Data Portability: New rights

Short URL to this document:

Track page:

Slack channel:

Email alias: 

Slug word: Portability

How can we increase access to data while retaining trust?

Technical aspects of Data Portability

Tools for Data Portability

Participatory exercise around Data Portability

Panel Session: Data Portability

Business aspects of Data Portability DELETED

Data Portability: New Rights

Opportunities and benefits offered by the GDPR

GDPR compliance requires organizations that collect customers’ personal data to provide them, among others, with a given set of new digital rights, including in some cases the right to data portability.

Data portability is expected to generate tensions between the businesses need for compliance and their ability to retain customers. Technical reasons and compliance need aside, data sharing may not be in the business interest of established companies.

On the other hand, getting access to data does interest emerging businesses testing innovative ideas. New opportunities and successful business models emerge by having more data available to be used across different services - based on real portability first and later enhanced by seamless interoperability.

This track aims to:

  • collect presentations and demos about practical implementation of the data portability right across a range of business domains;
  • understand best practices on implementing data portability in order to fulfill businesses and customers needs, including user experience;
  • explore perceived risks, opportunities and current technical barriers to empower a seamless data portability across internet services;
  • identify practical actions and recommendations on how to effectively turn data portability opportunities into new benefits.

Links to external resources:

Keywords: GDPR, data portability, personal data

How can we increase access to data while retaining trust?

Wednesday: Studio

10:45 - 12:00


Peter Wells, Jack Hardinges, Črt Ahlin (m)


In this session, the Open Data Institute team will share insights into their work on how to increase access to data, while retaining trust.

As well as the opportunities presented by increasing access to data - such as through effective data portability initiatives - it will also explore the challenges we will collectively need to tackle.

The group is encouraged to actively participate and share their thoughts, including by using an ecosystem mapping approach. The outcome of the session will be a broad set of models for increasing access to data.

Peter Wells, Head of Policy, and Jack Hardinges, Policy Advisor, Open Data Institute

Session is moderated by: Črt Ahlin

  1. Add room setup requirements (flipcharts, layout, tech etc) here:
  2. Update here below the example script...

Start        :                        10:45

Opening:                        (5 minutes, moderator)                 

Introduction to the ODI and its work on increasing access to data, while retaining trust:                                10:50 (10 minutes)

What is ecosystem mapping and why could it be useful for data portability?:                                11:00 (10 minutes)

Mapping data portability ecosystems:                                11:10 (30 minutes)

Sharing the maps:                        11:40 (15 minutes)

Closing:                        11:55 (5 minutes, moderator)

End:                                12:00

Technical aspects of Data Portability

Wednesday: Studio

13:15 - 14:30


Frederick Richter, Jessie ‘Chuy’ Chavez, Rachel Tannenbaum, Guillaume Jacquart, Črt Ahlin (m)


This session will focus on the technical aspects of data portability. We will present possible ways of implementing data portability as well as demonstrate existing use cases for transferring data from one provider to another. Finally, we will present a common framework for enabling portability of personal data and turning it into an opportunity for innovation and customer relationship.

<b>Data Portability - a risk-free solution?</b>

Frederick Richter, Stiftung Datenschutz - German Foundation for Data Protection

"You will be able just to take your data with you !" - marketing for GDPR´s new right to data portability sounded catchy and simple, but how shall industry cope with this new right of the data subject. In a project, the Stiftung Datenschutz (German Foundation for Data Protection) has examined possible ways of practically implementing of Article 20 of GDPR. Results will be presented and the recommendations discussed.

<b>The Data Transfer Project - Show and Tell Demo</b>

Jessie ‘Chuy’ Chavez, Rachel Tannenbaum, Google

The Data Transfer Project is an open source project developed by Google, and Microsoft, along with Twitter, Facebook and others, making it easy for individuals to transfer/copy data from one online service provider to another.  We will demonstrate various data portability use cases including the transfer of different types of data from one provider to another as well as from one account to another account at that same provider.

<b>Dataccess: portability by data-responsible organizations</b>

Guillaume Jacquart, FING

During this talk we will highlight the results of Dataccess project, led by Fing and Orange, which goal was to provide a common framework for enabling personal data portability. It describes user experience of acting upon the portability right, and gives advice on technical and project lead.

Session is moderated by: Črt Ahlin

  1. Add room setup requirements (flipcharts, layout, tech etc) here:
  2. Update here below the example script...

Start        :                        13:15

Opening:                        xx (5 minutes, moderator)                 

Intro of presenter 1
Frederick):                        xx (1 minute, moderator)

Presenter 1:                        
13:30 (15 minutes)

Q&A for presenter 1:                xx (5 minutes)

Intro of presenter 2
Rachel & Jessie):                xx (1 minutes)

Presenter 2:                        13:35 (15 minutes)

Q&A for presenter 2:        xx (5 minutes)

Intro of presenter 3:                xx (1 minute)

Presenter 3:                        14:00 (15 minutes)

Q&A for presenter 3
Guillaume):                        xx (5 minutes)

Closing:                        14:25 (5 minutes, moderator)

End:                                14:30

Tools for Data Portability

Wednesday: Studio

15:00 - 16:15


Brian Willard, Akio Shimono, Paul Galwas, Xavier LeFevre, Michele Nati (m)


The session will showcase four open-source projects that focus on data portability. We will start investigating how new business models can leverage data portability and what tools and technologies can support that. Following this overview we will then conclude the session with lessons learned from real cases on how to build user friendly data portability tools and experiences. In particular we will learn about: 1) Ocean Protocol, which combines economic incentives with embedded privacy and security features to revolutionise the concept of data portability under individuals control; 2) "Personium", a  Personal Data Store (PDS) solution that aims to facilitate data portability; 3) Data Transfer Project, an open source project making it easy for individuals to copy data from one online service provider to another and 4) fair&smart, a platform which connects individuals to organisations and provide them with tools to share and manage personal data,


<b>Ocean Protocol - A new lens on data portability</b>
Paul Galwas, DEX I Ocean Protocol Foundation

Data portability should be the norm rather than the exception driving the current data economy.  The Ocean Protocol promises to achieve this. The core technology is a radical new approach to 'data portability' where economic incentives meld with traditional security and privacy practices to provide a Decentralized Data Exchange platform.

The talk will introduce the Ocean Protocol and the Ocean Protocol Foundation, and show how it will revolutionise the concept of data portability, commoditize data sharing, and bring our personal data back under our control.

<b>"Personium" - PDS envisioning the Web of MyData</b>
Akio Shimono, Fujitsu Ltd. / Open Knowledge Japan

How can we citizens maximize the benefits of the new right to data portability, which is now rapidly being recognized globally?

Personal Data Store is a technology that will receive all "My Data" from hundreds of services. It aggregates and integrates them, and at times discloses a portion of them to others under user’s control for creating new values.

This talk will introduce an open-source Personal Data Store (PDS) server "Personium", providing details on its technical implementation, the underpinning business models, and the actual implemented and future use cases.

<b>The Data Transfer Project - Core Framework Overview and Development</b>

Brian Willard, Google

This talk will give a technical overview of the architecture as well as several components developed to support the
Data Transfer Project’s ecosystem including common data models, the use of industry standards, the adapter framework, the task management system, and more. We will walk through a core framework developer setup, provider integration guide, pending issues, and product roadmap.

<b>fair&smart - 3 months of Data Portability in practice</b>

Xavier Lefevre, Fair&Smart

Focus of this talk is to collect and share lessons learnt on how organizations could best deal with the implementation of the GDPR data portability right. The talk will investigate aspects including:

1. How to reply to a data portability request from a customer point of view, how to control risks and keep track of interactions; thus making the overall process a good experience from a user perspective.

2. How the obtained data could be used to design new services alone or in combination with other data sources, and how access to the different types of data could be managed in a compliant way.

Session is moderated by: Michele Nati

  1. Add room setup requirements (flipcharts, layout, tech etc) here:
  2. Update here below the example script...

Start        :                        15:00

Opening:                        (2 minutes, moderator)                 

Intro presenter 1
Paul):                                (1 minute, moderator)
Presenter 1:                        
15:03 (15 minutes)

Intro of presenter 2
Akio):                                xx (1 minutes)

Presenter 2:                        15:19 (15 minutes)

Intro of presenter 3
Brian):                        xx (1 minutes)

Presenter 3:                        15:35 (15 minutes)

Intro of presenter 3
Xavier):                        xx (1 minutes)

Presenter 3:                        15:51 (15 minutes)

Presenters panel Q&A:        16:06 (13 minutes)

Closing:                        16:14 (1 minutes, moderator)

End:                                16:15

Participatory exercise around Data Portability

Thursday: Klubisali

10:00 - 11:15


Tuula Pääkkönen, Crt Ahlin (m), Michele Nati (m)


We will start with a lightning talk presenting how GDPR’s Right for Data Portability has been implemented by service providers in the newspapers and journal industry. After setting the scene, the remaining part of the session will be ‘hands-on’ and interactive, involving participants into evaluating current tools usability, provide feedback and recommendation for the next generation of them in order to better fulfill end-users and not only service providers needs.

GDPR regulation and data portability of crowdsourcing users

Tuula Pääkkönen, National Library of Finland

As a service for a digitized newspapers and journals, enables crowdsourcing to individual users via clippings. This lightning talk will show three ways for being compliant with the data portability requirements of General Data Protection Regulation (GDPR) from the point of view of a service provider.

Session is moderated by: Crt Ahlin and Michele Nati

  1. Add room setup requirements (flipcharts, layout, tech etc) here:
  2. Update here below the example script...

Start        :                        10:00

Opening:                        (5 minutes, Michele)                 

Lightning talk (Tuula):        10:05 (3 minutes)

Discussion on tools,
list used ones                10:08 (15 minutes)

Group work - List
pros & cons of services        10:23 (15 minutes)

Compile findings
from each group                10:38 (20 minutes)

Discussion about
Findings                        11:00 (10 minutes)

Closing:                        11:10 (5 minutes, moderators)

End:                                11:15

Panel Session: Data Portability 

Friday: Alvar

10:45 - 12:00


Jim Groom, Daniela Gunz, Paul-Olivier Dehaye, Silja Lindqvist, Robert Madge, Frederick Richter


This session will start with a use case from Jim Groom, showing how data portability has been made possible across universities. Domain of One's Own could provide also a powerful example in how higher education could harness application programming interfaces (APIs) to build a more user-empowered data ecosystem at universities.  This introduction talk will be followed by a panel discussion looking at issues affecting the adoption of data portability in other sectors, such as health and finance, with a particular focus on the motivations of businesses and individuals.

The panellists for the session are:

  • Jim Groom, co-founder of Reclaim Hosting, an independent web hosting company focused on the higher education community.
  • Paul-Olivier Dehaye, an activist in the field of data protection, turned researcher, turned entrepreneur and co-founder of
  • Daniela Gunz, Director of Research Partnership at healthbank, a people-owned platform for managing health and medical data in one secure database.
  • Silja Lindqvist, specialist in digital platforms and data handling in the finance sector and currently implementing GDPR requirements in the area of Group Functions in Nordea.
  • Frederick Richter, director of Stiftung Datenschutz (German Foundation for Data Protection), whose organisation has been studying practical ways for industry to implement data portability.

The session will be moderated by Robert Madge, CEO of Xifrat Daten and commentator on GDPR issues.

  1. Add room setup requirements (flipcharts, layout, tech etc) here:
  2. Update here below the example script...

Start        :                        10:45

Opening:                          (5 minutes, moderator)                 



Closing:                        xx:xx (5 minutes, moderator)

End:                                12:00

Deleted session (decision 6th july):

Business aspects of Data Portability DELETED

Wednesday: Studio

15:00 - 16:15


Xavier Lefevre, Michele Nati (m)


This session is focused on the business aspects of data portability. Based on real implementations and existing use cases from multiple sectors and countries, we will present relevant learnings, challenges and solutions to the right of data portability.

<b>Data Portability in practice: feedback, difficulties & opportunities</b>

Xavier Lefevre, Fair&Smart

The topic proposed deals with the organization's point of view of data portability within GDPR :

1. reply to a right exercise request from a customer in a good way, control risks and keep track of interactions ; make it a good experience

2. design new services which use personal data (and open data) from multiple sources, drive the process from data access to collecting consent

Session is moderated by: Michele Nati

removed session:

Friday: Arkki

13:15 - 14:30



Core Team

Track hosts: 

Michele Nati:
Črt Ahlin: 

Supporters (support hosts):  

Paul-Olivier Dehaye: 

Robert Madge:


To be confirmed


John Sperryn:



Core Team

Hosts: role description

Facilitators: role description

Current Live text MyData 2018 Conf Website

High-level CfP process/actions

Expected Track Content Amount

Memo from telcos

Working drafts of CfP texts

Templates and other materials

Welcome (Email) Template

Response to CfP - to someone who proposes (Email) Template


Current Live text MyData 2018 Conf Website

High-level CfP process/actions

As a core team we need to manage the CfP process - reviewing proposals, agreeing and communicating those that will be included into the track programme and those not. Process runs 7th Feb - 5th April. These will constitute about 50% of the Track Programme.

In addition we need to make recommendations and invites to speakers and other entities that we wish to have present or be part of a session. These will contribute about 50% of the Track programme content.

Memo from telcos

Thurs 10th MAy 13:00 CET  (John, Crt, Michele.)

Agenda focus: proposal acceptance and session naming..

  • Check again status of proposers and trello (ok)
  • Update texts by 13th May
  • Try to improve gender balance? Ideas from CORE-Team

Thurs 19th April 13:30 CET  (..)

Agenda focus:

See below a) and b) follow-on….

Tues 17th April 13:30 CET  (John, Crt, Michele, Robert. Jogi..)

Agenda focus:

Initial status review of Proposals so far. Hopefully each core team member has made some review and has opinion.

Objective to make some first round picks: yes, no, maybe and any related questions.

Think how these fit to the current Track description and any early thoughts about session sub-themes (i.e. which proposals might work well together inside a session).

  1. Using Trello we went through each proposal in the Data Portability Track. Managed to discuss all of the current 15 proposals and make initial categorization - yes, maybe, long tail (not for our track, possibly for another track, or no).
  2. Conclusion to have second telco on Thurs 19th (same time) quickly reviewing these choices and planning the session types.

Prior to 19th, Michele would draft some ideas about possible session themes to help shape the content of each session.

The team would need to think about inviting people to speak/panel.

Current feeling is that 3 sessions may be sufficient, rather than currently allocated 4 sessions.  

Thurs 3rd April 13:00 CET  (John, Robert, Crt, ..)

Agenda focus:

Think ahead: Possible mixes of good overview speech, panel, real-life cases, demos etc..

Remember: proposals are YES (reply to proposer), MAYBE (ask from Jogi template), NO (bounce to Jogi, for emerging topics)

John to talk with local GDPR active, try and get proposal. Also check again about local bank (PSD2 experienced) who might have view on topic.

Crt - had contacts (Deloitte) and Medical info systems - following up. Possible proposal?

E.g. Paul - experience of SAR and data portability methods and tools.

Robert: focus on promoting.

Crt: to check another contact this afternoon.  

Thurs 8th March 13:00 CET  (John, Robert, Paul-Olivier Dehaye)

Agenda focus: thoughts on first CfP in (OneCub/Travel and Travel Applications).

Think ahead: Possible mixes of good overview speech, panel, real-life cases, demos etc..

Discussion about monetization and exporters and importers of data. Possibility to charge money for faster transfer of data.

Selection process: waiting until all proposals are in. we need to encourage proposals / ask people to come (issues not paying them?).

Try a balance for Male/Female, Country,

Barcelona (Amsterdam) ownership of personal data - technical infrastructure. Big Euro project ‘decode’. Focus on tech angle.

Additional marketing required.

Portability: Copying data from one service to another, rather than only moving (limiting but can find business model around it. The more transformative is copying to new services is harder, new business).

Check the new right / ethics angle for possible content (Pernilla) - consenting to portability without understanding the impact, especially when opening up.

Risks of Data Portability (Paul-Olivier to suggest contact). Not so aware of ‘observed’ or ‘infurring (profiling/categorization) data’.

Legitimate interest could be used by businesses to avoid obligations.

Portability and PSD2 (supplier speakers?) - e.g. OP Finland (and Germany).

OpenHumans will have keynote speaker, perhaps also contribution to this Track/Hack(?)

Tues 27th Feb 13:00 CET  (John, Crt, Tanel, Robert)

John to reach out to Slack General channel asking for input/ideas/done

Ask from Pernilla about ‘ethics’ and how this Track can inform citizens (what’s in it for you type).

Remember policy maker and regulator views on this topic.

Think about the SME’s (not only the largest companies).

Interpretations of Data Portability.

Check theory (academics, lawyers etc) and and practice: own experiences, processes, challenges. as example (Facebook).

Look at various sectors (targeted): think which organisations are/need data portability (MiData, Mes Info (Fing), Rainbow button. Media: BBC UK, Health etc.

Track Deliverables: what would be a good outcome? Showing how companies are solving the data portability problem.

Tues 6th Feb 13:00 CET  (possible telco)

To approve Titles and Description text.


We are aiming to publish the topic tracks and an open call for proposals on Wednesday Feb 7th at 4PM Finnish time. The announcement will be done in newsletter, several email lists and on social media. Programme team members are in key role to spread the word about the open call.

So by Friday Feb 1st at 2PM (CET) all tracks should have:

  • Title of the track (ideally not more than 4 words)
  • Subtitle (up to 8 words to add descriptive power to the title)
  • One paragraph description (approx. 150 words / 700 characters)
  • “Slug”: word that will be used in email alias and url:s (i.e.
  • fill in the form to have an email alias collectively to reach all track hosts from the same address ( Also individual programme team members may have alias (


  • Links to key external web resources relevant to the topic (0-4 links)


Weds 31st Jan 13:00 CET  (John, Crt, StJohn, Paul-Olivier Dehaye)

To approve Titles and Description text. Good discussions, some text modifications. Need to make sure this track and Interoperability Track are aligned/not overlapping and clear for audience/stakeholders.

Thurs 25th Jan 13:00 CET  (John, Crt)

To review current Titles and Description text. General discussion, some additions to the texts. Will edit ongoing towards next telco, next week.

Weds 17th Jan (John, Michele, Paul-Olivier).

Introductions and tasks highlighted. Plan to have short weekly telco same time.

  • Michele will draft the texts. Others will review
  • John to arrange @email address and invite others.

Working drafts of CfP texts

This will be the Call For Proposal on the web:

Text below the line will become ‘public’