Digital platforms are spreading more and more with business models based on our data and which, by default, threaten our rights. On the other hand, the privilege to the portability of personal information required by the GDPR assumes an important role for a change.
It is very difficult to implement. However, innovative distributed ledger technologies including blockchain can help solve this issue, and Italy, United States and other countries have already started working on it.
The right to data portability sanctioned by the General Data Protection Regulation (GDPR) has an important role to play in favor of users the power relations that, in the digital society, are now heavily biased towards the interests of large platforms such as Google and Facebook.
But it is still a fugitive entitlement. Very little implemented - news of a few days ago, Facebook begins to experiment with the portability of photos to Google, all a year and a half after the entry into force of the GDPR.
The final version of article 20 of the GDPR brings with it a number of critical points. First of all, the subject matter of the entitlement: this refers expressly to the personal info concerning the individual and which he provided to the data controller.
It follows that depending on whether the expression "info provided" is interpreted in a restrictive sense, limiting the sphere to only the data explicitly received by the individual, rather than extensively in line with Recital 68 included in the notion of information supplied also those "provided passively" or observed and deduced then the consequences change in a consistent manner and assume a critical importance which however has not yet seen the Authorities make a decision about what the limits of data portability should be.
It goes without saying that the lack of a clear and defined regulatory framework, from the possible extensive or restrictive applications of the right to portability will depend on the delicate developments of the current digital context: the information inferred to cite one of the most delicate areas. The implications of all this will be reflected in as many entitlements including the privilege to free development of the human personality and the right to equality.
Nonetheless, the scenarios will change profoundly depending on the preference given to the two different approaches in relation to the issue of interference between the right to portability, the entitlement of access and the right to cancel.
While at the same time posing a challenge to the traditional system of competition and the privileges of control of people over their information, as well as an opportunity for systems interoperability, the right to portability impacts individuals as well as the data economy and organizations. And for the latter, the technical efforts required could actually be less complicated than one might think as regards the problems inherent in the correct fulfillment following the exercise of the right.
In an increasingly data-hungry society, to anticipate needs and desires, those who collect, sort, store and sell information have a coveted currency of exchange. Data brokers know this well and maybe they are not the only ones. Individuals, on the other hand, with due exceptions, still seem to have no interest in it.
As is known, in recent times "start-up data incubators" have been created that intend to bring users into the big business of big data, through services that remunerate every information transferred to online platforms. An ambitious intent as well as dangerous especially when associated with the level of awareness of users about the real extent of the right to portability pursuant to Article 20 GDPR and their privileges in general.
In short, specific apps are downloaded, some based on blockchain registers, their social profiles are indicated and commercial offers are evaluated by companies interested in personal info. Once the economic offer is accepted, the buyer company promises to pay the user.
In Italy an application launched at the end of 2018 by a well-known entrepreneur aims to become a real "data bank" a sort of vault where anonymous information can be conveyed and then invested in the market. All of this, according to the founders, with an ethical approach that has intrigued the Authorities which, however, have not yet disclosed their verifications.
In the United States, Senator Mark Warner of Virginia announced a proposal to force technology companies to tell users the value of their info. In California, where the California Consumer Privacy Act has already included in its provisions portability as a by-product of the right of access, Governor
That can be only preliminary and intended to be integrated as a work in progress, one cannot fail to reiterate the privilege to data portability as regulated in the GDPR, together with the interpretation given by WP 29 and other "porting rights", assumes the role of primary importance in the perspective of the strategy of the digital single market in the European Union.