The ability to receive personal data in a structured, machine-readable format for transfer to another service.
Data portability enables Data Principals to receive their personal data in a structured, commonly used, and machine-readable format, facilitating transfer to another Data Fiduciary. While DPDPA 2023 does not explicitly enumerate data portability as a standalone right (unlike GDPR Article 20), the broad access rights under Section 11 combined with the Government's digital India policies support portability expectations. Future rules or sector-specific regulations may formalize this right further.
Even without explicit portability mandates, providing data in portable formats (JSON, CSV) demonstrates good practice and prepares you for likely future regulations. It also builds trust and reduces customer lock-in complaints.
A customer switching from one Bengaluru health app to another requests all their health records in a standard format. While not strictly required today, providing FHIR-formatted health data or structured CSV exports demonstrates best practice and builds trust.
DPDPA 2023 does not currently mandate portability in the same way GDPR does. However, the broad access right and India's Data Empowerment Architecture (DEPA) framework suggest portability requirements are likely in future amendments.
DPDPA Shield automates Data Principal Rights. See how →