First published in
LawTalk, April 2017 edition.
In his 3 February report to the Minister of Justice, the Privacy Commissioner made a number of recommendations for reform to the Privacy Act 1993. Among them was the recommendation that a right to data portability be introduced.
Data portability refers to an individual's ability to easily move their personal information from one agency to another. That right has recently been incorporated into the EU General Data Protection Regulation (GDPR), which entitles individuals to receive the personal data they have provided to an agency in a "structured, commonly used and machine-readable format". It also entitles individuals to request that the agency transmit that information directly to another agency (which may include a competing business) where technically feasible.
Intuitively, the introduction of such a right would appear to be a positive development for members of the public. There is clear value for people in being able to retrieve their own information easily and in an interoperable format. However, during consultation for the GDPR a number of less straightforward issues were raised. These included the risk that the transferral of information between agencies could lead to the disclosure of important (and valuable) business information, the risk that increased portability could escalate the mischief resulting from a security breach, and the negative ramifications of the consequential rise in compliance costs.
These concerns, and others, have been more comprehensively addressed in the article "A Right to Data Portability: Privacy and Competition Law Concerns", by Bell Gully's Kristin Wilson and Joanna Trezise, published in the April 2017 edition of Law Talk. The full article is available on the New Zealand Law Society's website here.
This publication is necessarily brief and general in nature. You should seek professional advice before taking any action in relation to the matters dealt with in this publication.