IGF 2019 Pre-Event #45
"GDPR - after more than one year: how to make it happen?"

MyData Global


MyData Global, an international non-profit which advocates for human-centric approach to personal data, proposes the multi-stakeholder workshop on the topic: "GDPR more than one year after. How to make it happen?" with the focus on the practical implementation of GDPR’s article 20, "Right to data portability". Article 20, paragraph 1 reads:
"The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
- the processing is carried out by automated means."

In 2019, a year after GDPR came into force, article 20 is more a formal than actionable right. On one hand, there is a lack of tools, applications and processes to make it happen on the side of the organizations processing the personal data. On the other hand, people don’t know how to access their data and their often don’t trust their data is used ethically. This hinders the economic development based on data.

The workshop will bring the representatives of government, civic organization, technical communities and business. The aim of the workshop is to raise the awareness of the global decision makers and business executives about the current status of the implementation of GDPR, and to generate the actionable solutions to make the article 20 reality in the upcoming years. The workshop will feed in into the discussion on Data Governance of IGF and contributes to the debate on the importance of human centric approach to personal data for just, equitable and inclusive model of sustainable development for everyone and reaching the SDGs (particularly SDG 8,9,10 and 16).

Practical implementation of article 20 of GDPR is particularly relevant for reaching the goal of fair data economy and prosperous digital society based on:
- Trust and confidence, that rest on balanced and fair relationships between people, as well as between people and organisations
- Self-determination, that is achieved, not only by legal protection, but also by proactive actions to share the power of data with individuals;
- Maximising the collective benefits of personal data, by fairly sharing them between organisations, individuals and society.