It seemed like a long time ago when people freely gave away their private information to companies and services without knowing or caring how these institutions used their information. Unlike in the past, privacy and data protection have evolved so much that data owners are entitled to certain rights regarding how their information is being disseminated. This ensures the safety and confidentiality of their information. These rights also give data owners the freedom to choose how they want their information to be shared and to whom. One of these guaranteed rights is the right to data portability.
What is Data Portability?
Data portability entails moving data among different applications, programs, computing environments, or cloud services. It is the concept that the users or owners of a given dataset should be able to easily move or copy data between different software applications, platforms services, and capturing environments. It refers to the right of the data owner to request, receive and reuse their personal data for different purposes and across several platforms. The Nigerian Data Protection Regulation (NDPR) defines data portability as the ability for data to be transferred easily from one IT system or computer to another through a safe and secured means in a standard format.
Data Portability in Nigerian, South African, and Kenyan Data Protection Law
The NDPR provides individuals with the right to data portability. This means that the right can be enforced when it pertains to personal data provided by an individual to a controller. Take for instance, a person’s name is a personal information. This means that, when exercising the right to data portability, the data subject has the right to have their personal data transmitted directly from one controller to another, where technically feasible, provided that this right does not apply to processing necessary information for the performance of a task carried out for public interest or in the exercise of official authority vested in the data controller.
The right to data portability is not explicitly included in POPIA, but it could be interpreted as being included in the right of access. Section 23 of POPIA provides for the right of a data subject to request from a responsible party the record or a description of the personal information about the data subject held by the responsible party, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information. However, the Kenya Data Protection Act 2019 provides for the right to data portability. It states that a data subject has the right to receive personal data concerning them in a structured, commonly used and machine-readable format. The data subject in addition has to transmit the obtained data to another data controller or data processor without hindrance. More so, where technically possible, the data subject shall have the right to have the possible data transmitted directly from one data controller or processor to another. However this right to data portability shall not apply in circumstances where processing may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority or where it may adversely affect the rights and freedoms of others.
Why is the Right to Data Portability Necessary?
From the above, data can serve more than one purpose. Most times, data owners require access to the information they provide to a company for something entirely different from what it was initially provided for. Data Portability allows data subjects to access and monitor whatever information they provide to companies that utilise this data, as well as gives them the right to transfer their data according to their will. For example, a data subject who wants to use sign up with a service provider can request an old service provider to transfer their personal information to another service provider with more expertise on the subject.
In any case, it is essential for companies to ensure that such customers’ data is made available in an easily transferrable format whenever they request it.
Conclusion
As much as the right to data portability is a welcome development in the Data protection sphere, it remains a constantly evolving work in progress. Presently, there is yet to be a strict requirement of applicability when it comes to data subject rights. One of the core reasons for this is the lack of proper definition of the roles of the data controllers and the extent of the data they are required to release upon request.
Contributor(s):
Amaka Owums
image source: www.vecteezy.com
