GDPR : what does data portability really mean ?

The General Data Protection Regulation (GDPR) enforces the concept of data portability. What it means remains however opaque for most of us as the concept behind data portability can’t be easily applied and doesn’t really correspond to any expressed or latent consumer’s needs.

Portability : a game changer for many industries, pushed by the European Commission

The concept of portability is at the heart of the action of the European Commission for the defense of consumers’ rights. No one can deny that the action of the European Commission has been instrumental in removing barriers to competition and ensuring the freedom of European citizens.
We are now able to switch easily from one mobile phone operator to the other while keeping our cell phone number.
We can easily switch from electricity and gas provider; we can change banks in a matter of days at (almost) no cost.
There is certainly still an insufficiant number of consumers taking advantage of those opportunities.
In short, the concept of “portability” is all about the ability, for consumers, to transfer one service from provider A to provider B without being penalized and with the lowest switching costs possible.

Data portability : your personal data is your property

The concept of “data portability” is the natural extension of “services portability”. While services can be transferred flawlessly from one provider to the other, data should be too.
Data is valuable like the services you pay for are. Data is used by providers to evaluate customers (this is especially true in the insurance sector where prices depend on risk profiles and will increasingly depend on real-time data). The idea behind data portability is thus to allow consumers to bring their valuable data, representative of their very profiles, to other providers to either obtain a better price or a better service.

Data portability remains a theoretical concept

Although the intention behind data portability is very interesting, it remains purely theoretical. A consumer could very well claim the property of its data and ask a copy of it before his or her account is erased from the provider’s database (right to be forgotten or right to erasure in GDPR). But what do you do with the data then ? In the absence of a standard to exchange data it’s highly unlikely for other providers to “ingest” that data and make something out of it.
Imagine you ask your favorite retailer to give you a copy of your purchase history of the last 10 years. Even if it manages to give it to you, what will another retailer make with it ? Its IT systems are likely to be different and not compatible with your data. And what is 10-year old data actually worth ?

Conclusion

All the questions outlined in the sections above are of ciurse not tackled by GDPR. The European Commission has set out some borad concepts but not explained how to implement them. You’ll have to be creative to make sense out of them.

By Pierre-Nicolas Schwab Pierre-Nicolas est Docteur en Marketing et dirige l'agence d'études de marché IntoTheMinds. Ses domaines de prédilection sont le BigData l'e-commerce, le commerce de proximité, l'HoReCa et la logistique. Il est également chercheur en marketing à l'Université Libre de Bruxelles et sert de coach et formateur à plusieurs organisations et institutions publiques. Il peut être contacté par email, Linkedin ou par téléphone (+32 486 42 79 42)