EBF advisor: Noémie Papp
Publication date: 15 February 2017
Article 20 of the General Data Protection Regulation introduces a new right to data portability which aims at empowering the data subject by giving him/her more control over his/her personal data and encouraging free movement of data within the European Union. Data portability is central in order to provide customers with more choice, avoid data monopolies (competition issue) and allow personal data to be available to other operators (with consumer consent). Within regulated industries, customers already experience and benefit from the possibility to switch from one service provider to another.
The European Banking Federation (EBF) welcomes the possibility given to provide comments on the Guidelines prepared by the Article 29 Data Protection working party (Article 29 WP) on the right to data portability.
In our views, further considerations should be given to the need to:
- Clarify the liabilities in the application of the data subject’s right to receive personal data and the right to transmit personal data from one data controller to another data controller;
- Ensure that the scope of the right of data portability is only limited to data actively provided by the data subject to the controller (raw data);
Ensure that sufficient security is maintained and risks prevented in the context of the transmission of personal data to the data subject;
Ensure the framework of the right of data portability of the General Data Protection Regulation (GDPR) is aligned with recent legislative initiatives at EU level which already regulate the right to data portability (for example the Payment Accounts Directive (PAD), the new Payment Services Directive (PSD2) etc.);
Ensure that public consultations of stakeholders will take place prior to the adoption of the guidelines with a reasonable period of response.