The General Data Protection Regulation (GDPR), which came into effect in May 2018, provides a new framework for harmonised governance of data protection rules across the EU and the protection and empowerment of EU citizens regarding the use of their personal data. The ISA² Action 2016.07 SEMIC: Promoting semantic interoperability amongst the EU Member States has developed a study that examines the use and application of Core Vocabularies and, more specifically, the Core Person Vocabulary as a potential enabler for the data portability right. It also assesses how public administrations in the EU could comply with these provisions using Core Vocabularies.
The GDPR introduces the right to data portability (Art. 20) for all individuals: their right of data subjects to transmit their personal data to another controller without hindrance – whether these be legal, technical or financial - from the controller to which the personal data have been provided. This is also applicable to direct transmission from controller to controller upon explicit request of data subject. The transmission of data shall be ensured in structured, commonly used and machine-readable format.
The right to data portability allows data subjects to obtain personal data they have provided to a data controller in a structured, commonly used and machine-readable format as well as to transfer such data to a different controller. The main purpose of this new right is to strengthen the control of data subjects over their personal data. As such, the main elements of data portability are:
Data controllers are expected to transmit personal data in an interoperable format. As such, ‘structured, commonly used and machine-readable’ are means for enabling data portability, while interoperability is the desired outcome.
Developing means to prepare for data portability requests and the response to such requests is recognised as a good practice, also for public administrations and institutions acting in the public sector or vested with public service/public authority tasks.
Core Vocabularies, as ‘simplified, re-usable and extensible data models that capture the fundamental characteristics of a data entity in a context-neutral and syntax-neutral fashion’, are examples of such solutions to enable data portability from a technical point of view and provide means to transmit personal data in an interoperable format.
The study investigates how the use of existing specific semantic tools, specially the Core Person Vocabulary, could allow public administrations to ensure that personal data are transmitted in a structured, commonly used, and machine-readable format and that data formats are interoperable.
Read the full version of the GDPR Data Portability and Core Vocabularies study
Would you like to know more about our ISA² Core Vocabularies and how they can bring value to your organisation? Visit our Core Vocabularies pages on Joinup.
Join ISA²’s collaborative platform to find, reuse and share a wealth of ready-to-use interoperability solutions for eGovernment and best practices and discuss with your peers!
/isa2/file/190325-logo-joinup-bluepng_en190325-logo-joinup-blue.png
