2019
DOI: 10.1093/idpl/ipz008
|View full text |Cite
|
Sign up to set email alerts
|

The right to data portability in practice: exploring the implications of the technologically neutral GDPR

Abstract: The European General Data Protection Regulation (GDPR) introduces one new data subject right, Article 20's right to data portability (RtDP). The RtDP aims to allow data subjects to obtain and reuse their personal data for their own purposes across different services. • We investigate the RtDP by making 230 real-world data portability requests across a wide range of data controllers. The RtDP is interesting to study as it operates under a framework that aims to be technologically neutral while requiring specifi… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

3
40
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
3
2
1

Relationship

0
6

Authors

Journals

citations
Cited by 33 publications
(43 citation statements)
references
References 9 publications
3
40
0
Order By: Relevance
“…In line with our findings, previous studies report various anomalies, poor practices, and severe compliance issues on the side of the data controllers, resulting in low rates of satisfying responses to data subject requests [1,10,19,24,34,37]. Besides a widespread unwillingness or inability to provide the requested data in time [2,10,34,37], researchers have observed the use of inappropriate file formats for the transfer of personal data [42], instances of personal information leakage to impostors [7,10], issues concerning the language and clarity of interactions [24], and unsafe procedures to authenticate data subjects [4,25]. In some cases, researchers were not even able to locate the contact details of data controllers, rendering any request submission impossible from the outset [17,24].…”
Section: Related Worksupporting
confidence: 87%
See 4 more Smart Citations
“…In line with our findings, previous studies report various anomalies, poor practices, and severe compliance issues on the side of the data controllers, resulting in low rates of satisfying responses to data subject requests [1,10,19,24,34,37]. Besides a widespread unwillingness or inability to provide the requested data in time [2,10,34,37], researchers have observed the use of inappropriate file formats for the transfer of personal data [42], instances of personal information leakage to impostors [7,10], issues concerning the language and clarity of interactions [24], and unsafe procedures to authenticate data subjects [4,25]. In some cases, researchers were not even able to locate the contact details of data controllers, rendering any request submission impossible from the outset [17,24].…”
Section: Related Worksupporting
confidence: 87%
“…Existing research-based suggestions and recommendations for data controllers need to be compiled into actionable guidelines and distributed in a form that makes them digestible for small-and medium-sized organizations, such as app vendors. This includes, in particular, guidance on how to authenticate data subjects safely [4,7,25], how to transfer personal data [42], and how to facilitate the submission of requests [2,10,17]. It should be a key objective to replace the error-prone manual processing of data subject requests with automated and standardized interfaces for obtaining personal data and other privacy-related information.…”
Section: Discussionmentioning
confidence: 99%
See 3 more Smart Citations