Understanding The Right To Data Portability, Its Limitations, And Benefits

The right to data portability means to provide individuals with the right to receive personal data which they have provided to a controller in a structured and machine-readable format. It can be said as one of the most important introductions within the EU General Data Protection Regulation (GDPR) both in terms of warranting control rights to data subjects and in terms of being found at the intersection between data protection and other fields of law. The right to data portability can be applied under two circumstances:

  • When the lawful basis for processing the information is either consent or for the performance of a contract
  • When an individual is carrying out the processing by automated means (i.e. excluding paper files).

The new version of Article 20, GDPR describes the right to data portability as mentioned below


Sign up for your weekly dose of what's up in emerging technology.

1| The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

(a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and

Download our Mobile App

(b) the processing is carried out by automated means.

2| In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

3| The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to process necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4| The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

In a recent conference, the Future Of Privacy Forum (FPF) discussed the limits and benefits of the right to data portability as introduced by the GDPR. Introduction to data portability can be said as one of the greatest innovations by GDPR where one should be able to transfer his/her personal data between participants in the market.

Limitations Of Right To Portability

The right to data portability only covers personal data which is basically “provided” by the person to an organisation. The data which is not protected is the data that are the byproducts of services such as when a data controller uses an algorithm and processes data including inferences from data. The development manager of Microsoft who was in the panel discussion pointed out that there are three difficulties with data portability in practice:

  • Syntactic (is the data an integer, string, floating, or something else?)
  • Semantic (for example, if data references a “Jaguar” is it discussing a car or an animal)
  • Policy-related (how does it interact with existing regulations and contractual requirements for these companies).


Security has always been a key concern but it should not be used as an excuse for porting data. According to the panel discussion, ideally, each data controller would have the GDPR already as a starting point of compliance, and as such, it would have applied all protective portions such as transparency, lawfulness, etc.

Watch the full discussion below:

More Great AIM Stories

Ambika Choudhury
A Technical Journalist who loves writing about Machine Learning and Artificial Intelligence. A lover of music, writing and learning something out of the box.

AIM Upcoming Events

Regular Passes expire on 3rd Mar

Conference, in-person (Bangalore)
Rising 2023 | Women in Tech Conference
16-17th Mar, 2023

Early Bird Passes expire on 17th Feb

Conference, in-person (Bangalore)
Data Engineering Summit (DES) 2023
27-28th Apr, 2023

Conference, Virtual
Deep Learning DevCon 2023
27 May, 2023

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox

A beginner’s guide to image processing using NumPy

Since images can also be considered as made up of arrays, we can use NumPy for performing different image processing tasks as well from scratch. In this article, we will learn about the image processing tasks that can be performed only using NumPy.

RIP Google Stadia: What went wrong?

Google has “deprioritised” the Stadia game streaming platform and wants to offer its Stadia technology to select partners in a new service called “Google Stream”.