Large amounts of data are collected about us when we use digital services. This data provides an accurate picture of digital service users as consumers and members of society. Users often “pay” with their data for the use of services, even those that are free of charge.
In the future, as new technologies develop, more and more data on users will be collected. Connected devices (Internet of Things devices) will become more common in our homes and daily life. More and more of us will move and interact in virtual worlds and use connected devices.
In today’s data economy, a few large technology giants have considerable power and earning potential thanks to the amount of data they have collected on the users of their services. Individuals have been disadvantaged in the data economy because they have had little insight into how the data collected about them is being used. Sitra’s new memorandum The right to data portability in the fair data economy – Extending the right of individuals to benefit from managing their data looks at how this could be legally improved by empowering individuals and strengthening their right to control and transfer the data collected about them.
The right to data portability in the fair data economy
What if service users could better manage the data collected about them and transfer that data to, for example, a competing service for their own benefit? What if consumers could also earn money from data about themselves and choose how to do so?
The European Union is building a fairer data economy through regulation. The conclusion of Sitra’s legal review in the memorandum is that the current EU legal framework takes a fragmented approach to the right to data portability. This can make it more difficult for individuals to benefit from this right.
The right to data portability is already addressed in several EU legal instruments. It was first recognised in the General Data Protection Regulation (Article 20) and has since been addressed and extended in subsequent legislative proposals, such as the EU Data Act, the European Health Data Space and the Digital Markets Act. For example, the new Data Act, which will apply across the EU in 2025, will set the ground rules for the transfer of data generated by the use of connected IoT devices.
Sitra has previously argued that the right of individuals to control their own data should be strengthened as a fundamental right in the digital age, and giving people the right to move their data from one system to another is one way of addressing the power imbalance.
The Sitra memorandum highlights four ways in which the right to data portability could be legally strengthened to improve the position of individuals in the data economy.
- The scope of Article 20 of the General Data Protection Regulation (GDPR) could be extended to allow individuals to exercise the right to data portability also in public services, for example.
- Article 20 of the GDPR could also be extended to non-personal data. This would take better account of the diversity of data and allow for a more effective exercise of the right to data portability.
- The right to data portability could be included in the Charter of Fundamental Rights of the European Union as a separate right alongside privacy and data protection. It could include the right to control one’s own data and the right to benefit economically from it.
- New legislation could be developed to help define what kind of data an individual can transfer. The scope should be sufficiently broad. This could improve people’s ability to decide how data about them is used.
In a new working paper published recently, Sitra has recommended that during the next mandate of the European Commission (2024-2029), the Commission should ensure people’s right to control their own data and decide how it is used in the EU.