Featured in JEP’s Expert Panel – 21st March 2018
A:
The idea of data portability is to give data subjects the ability to get their personal data easily transferred from one data controller to another or receive the data themselves. Some examples might be when moving bank, utility company, email provider, or to move all your favourite music lists and preferences from one music website to another.
The information that you recorded within the data controller website is yours but not the “inferred or derived” data which the data controller produced as a result of analysing your information e.g. creating specific user profile of you based on your data and activity. Safeguards are in place to protect intellectual property rights and trade secrets of the data controller applications used.
Data provided by you to the data controller and processed using either the lawful bases of (a) consent or (b) in the performance of a contract is in scope for data portability. However the data processing activity must have been carried out by automated means –i.e. it does not cover paper files.
Data portability only relates to personal data and not pseudonymous data or data not concerning the data subject.