GDPR

The ‘Personal’ in Personal Data: Who is Responsible for Our Data and How Do We Get it Back?

Winner of Best in Category, Justis International Law and Technology Writing Competition 2020 for the Category of Social Media, Data and Privacy In our data-driven society, every piece of technology that connects us to the internet collects our personal data (any information relating to an identified or identifiable natural person), building elaborate profiles on what we are doing, where we are, and even who we are. As data subjects (those about whom personal data are collected), we can no longer hide from data controllers (those who collect and determine what these data are used for).

Co-Creating Autonomy: Group data protection and individual self-determination within a data commons

Recent privacy scandals such as Cambridge Analytica and the Nightingale Project show that data sharing must be carefully managed and regulated to prevent data misuse. Data protection law, legal frameworks, and technological solutions tend to focus on …

The Right to Data Portability in Practice: Exploring the Implications of the Technologically Neutral GDPR

Our paper explores the right to data portability in depth by making 230 requests to data controllers on the day the GDPR was enforced. We found the key points summarised below: The European General Data Protection Regulation (GDPR) introduces one new data subject right, Article 20’s right to data portability (RtDP). The RtDP aims to allow data subjects to obtain and reuse their personal data for their own purposes across different services.

How Portable is Portable? Exercising the GDPR’s Right to Data Portability

For a more updated and detailed version of this paper, see our work ‘The Right to Data Portability in Practice: Exploring the Implications of the Technologically Neutral GDPR’.