A massive European Union regulation going into effect next May could deliver an unexpected benefit on the other side of the Atlantic: letting you take your data from social networks that today don’t let you download what you uploaded — then move it to another network.
This “data portability” mandate is one of many key provisions in the EU’s upcoming General Data Protection Regulation, the product of a privacy-policy effort that began in 2012. And it’s also the one most likely to benefit you, even if you never cross the pond.
Data portability is good but often absent
Privacy rules traditionally stop a company from giving your data to others. But Article 20 of the GDPR’s roughly 54,000-word text says nothing about that. Instead, it requires that a company you’ve uploaded your data to give it back to you “in a structured, commonly used and machine-readable format” — that is, one that you could then move to a competing service. Other provisions require the original company to delete your old data on request.
In other words, data portability promotes privacy by removing an obstacle keeping you from taking your content and business elsewhere. It makes your contributions to a social network your property, not their hostage.
But this customer-friendly feature has seen uneven adoption since Google (GOOG, GOOGL) began adding data-portability options a decade ago and made “data liberation” (the ability to completely erase your information from a service) a formal goal in 2009.
A year later Facebook (FB) added its own download-your-data feature, though Instagram, which is owned by Facebook, lacks a comparable export function. Twitter (TWTR), meanwhile, added an option to export an archive of your tweets in 2012.
Verizon-owned Oath’s (VZ) Flickr photo-sharing site lets you download archives of albums but not of all them at once, while the Tumblr blogging service has no export option. (Verizon is Yahoo Finance’s parent company.)
Data portability and its absence have barely figured into Washington’s policy discussions, although the Obama White House did implement data-download standards at some government sites.
Enter the EU
The GDPR’s data-portability rules, however, apply to any company dealing with the data of EU residents, not just firms based in the EU. And violations of those rules can result in fines of €20 million or 4% of a company’s worldwide annual revenue, whichever is higher.
“This new portability requirement will start to…