The Case for Data Portability as a Privacy Protection in the Digital Age

This paper provides a first-principles approach to data portability. It explores the concept and its relationship to other recognised privacy and data protection concepts. As a first-principles paper, it aims to avoid specific policy approaches, terminology and provisions such as the European Union’s adoption of data portability in Article 20 of the General Data Protection Regulation. It does however draw on existing EU analysis, examples and guidance as well as relevant insights from other countries such as Australia’s current implementation of the Consumer Data Right.

This paper approaches data portability from a privacy and data protection perspective, noting there may be flow-on effects on competition and benefits for consumers resulting from a data portability implementation.