Data Portability and the GDPR: User Rights

Data portability is one of the core rights that data subjects have under the GDPR. It is very important for the optimal protection of user rights, but also crucial for the overall economic development.

Data Portability: Defined

Data Portability is in fact a very simple right. Basically, an individual has the right to swiftly and easily move all their data from a single service provider on to another one in a highly standardised, common format. For example, they could move their e-mails or contacts to another provider. Or, their pictures and profile details from one social network to another.

This measure has been introduced to aid individuals in finding services they like without fearing that their data would be lost. It also helps reduce the inconvenience on switching services by having to input all the data again. Many large companies were banking on the users’ reluctance to switch instead of introducing new features in order to keep their users.

Now they will have to try harder, whereas users will be able to try out novel services.

The Economy?

In theory, startups should be the happiest group to see this right. They will now have an easier time of attracting new users, since the inconvenience of changing services goes out of the window. In turn, this should foster innovativeness and competitiveness between companies in the entire EU.

This will provide customers with a greater range of choices and ensure the EU does not fall behind in innovation and technology compared to the rest of the world.

The Nitty-Gritty

The principle of data portability goes as follows: As soon as the individual makes a request, the company has 30 day to compile the data and either provide it to the individual or directly transfer it to another service. The data should be in a common format so that it can be easily shared and used with minimal alterations.

Companies can charge a proportional, small fee for excessive requests or very large requests that require plenty of administrative workload. Most often, these requests will be made offline, but the GDPR allows for written requests as well.

The entire process should be performed with regard to safety of personal data of individuals whose data is being transferred. To that end, the company should make sure the person initiating the request is indeed the person whose data will be transferred. They have the right to require login identification, but may also ask for other forms of verification, such as ID scans or similar.


Overall, the data portability principle will balance out the powers that huge companies have over the regular folk. They will be able to choose their online service providers without being forced to stay under the threat of seeing their data deleted. This will spur growth and competition, and all this will benefit the end users. Furthermore, they will now know exactly where their data is and what data the companies actually hold on their servers.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s