Introduction
Businesses are now storing more personal data on their customers than ever before—from names, addresses, and credit card numbers to such as IP addresses and browsing habits. Understandably, many consumers are speaking up and pushing back on how these businesses use their data—including an insistence on the “right to data portability.”
Data portability is an essential issue for companies that must comply with regulations such as the GDPR and CCPA. But what is data portability, exactly, and why is data portability important for organizations of all sizes and industries? Keep reading for these answers and more.
What is Data Portability?
Data portability is the concept that the users or owners of a given dataset should be able to easily move or copy this data between different software applications, platforms, services, and computing environments.
The term “data portability” actually encompasses two related, but separate, issues:
- First, that organizations should be able to easily import and export the data they collect and store, converting between different formats and standards if necessary.
- Second, that individuals should have the right to migrate their personal data between different providers or data processors.
In general, the second concept of data portability (which is more philosophical) depends on the first (which is more technical). To provide consumers with their personal data, organizations must be able to efficiently migrate this data between different IT environments in the first place.
The rise of cloud computing services has heightened technical concerns about data portability. In particular, many organizations are worried about potential “vendor lock-in,” where users feel stuck or trapped with a particular IT provider because of the costs of migrating their data to another provider. For example, an IT provider may store data in a proprietary format that makes it difficult to convert to another, more usable format.
To avoid data portability issues, organizations should store and transfer data using a popular, interoperable format whenever possible. Examples of common data formats include CSV, JSON, and XML.
In recent years, consumers have started to pay more attention to the ways in which businesses use their personal data. To this end, social networks such as Facebook, Twitter, and LinkedIn have all provided explicit ways for users to download their account data, facilitating data portability.
The Unified Stack for Modern Data Teams
Get a personalized platform demo & 30-minute Q&A session with a Solution Engineer
Data Portability for GDPR and CCPA
Due to concerns about data privacy and data security, the last several years have also seen the passage of several regulations governing how organizations can handle, collect, and store personal data. Personally identifiable information (PII) is especially important for data portability since it’s often sensitive and potentially damaging if it falls into the wrong hands.
The most prominent example of these regulations is the European Union’s GDPR (General Data Protection Regulation), which has inspired other data privacy laws such as California’s CCPA (California Consumer Privacy Act). So what does the GDPR say about data portability?
According to Article 20 of the GDPR:
“The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.”
In other words, individuals have the right to request all of the personal data that an organization stores on them. They also have the right to reuse this data as they see fit, including the ability to send this personal data to other organizations or companies as necessary. This “right to data portability” accords with the GDPR’s underlying philosophy that individuals, not organizations, are the ultimate owners of their personal data.
Recall that the GDPR applies to any organization that handles the personal data of EU citizens or residents, no matter their own physical location. If you store or process EU residents’ personal data, you must make sure that you can guarantee their right to data portability by providing them with this personal data—both in an accessible format and in a timely fashion.
California’s CCPA, which applies to for-profit businesses that handle California residents’ personal data, also gives individuals the right to data portability. Here’s the relevant passage from CCPA on data portability:
“A business that receives a verifiable consumer request from a consumer to access personal information shall promptly take steps to disclose and deliver, free of charge to the consumer, the personal information required by this section. The information may be delivered by mail or electronically, and if provided electronically, the information shall be in a portable and, to the extent technically feasible, in a readily useable format that allows the consumer to transmit this information to another entity without hindrance.”
There are a few distinctions between how the GDPR and the CCPA handle data portability. For example:
- The GDPR treats the right to data portability as its own concern, while the CCPA treats data portability as an extension of the “right of access” (i.e. the right of consumers to access their personal data).
- Unlike the GDPR, the CCPA only mandates data portability between organizations and data subjects. It does not require one organization to transmit data to another upon request, as the GDPR does.
Despite these minor differences, both the GDPR and CCPA guarantee a clear right to data portability. If you're subject to either or both of these regulations, you must make users’ personal data freely available to those who request it or face the possibility of fines and other penalties.
How Integrate.io Can Help with Data Portability
As we’ve discussed, data portability includes both technical and philosophical concerns: the ability to easily transfer data between environments, and the right for users to obtain their personal data. To properly handle both these concerns at the same time, you need a robust ETL tool like Integrate.io.
Integrate.io is a powerful, feature-rich data integration platform that helps anyone—regardless of expertise—build automated pipelines to your cloud data warehouse or data lake. With more than 100 pre-built integrations and connectors, and a simple drag-and-drop no-code interface, Integrate.io makes it easier than ever to handle data portability concerns by getting your data where it needs to go.
Want to learn more about how Integrate.io can help with data portability issues? Get in touch with our team of data experts today for a chat about your business needs and objectives, or to start your 14-day pilot of the Integrate.io platform.