Right to Data Portability

The data subject right under GDPR Article 20 to receive personal data in a structured, commonly used, machine-readable format and transmit it to another controller without hindrance. This right applies when processing is based on consent or contract performance and is carried out by automated means. Individuals can request their data be transmitted directly to another controller where technically feasible. The right doesn't require controllers to adopt or maintain processing systems that are technically compatible, but should provide data in formats like CSV, JSON, or XML. Data portability promotes data subject control and competition by making it easier to switch service providers. The right only applies to data the individual provided (not inferred or derived data) and doesn't override others' rights or freedoms. Organizations should implement processes for exporting data in portable formats, consider APIs for direct transmission, and distinguish portability requests from access requests. Unlike access rights, portability responses don't need supplementary information about processing.