Intermediaries do matter: voluntary standards and the Right to Data Portability // WINNER

download pdf
Written by Matteo Nebbiai
Reading Time -
Tags Data, Portability, Privacy

This paper enlightens an understudied aspect of the application of the General Data Protection Regulation (GDPR) Right to Data Portability (RtDP), introducing a framework to analyse empirically the voluntary data portability standards adopted by various data controllers. The first section explains how the RtDP wording creates some “grey areas” that allow data controllers a broad interpretation of the right. Secondly, the paper shows why the regulatory initiatives affecting the interpretation of these “grey areas” can be framed as “regulatory standard-setting (RSS) schemes”, which are voluntary standards of behaviour settled either by private, public, or non-governmental actors. The empirical section reveals that in the EU, between 2000 and 2020, the number of such schemes increased every year and most of them were governed by private actors. Finally, the historical analysis highlights that the RtDP was introduced when many private-run RSS schemes were already operating, and no evidence suggests that the GDPR impacted significantly on their spread.

Matteo Nebbiai

PhD Candidate at King's College London

Matteo Nebbiai

About the author

Matteo Nebbiai is a PhD Candidate at the Department of Political Economy at King’s College London. He is interested in the impact of transnational private regulation on digital policies, especially concerning data sharing and data protection standards. In the past, he investigated the independence of Data Protection Authorities and the competition policy in digital markets. Previously, he studied political science at the University of Florence and the Sant’Anna School of Advanced Studies and worked as a Digital Analyst at the St. Gallen Endowment for Prosperity through Trade.