GDPR - data portability and multiple people
Data is often about multiple people. For example, a phone bill describes a bill payer, their friends, family members and colleagues, but also when they call each other, how frequently and how long each calls lasts. Not only can this data be very intimate, it is inherently about multiple people.
Under the GDPR, people will get a new right to move data about them between services. This right is referred to as the right to ‘data portability'.
This could lead to new products and services that use data from other organisations. It could also make switching between services simpler. But data portability also raises some hard problems that many organisations aren’t thinking about yet. For instance what happens when two people with rights over data cannot agree to move it?
In collaboration with the Open Data Institute, we’ve been exploring rights to data portability when data describes more than one person.
We developed a series of prototypes to explore data portability for multiple people - from family shopping lists, shared devices and Wi-Fi to utility bills, photo tagging and energy meters. Then we tested prototypes with people living in multigenerational homes.
The prototypes and findings have been published in a report: GDPR, Data Portability and Data About Multiple People. We hope it will help organisations design services for data portability in ways that respect the rights of groups and individuals.