Users have the right to retrieve their data stored with online services and have it transferred to other services, for example when changing providers. Initial studies from the bidt project “Motivation and Implementation of Data Portability” reveal that, whilst there is a great demand for transferring data between services, little is known about any relevant legal implications.
In May 2018, the General Data Protection Regulation, GDPR for short, came into force. It describes the rights that users of online services have and can enforce against service providers. In addition to the already widely discussed rights to data erasure (the so-called right to be forgotten, § 17) and information, also included is the right to data portability (§ 20). This regulates users’ receipt of their data stored with a particular service provider, but additionally covers transference to another service provider.
This is designed to allow users to decide more easily and freely which services they want to use. Hence, when changing providers, users have the right to take all previously created or uploaded content with them. Here is an example: A jogger who records his running times and routes with a fitness tracker and stores them in the cloud of provider A could demand, when switching to provider B with a different cloud, that routes and times be synchronised between the providers.
The possibility of porting data between providers is not only associated with the hope of strengthening user rights on the internet. Many also see it as an opportunity for the German digital sector. For instance, benefits could be derived by users being able to choose more freely between services and switch more easily from major foreign corporations to more data protection-friendly European providers without losing their data and self-generated content.
Research on data portability at the bidt – initial results from the project
But how can the right to data portability be implemented in a user-friendly way in practice? Where and how do users actually want to make use of it? Professor Jens Großklags (Technical University of Munich), Professor Johann Kranz (Ludwig-Maximilians-University Munich) and Professor Susanne Mayr (University of Passau) pursue these and other questions in the interdisciplinary bidt project “Motivation and Implementation of Data Portability”.
In two initial online surveys, the team investigated how well-known the right to data portability is and for which types of online services users would like to change providers in the first place. Initial results show that the GDPR right to data portability is the least well-known.
Data portability? 70 per cent have never heard of it
Of 246 participants who were involved in the first survey conducted in November 2019, less than a third had already heard of the right to data portability. More than half knew about the other rights mentioned in the GDPR, with as many as 89% aware of their right to data erasure (see Figure 1).
The situation is similar regarding the question of how well people can imagine what exactly is meant by the right to data portability: here, on a scale of 0 (“I have no idea”) to 5 (“I am fully aware”), the interviewees answered with an average of 2,3. Hence, on average respondents have little or no idea what the right to data portability means. All other rights in the GDPR law are assessed as easier to understand (see Figure 2).
These results reveal, especially regarding the right to data portability, that there is a great demand for information and clarification. This is all the more so as users need simple and user-friendly solutions for data portability when switching providers, according to another survey.
Many want to switch but shy away from doing so
More than 10% of the surveyed users of services such as social networks (e.g. Facebook) or cloud storage (e.g. Dropbox) say that they would actually want to leave their current provider and switch to a different one, but do not do so for a number of reasons. Most of all concerns about data protection and privacy together with a general lack of trust in the current provider are cited as important motives for wanting to switch (see Figure 3).
But why do users not switch to more data protection-friendly providers?
The obstacles stated by respondents are that they are not familiar with comparable services and/or have little experience with switching services. In addition, there is also the fear that any change would be costly and involve the loss of much data and other information. Two-thirds of respondents are concerned about a loss of such data.
Provide more support to users
These initial project results are non-representative snapshots of surveys involving predominantly young and highly educated participants. More representative data is to follow. Nevertheless, these results already illustrate that the right to data portability addresses a real need for internet users: to be able to exchange data between services and to switch providers in an uncomplicated way.
However, for users to gain real benefit from their right they need at least: on the one hand, knowledge about their entitlement to data retrieval and data portability when switching providers and on the other hand simple and user-friendly technical solutions that support them in data porting. Both aspects will be examined over the course of this project.
The blogs published by the bidt represent the views of the authors; they do not reflect the position of the Institute as a whole.