In our data-driven society, personal data are increasingly being collected and processed by sizeable and international companies. While data protection laws and privacy technologies attempt to limit the impact of data breaches and privacy scandals, …
Winner of Best in Category, Justis International Law and Technology Writing Competition 2020 for the Category of Social Media, Data and Privacy
In our data-driven society, every piece of technology that connects us to the internet collects our personal data (any information relating to an identified or identifiable natural person), building elaborate profiles on what we are doing, where we are, and even who we are. As data subjects (those about whom personal data are collected), we can no longer hide from data controllers (those who collect and determine what these data are used for).
Recent privacy scandals such as Cambridge Analytica and the Nightingale Project show that data sharing must be carefully managed and regulated to prevent data misuse. Data protection law, legal frameworks, and technological solutions tend to focus on …
This work in progress paper was presented at the 8th Asian Privacy Scholars Network Conference held at the Faculty of Law, National University of Singapore.
Our paper explores the right to data portability in depth by making 230 requests to data controllers on the day the GDPR was enforced. We found the key points summarised below:
The European General Data Protection Regulation (GDPR) introduces one new data subject right, Article 20’s right to data portability (RtDP). The RtDP aims to allow data subjects to obtain and reuse their personal data for their own purposes across different services.
For a more updated and detailed version of this paper, see our work ‘The Right to Data Portability in Practice: Exploring the Implications of the Technologically Neutral GDPR’.