around data sharing in the EU or US, or on data sharing examples? Explore the Support Centre for Data Sharing.