Your Right to Data Portability

As a data subject you have the right to request that the data controller gives you your personal data so you can move it to another controller. You can think of it as roughly similar to your ability to ask your mobile network operator to port your number to another network.

The data should be provided to you as a file with your information in a structured, commonly used and machine-readable format. If technically feasible you can also ask one data controller to directly transfer your personal data to another.

This right is set out in Article 20 of the GDPR. The full text of the article is at the bottom of this page.

 

Real world example: In December 2019 Facebook announced a Photo Transfer tool which allows Facebook users to transfer their photos to another online service, should they wish to. This is data portability.

Where next?

Read more elsewhere
    
1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and

(b) the processing is carried out by automated means.

2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
    
4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.


Topics

Data Protection Fundamentals (basics, definitions and more …)
Your Rights (all your data protection rights: access, information, rectification and more …)
In More Detail (explorations and explanations of data protection concepts …)
Keeping Track (tracking Subject Access Requests and complaints to Supervisory Authorities …)