How to attribute the right to data portability in Europe: A comparative analysis of legislations
TL;DR: This article makes a cross-examination of legislations, compares them with one another in order to offer a reflection on the future of portable data in Europe, and finally attempts to identify the best approach to attribute data portability.
About: This article is published in Computer Law & Security Review.The article was published on 2017-02-01. It has received 24 citations till now. The article focuses on the topics: General Data Protection Regulation & Service provider.
Citations
More filters
01 Sep 1996
TL;DR: The objectives of the European Community, as laid down in the Treaty, as amended by the Treaty on European Union, include creating an ever closer union among the peoples of Europe, fostering closer relations between the States belonging to the Community, ensuring economic and social progress by common action to eliminate the barriers which divide Europe, encouraging the constant improvement of the living conditions of its peoples, preserving and strengthening peace and liberty and promoting democracy on the basis of the fundamental rights recognized in the constitution and laws of the Member States and in the European Convention for the Protection of Human Rights and Fundamental Freedoms
Abstract: (1) Whereas the objectives of the Community, as laid down in the Treaty, as amended by the Treaty on European Union, include creating an ever closer union among the peoples of Europe, fostering closer relations between the States belonging to the Community, ensuring economic and social progress by common action to eliminate the barriers which divide Europe, encouraging the constant improvement of the living conditions of its peoples, preserving and strengthening peace and liberty and promoting democracy on the basis of the fundamental rights recognized in the constitution and laws of the Member States and in the European Convention for the Protection of Human Rights and Fundamental Freedoms;
792 citations
01 Jan 2018
TL;DR: In this article, the authors focused on identification of current role of social media in public marketing and analyzed the Facebook pages of 13 regions of the Czech Republic and analyzed five blocks of Kietzmann's honeycomb framework: identity, conversation, sharing, presence, and reputation.
Abstract: Social media has become a new phenomenon of the society, which significantly affects not individuals only, but also organizations, including public institutions. An article aims on identification of current role of social media in public marketing. Specifically, it focuses on the sample of 13 regions of the Czech Republic and analyzes Facebook pages of its regional authorities. The content analysis concentrates on five blocks (out of seven original ones) of Kietzmann ́s honeycomb framework: identity, conversation, sharing, presence, and reputation. Findings confirmed that all the regions have their Facebook page set up, one third of regions react on citizen ́s request up to few minutes, the other one third up to one day. Regional authorities regularly publish its posts (11 posts per week in average) and share their own content, mainly.
31 citations
08 Oct 2018
TL;DR: The responses to 230 real-world data portability requests are discussed, the file formats returned and difficulties in making and interpreting requests are examined, and confusion amongst data controllers about the various GDPR rights are found.
Abstract: The new European General Data Protection Regulation has introduced several new rights designed to empower users and regulate imbalances of power between those who collect and control data and those to whom the data refer. In this paper we focus on one particular right, the right to data portability, and examine how it is being implemented. We discuss the responses to 230 real-world data portability requests, and examine the file formats returned and difficulties in making and interpreting requests. We find variation in file formats, not all of which meet the GDPR requirements, and confusion amongst data controllers about the various GDPR rights.
26 citations
TL;DR: In this article, the authors argue that the RtDP does not fit well with the fundamental rights nature of data protection law, and should instead be seen as a new regulatory tool in EU law that aims to stimulate competition and innovation in data-driven markets.
Abstract: The right to data portability (RtDP) introduced by Article 20 of the General Data Protection Regulation (GDPR) forms a regulatory innovation within EU law. The RtDP provides data subjects with the possibility to transfer personal data among data controllers, but has an impact beyond data protection. In particular, the RtDP facilitates the reuse of personal data that private companies hold by establishing a general-purpose control mechanism of horizontal application. Article 20 of the GDPR is agnostic about the type of use that follows from the ported data and its further diffusion. We argue that the RtDP does not fit well with the fundamental rights nature of data protection law, and should instead be seen as a new regulatory tool in EU law that aims to stimulate competition and innovation in data-driven markets. What remains unclear is the extent to which the RtDP will be limited in its aspirations where intellectual property rights of current data holders—such as copyright, trade secrets and sui generis database rights—cause the regimes to clash. In such cases, a reconciliation of the interests might particularly confine the follow-on use of ported data again to specific set of socially justifiable purposes, possibly with schemes of fair remuneration. Despite these uncertainties, the RtDP is already being replicated in other fields, namely consumer protection law and the regulation of non-personal data. Competition law can also facilitate portability of data, but only for purpose-specific goals with the aim of addressing anticompetitive behavior. We conclude that to the extent that other regimes will try to replicate the RtDP, they should closely consider the nature of the resulting control and its breadth and impact on incentives to innovate. In any case, the creation of data portability regimes should not become an end in itself. With an increasing number of instruments, orchestrating the consistency of legal regimes within the Digital Single Market and their mutual interplay should become an equally important concern.
25 citations
References
More filters
01 Sep 1996
TL;DR: The objectives of the European Community, as laid down in the Treaty, as amended by the Treaty on European Union, include creating an ever closer union among the peoples of Europe, fostering closer relations between the States belonging to the Community, ensuring economic and social progress by common action to eliminate the barriers which divide Europe, encouraging the constant improvement of the living conditions of its peoples, preserving and strengthening peace and liberty and promoting democracy on the basis of the fundamental rights recognized in the constitution and laws of the Member States and in the European Convention for the Protection of Human Rights and Fundamental Freedoms
Abstract: (1) Whereas the objectives of the Community, as laid down in the Treaty, as amended by the Treaty on European Union, include creating an ever closer union among the peoples of Europe, fostering closer relations between the States belonging to the Community, ensuring economic and social progress by common action to eliminate the barriers which divide Europe, encouraging the constant improvement of the living conditions of its peoples, preserving and strengthening peace and liberty and promoting democracy on the basis of the fundamental rights recognized in the constitution and laws of the Member States and in the European Convention for the Protection of Human Rights and Fundamental Freedoms;
792 citations
TL;DR: This paper explores the limits placed by EU competition law on the acquisition and processing of personal data, and analyses whether dominant companies could be used to force dominant companies to share their data with competitors so as to stimulate competition on one or several markets.
Abstract: With the advent of the Internet, and the development of new business models, companies increasingly hold large amounts of personal data about their employees and their customers. While there is a plethora of literature on the data privacy challenges created by the Internet and these new business models, this paper explores the limits placed by EU competition law on the acquisition and processing of personal data. There is a dearth of literature, and no real precedent, addressing this question. Hence, this paper is a first attempt to address the interface between personal data and competition law. We hope that it will trigger further analysis and debate on what will increasingly become an important policy question.It is common knowledge that a fast growing number of companies, such as, for instance, telecommunications operators, banks, credit card companies, large retailers, Internet service providers, search engine providers, and social networks, collect large amounts of personal data. Other companies specialise in the processing and selling of these data. In particular, personal data are at the core of the Internet. Companies, such as Google or Facebook, have developed services and business models whose success heavily rely on the acquisition and treatment of personal data. Such data allow these companies to improve the quality of their services and make them more attractive to users. They also enable them to monetise their services through targeted (also referred to as “behavioural”) advertising. The volume, but also the quality of the personal data acquired is thus key competitive differentiators in the Internet economy. Online service users certainly benefit from the ability of their providers to use personal data they may have acquired in terms of better services (more relevant search results, etc.) and more targeted advertising. The acquisition of large volumes of data by “first mover” providers may, however, raise barriers to entry and thus deprive users from the benefits of competition. There is also a risk that online service providers may seek to prevent other companies from acquiring the data they need to compete, hence perpetuating their lead.Against this background, this paper is divided into four sections. Section II further elaborates on the critical importance of the acquisition of personal data for most key Internet players (which are referred to hereafter as “online service providers”). Section III analyses the extent to which certain practices aiming at collecting data or at depriving access to such data to competitors can be anticompetitive and constitute a breach of EU competition rules. It also analyses whether EU competition law could be used to force dominant companies to share their data with competitors so as to stimulate competition on one or several markets. Finally, Section IV concludes.
31 citations
TL;DR: It is concluded that data portability is a right of the data subject strongly connected with a fundamental right to the free development of human personality, and is also a function that cloud computing services worldwide will have to provide in order to increase users’, customers’ or consumers’ trust.
Abstract: The proposal for reform of the data protection legal framework, recently made public by the European Commission (EC), specifically enshrines a ‘right to data portability’, which is designed to reduce the difficulties for individuals to stay in control of their personal data, along with the provision of a ‘right to be forgotten’ and a ‘right to rectification’.The debates surrounding these privacy concerns, especially related to cloud computing (another ubiquitous concept), have not enjoyed a clear, unitary discourse, as IT developments have almost out-run the rhythm in which legal scholars were analysing recent threats to privacy, and especially internet privacy.This paper aims to reveal the characteristics of data portability as a legal concept in the modern world of privacy and data protection; it focuses on a few aspects of the reform proposed by the Commission, highlighting the detailed provisions of the right to data portability in the larger context of the reform.It also discusses data portability’s impact on competition and its links to international data transfers, as they will be regulated in the new EU data protection law. It concludes that data portability is a right of the data subject strongly connected with a fundamental right to the free development of human personality, and is also a function that cloud computing services worldwide will have to provide in order to increase users’, customers’ or consumers’ trust.
20 citations