More Web Proxy on the site http://driver.im/

research-article

How Portable is Portable?: Exercising the GDPR's Right to Data Portability

Authors:

Tristan HendersonAuthors Info & Claims

UbiComp '18: Proceedings of the 2018 ACM International Joint Conference and 2018 International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers

Pages 911 - 920

https://doi.org/10.1145/3267305.3274152

Published: 08 October 2018 Publication History

Abstract

The new European General Data Protection Regulation has introduced several new rights designed to empower users and regulate imbalances of power between those who collect and control data and those to whom the data refer. In this paper we focus on one particular right, the right to data portability, and examine how it is being implemented. We discuss the responses to 230 real-world data portability requests, and examine the file formats returned and difficulties in making and interpreting requests. We find variation in file formats, not all of which meet the GDPR requirements, and confusion amongst data controllers about the various GDPR rights.

References

[1]

Article 29 Data Protection Working Party. 2017. 'Guidelines on the right to data portability'. WP 242 rev.01. (5th Apr. 2017).

[2]

J. Ausloos and P. Dewitte. 2018. 'Shattering one-way mirrors --- data subject access rights in practice'. International Data Privacy Law, 8, 1, (Feb. 2018), 4--28.

[3]

U. Bojars, A. Passant, J. Breslin and S. Decker. 2008. 'Social networks and data portability using semantic web technologies'. In 2nd Workshop on Social Aspects of the Web.

[4]

I. Brown and C. T. Marsden. 2013. Regulating Code. MIT Press, Cambridge, MA, USA.

[5]

The Curlie Directory. 2018. Retrieved 25/08/2018 from http://curlie.org/.

[6]

The Data Transfer Project. 2018. Retrieved 28/07/2018 from https://datatransferproject.dev/.

[7]

P. De Hert, V. Papakonstantinou, G. Malgieri, L. Beslay and I. Sanchez. 2018. 'The right to data portability in the GDPR: towards user-centric interoperability of digital services'. Computer Law & Security Review, 34, 2, (Apr. 2018), 193--203.

[8]

L. Edwards. 2018. 'Data protection: Enter the General Data Protection Regulation'. In Law, Policy and the Internet. L. Edwards, editor. Hart Publishing, London.

[9]

B. Engels. 2016. 'Data portability among online platforms'. Internet Policy Review, 5, 2, (June 2016).

[10]

European Union. 2015. 'Decision (EU) 2015/2240 of the European Parliament and of the Council of 25 November 2015 establishing a programme on interoperability solutions and common frameworks for European public administrations, businesses and citizens (ISA2 programme) as a means for modernising the public sector'. Official Journal of the European Union, L318, (4th Nov. 2015), 1--16.

[11]

European Union. 1995. 'Directive of the European Parliament and the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data'. Official Journal of the European Union, L281, (23rd Nov. 1995), 1--20.

[12]

European Union. 2016. 'Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)'. Official Journal of the European Union, L119, (4th May 2016), 1--88.

[13]

I. Graef, D. Clifford and P. Valcke. 2018. 'Fairness and enforcement: bridging competition, data protection and consumer law'. International Data Privacy Law (forthcoming), (July 2018).

[14]

I. Graef, M. Husovec and N. Purtova. 2017. 'Data portability and data control: lessons for an emerging concept in EU law'. International Data Privacy Law (forthcoming), (Nov. 2017).

[15]

Information Commissioner's Office. 2018. Your right of access. Retrieved 01/07/2018 from https://ico.org.uk/your-data-matters/your-right-of-access/.

[16]

R. Mahieu, H. Asghari and M. van Eeten. 2017. 'Collectively exercising the right of access: individual effort, societal effect'. In GigaNet (Global Internet Governance Academic Network) Annual Symposium. (Dec. 2017).

[17]

C. Marsden. 2018. 'Prosumer law and network platform regulation: the long view towards creating offdata'. Georgetown Law Technology Review, 2, 2, 376--398.

[18]

F. Mccown and M. L. Nelson. 2009. 'What happens when facebook is gone?' In 9th ACM/IEEE-CS Joint Conference on Digital libraries. (June 2009), 251--254.

Digital Library

[19]

C. Norris, P. de Hert, X. L'Hoiry and A. Galetta, editors. 2017. The Unaccountable State of Surveillance. Springer, Cham.

Digital Library

[20]

Open Knowledge International. 2015. The open data handbook. Retrieved 25/07/2018 from http://www.opendatahandbook.org/guide/en/.

[21]

P. Swire and Y. Lagos. 2013. 'Why the right to data portability likely reduces consumer welfare: antitrust and privacy critique'. Maryland Law Review, 72, 2, 335--380.

[22]

L. Urquhart, N. Sailaja and D. McAuley. 2018. 'Realising the right to data portability for the domestic Internet of things'. Personal and Ubiquitous Computing, 22, 2, (Apr. 2018), 317--332.

Digital Library

[23]

H. Ursic. 2018. 'Unfolding the new-born right to data portability: four gateways to data subject control'. SCRIPT-ed, 15, 1, (Aug. 2018), 42--69.

[24]

B. Van der Auwermeulen. 2017. 'How to attribute the right to data portability in Europe: a comparative analysis of legislations'. Computer Law & Security Review, 33, 1, (Feb. 2017), 57--72.

[25]

S. Weiss. 2009. 'Privacy threat model for data portability in social network applications'. International Journal of Information Management, 29, 4, 249--254.

Digital Library

[26]

N. Zingales. 2015. 'Of coffee pods, videogames, and missed interoperability: reflections for EU governance of the Internet of Things'. (2015).

Cited By

Birrell ERodolitz JDing ALee JMcReynolds EHutson JLerner A(2024)SoK: Technical Implementation and Human Impact of Internet Privacy Regulations2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00206(673-696)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00206
Jamieson JYamashita N(2023)Escaping the Walled Garden? User Perspectives of Control in Data Portability for Social MediaProceedings of the ACM on Human-Computer Interaction10.1145/36101887:CSCW2(1-27)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3610188
Pöhn DMörsdorf NHommel W(2023)Needle in the Haystack: Analyzing the Right of Access According to GDPR Article 15 Five Years after the ImplementationProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605064(1-10)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605064
Show More Cited By

Index Terms

How Portable is Portable?: Exercising the GDPR's Right to Data Portability
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Using artificial intelligence to support compliance with the general data protection regulation

The General Data Protection Regulation (GDPR) is a European Union regulation that will replace the existing Data Protection Directive on 25 May 2018. The most significant change is a huge increase in the maximum fine that can be levied for breaches of ...
Are We There Yet?: Understanding the Challenges Faced in Complying with the General Data Protection Regulation (GDPR)
MPS '18: Proceedings of the 2nd International Workshop on Multimedia Privacy and Security

The EU General Data Protection Regulation (GDPR), enforced from 25\textsuperscriptth May 2018, aims to reform how organisations view and control the personal data of private EU citizens. The scope of GDPR is somewhat unprecedented: it regulates every ...
Opening Privacy Sensitive Microdata Sets in Light of GDPR
dg.o '19: Proceedings of the 20th Annual International Conference on Digital Government Research

To enhance the transparency, accountability and efficiency of the Dutch Ministry of Justice and Security, the ministry has set up an open data program to proactively stimulate sharing its (publicly funded) data sets with the public. Disclosure of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

UbiComp '18: Proceedings of the 2018 ACM International Joint Conference and 2018 International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers

October 2018

1881 pages

ISBN:9781450359665

DOI:10.1145/3267305

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing
University of Florida: University of Florida
SIGCHI: ACM Special Interest Group on Computer-Human Interaction

In-Cooperation

SIGSPATIAL: ACM Special Interest Group on Spatial Information

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 October 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

UbiComp '18

Sponsor:

SIGMOBILE
University of Florida
SIGCHI

UbiComp '18: The 2018 ACM International Joint Conference on Pervasive and Ubiquitous Computing

October 8 - 12, 2018

Singapore, Singapore

Acceptance Rates

Overall Acceptance Rate 764 of 2,912 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
747
Total Downloads

Downloads (Last 12 months)86
Downloads (Last 6 weeks)12

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Birrell ERodolitz JDing ALee JMcReynolds EHutson JLerner A(2024)SoK: Technical Implementation and Human Impact of Internet Privacy Regulations2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00206(673-696)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00206
Jamieson JYamashita N(2023)Escaping the Walled Garden? User Perspectives of Control in Data Portability for Social MediaProceedings of the ACM on Human-Computer Interaction10.1145/36101887:CSCW2(1-27)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3610188
Pöhn DMörsdorf NHommel W(2023)Needle in the Haystack: Analyzing the Right of Access According to GDPR Article 15 Five Years after the ImplementationProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605064(1-10)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605064
Pöhn DGruschka N(2023)Past and Present: A Case Study of Twitter’s Responses to GDPR Data RequestsPrivacy Technologies and Policy10.1007/978-3-031-61089-9_4(57-84)Online publication date: 1-Jun-2023
https://dl.acm.org/doi/10.1007/978-3-031-61089-9_4
Jakobi TGrafenstein M(2023)What HCI Can Do for (Data Protection) Law—Beyond DesignHuman Factors in Privacy Research10.1007/978-3-031-28643-8_6(115-136)Online publication date: 10-Mar-2023
https://doi.org/10.1007/978-3-031-28643-8_6
Norval CCornelius KCobbe JSingh J(2022)Disclosure by Design: Designing information disclosures to support meaningful transparency and accountabilityProceedings of the 2022 ACM Conference on Fairness, Accountability, and Transparency10.1145/3531146.3533133(679-690)Online publication date: 21-Jun-2022
https://dl.acm.org/doi/10.1145/3531146.3533133
Pins DJakobi TStevens GAlizadeh FKrüger J(2022)Finding, getting and understanding: the user journey for the GDPR’S right to accessBehaviour & Information Technology10.1080/0144929X.2022.207489441:10(2174-2200)Online publication date: 27-May-2022
https://doi.org/10.1080/0144929X.2022.2074894
Karasoy ÖTurgut GDegeling M(2022)Datenübertragbarkeit – Zwischen Abwarten und UmsetzenSelbstbestimmung, Privatheit und Datenschutz10.1007/978-3-658-33306-5_16(327-342)Online publication date: 6-Apr-2022
https://doi.org/10.1007/978-3-658-33306-5_16
Cobbe JLee MSingh J(2021)Reviewable Automated Decision-MakingProceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency10.1145/3442188.3445921(598-609)Online publication date: 3-Mar-2021
https://dl.acm.org/doi/10.1145/3442188.3445921
Tolsdorf JFischer MLo Iacono L(2021)A Case Study on the Implementation of the Right of Access in Privacy DashboardsPrivacy Technologies and Policy10.1007/978-3-030-76663-4_2(23-46)Online publication date: 19-May-2021
https://doi.org/10.1007/978-3-030-76663-4_2
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents