The European Commission has written to EU privacy regulators to express concern over their interpretation of the data portability clause in the General Data Protection Regulation. Specifically, the Commission appears to be worried that the regulators have interpreted too broad a scope for the GDPR's Article 20, David Meyer reports in this exclusive for The Privacy Advisor. The Article 29 Working Party issued guidelines earlier this month in which it said "the right to data portability covers data provided knowingly and actively by the data subject as well as the personal data generated by his or her activity." The guidelines went on to specify that this could include "observed data provided by the data subject by virtue of the use of the service or the device," such as the subject's search history, traffic data and location data — and even "raw data such as the heartbeat tracked by a wearable device."
If you want to comment on this post, you need to login.