How portable is portable? Exercising the GDPR's right to data portability
Description changed:
In conjunction with the British Computer Society
Room 4.31,
University of Edinburgh Informatics Forum,
10 Crichton Street,
Edinburgh.
Speaker: Janis Wong, PhD researcher in Computer Science at the University of St Andrews
The new European General Data Protection Regulation (GDPR) reinforces existing data subject rights in an attempt to rebalance power between citizens and the increasingly sizeable and international companies that are collecting and exploiting data from them. The GDPR introduces one new data subject right, and the focus of this talk, Article 20 the right to data portability (RtDP). The RtDP aims to allow data subjects to obtain and reuse their personal data for their own purposes across different services.
As no empirical research has been done to assess the RtDP, we exercise the right by making 230 real-world data portability requests across a wide range of data controllers. The RtDP is interesting to study as it operates under a framework that aims to be technologically neutral while requiring specific technologies for implementation. Our research assesses the ease of the RtDP process from the perspective of the data subject and to examine the file formats returned by data controllers.
This talk will discuss the responses to 230 real-world data portability requests, and examine the file formats returned and difficulties in making and interpreting requests. We find variation in file formats, not all of which meet the GDPR requirements, and confusion amongst data controllers about the various GDPR rights. Legal and technical recommendations and future work for various stakeholders are also be discussed.
About the speaker:
Janis Wong is a PhD researcher in Computer Science at the University of St Andrews and is part of the Centre for Research into Information, Surveillance and Privacy (CRISP). She also holds an LLB from the London School of Economics.
Her current research aims to understand why people have certain values towards privacy by exploring the mechanisms in which contextual values in the data science process can be represented through the interdisciplinary engagement of Computer Science and Management, as well as in political, legal, economic, and social areas. These values include, but are not limited to, ethical data sharing, algorithmic accountability, mitigating biases, the preservation of privacy for groups, and research ethics.