Commentary

Data Portability -- Another Tech Giant GDPR Fail?

Two things are striking about the panel of experts' advice to The Treasury. Led by Stanford University's Professor Jason Furman, the review tells the Chancellor and the Government that the tech giants would be best tackled via two new requirements:  a code of conduct and data portability.

The code of conduct is pretty obvious stuff and Professor Furman makes the point well in a Telegraph article that the tech giants would do well to sign up voluntarily. By agreeing how to handle harmful content, and a time frame to remove it, the big names of the internet could avoid far-reaching regulation.

Agree to take the harmful stuff down in a narrow time frame, with the threat of fines in the background, and the industry could almost regulate itself. Avoid that option, the theory goes, and the industry risks harsher regulation being imposed. 

That all makes sense. The second side of tackling the power of the tech giants left me thinking, hang on, don't we already have GDPR for that?

Let me explain. The review for the Treasury makes the sensible point that the tech giants' power would be diminished if people had full control over their data but, more importantly, the right to move their data wherever they wish. 

Now, like everyone in marketing journalism, I wrote about GDPR a heck of a lot last year and gave talks about its impact. I made the point that while consent was seriously overhauled, the biggest new consumer right was data portability. I suspect the lawmakers were thinking about our personal information following us between different service providers, such as a bank or mobile phone network, so switching our patronage would be as simple as possible.

However, that's exactly what the Treasury review is talking about. If we could take our account details -- and presumably, our photos and memories -- from one service to another, the power of the original host is diminished. The argument is clear.

Other tech giants have come and gone, but those in which we have invested so much of our life and data survive because it would be too much of a loss to leave behind our accounts and the messages, photographs and check-ins that we have in our profile histories. 

Isn't that exactly what GDPR compels? I would suggest it does, and the ICO's guidance on portability appears to back this up. Take a look at the guidance and it is clear that we should all be able to take our data away and use it in another IT environment. 

I would have no idea how to quit Facebook and take my data with me to another service. I suspect it's not possible.

If so, isn't this a clear breach of GDPR? The law is clear. The option to move our data to another service? Not so much. 

Next story loading loading..