Marlene Barth

A Case Study on Data Portability

Measuring the Maturity of Data Portability Exports in IoT Platforms


Today, IoT solutions and IoT platforms are widespread and used every day to manage IoT devices and their diverse information. With a high volume of personal data processed, IoT pictures a business sector where the European General Data Protection Regulation (GDPR) is omnipresent and deeply rooted in the systems, processes, products and services. The ’right to data portability’ (RTDP) that is granted in the GDPR addresses the problem of vendor lock-in due to the low maturity of the transferability of the user’s personal data. Because of the missing empirical evidence and legislative implementation recommendations, providers of IoT solutions are uncertain about the requirements whose fulfillment would be necessary for compliance to the RTDP. This article contributes to a more precise understanding of how RTDP is currently implemented in IoT platforms by requesting data portability exports from today’s IoT platform providers. The results are used to develop a RTDP maturity model and assign risks to the existing implementations.

This is a preview of subscription content, access via your institution.


  1. 1.

    Council of European Union. Council Regulation (EU) no 2016/679 EU General Data Protection Regulation. web page of the Council of European Union, apr 2016.; as of nov 2020.

  2. 2.

    Jasmin Guth, Uwe Breitenbücher, Michael Falkenthal, Paul Fremantle, Oliver Kopp, Frank Leymann, and Lukas Reinfurt. Internet of Everything: Algorithms, Methodologies, Technologies and Perspectives, A Detailed Analysis of IoT Platform Architectures: Concepts, Similarities, and Differences, pages 81-101. Springer, 2018.

  3. 3.

    European Commission. Data protection in the EU. European Commission: Law by topic. web page of the European Commission,; as of nov 2020.

  4. 4.

    Article 29 Data Protection Working Party. Guidlines on the right to data portability. web page of the European Commission,; as of nov 2020.

  5. 5.

    Office of Science and Technology Policy. Request for Information Regarding Data Portability, jan 2017. as of nov 2020.

  6. 6.

    Dana Petcu. Portability and Interoperability between Clouds: Challenges and Case Study. In Witold Abramowicz, Ignacio M. Llorente, Mike Surridge, Andrea Zisman, and Julien Vayssière, editors, Towards a Service-Based Internet, pages 62-74, Berlin, Heidelberg, 2011. Springer Berlin Heidelberg.

    Google Scholar 

  7. 7.

    Sergios Soursos, Ivana Podnar Zarko, Patrick Zwickl, Ivan Gojmerac, Giuseppe Bianchi, and Gino Carrozzo. Towards the cross-domain interoperability of IoT platforms. In 2016 European Conference on Networks and Communications (EuCNC), pages 398-402, jun 2016.

  8. 8.

    Arne Bröring, Stefan Schmid, Corina-Kim Schindhelm, Abdelmajid Khelil, Sebastian Käbisch, Denis Kramer, Danh Le Phuoc, Jelena Mitic, Darko Anicic, and Ernest Teniente. Enabling IoT Ecosystems through Platform Interoperability. IEEE Software, volume 34(1):54-61, jan 2017.

    Article  Google Scholar 

  9. 9.

    Barbara Engels. Data portability among online platforms. Internet Policy Review, jun 2016.; as of nov 2020.

  10. 10.

    Carlo Piltz. Gola, Datenschutz-Grundverordnung, DS-GVO, 2017. Art. 20 DSGVO Rn. 15.

  11. 11.

    Daniel Hodapp, Gerrit Remane, Andre Hanelt, and Lutz M. Kolbe. Business Models for Internet of Things Platforms: Empirical Development of a Taxonomy and Archetypes. In 14th International Conference on Wirtschaftsinformatik, February 24-27, 2019, Siegen, Germany, feb 2019.

    Google Scholar 

  12. 12.

    Janis Wong and Tristan Henderson. How portable is portable? Exercising the GDPR’s Right to Data Portability. 2018 ACM International Joint Conference and 2018 International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers, pages 911-920, oct 2018.

Download references

Author information



Corresponding author

Correspondence to Marlene Barth.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Barth, M. A Case Study on Data Portability . Datenschutz Datensich 45, 190–197 (2021).

Download citation