Position Paper - DIGITALEUROPE’s views on Article 29 Working Party draft Guidelines on the right to data portability (WP 242)
Position Paper - DIGITALEUROPE’s views on Article 29 Working Party draft Guidelines on the right to data portability (WP 242)
EXECUTIVE SUMMARY
DIGITALEUROPE as the voice of the digital technology industry in Europe welcomes the opportunity to comment on the Article 29 Working Party’s (“WP29”) draft guidelines on the right to data portability (WP 242). DIGITALEUROPE believes that the effective implementation of the General Data Protection Regulation (“GDPR”) will require a joint effort between all stakeholders built on mutual trust. We therefore welcome the decision of the WP29 to deviate from previous protocol and treat all guidance documents, including WP242, as a draft guidance document while encouraging feedback from the data protection community.
DIGITALEUROPE believes that the main objective of WP 242 should be to achieve legal certainty so that data controllers of all sizes across the EU clearly understand how the right to data portability should be implemented and will be enforced. While we welcome some of the clarifications presented in the draft document, we believe many questions remain. We are particularly concerned with the broad interpretation of the WP29 in some instances, which we believe could be difficult for companies (both large and small) to implement. DIGITALEUROPE has structured its comments in the following manner, aimed at summarising our key views:
1. Objective of the right
2. Controllership
3. Legal basis
4. Scope
5. Cost to data controller
6. Inferred and derived data
7. Personal data containing the data subject
8. What prior information should be provided to the data subject
9. Expected data format & large/complex datasets
10. Intellectual property and trade secrets
11. Interoperability and use of download tools
12. Technical feasibility