Portability meaning

This checklist outlines the key requirements of Regulation (EU) 2023/2854, the EU Data Act It sets out what businesses must adhere to, including the following areas: data access and portability smart contracts prohibition on unfair contractual terms right to switch services (operability) open interoperability rules on international data transfers The EU Data Act is designed to foster business-to-business (B2B) and business-to-consumers (B2C) data sharing from Internet of Things (IoT) devices, promoting fair use of data and enabling the EU to realise the full potential of its data economy. It represents the second major legislative step under the European strategy for data, following Regulation (EU) 2022/868, the EU Data Governance Act. Where the EU Data Governance Act establishes the mechanisms and structures that allow companies, individuals and the public sector to share data, the EU Data Act determines who may generate value from data and under which conditions. The EU Data Act entered into force on...

STOP PRESS: This document is currently being updated to take account of the full implementation of the Data (Use and Access) Act 2025 (DUAA 2025), which amends both the UK GDPR and the Data Protection Act 2018. For further guidance on the compliance consequences of DUAA 2025, see Practice Note: Data (Use and Access) Act 2025—compliance implications. The UK General Data Protection Regulation (UK GDPR) grants data subjects several rights, including, among others: access to their personal data rectification erasure restriction of processing data portability a right of data subjects Individuals may ask an organisation at any time of their choosing to exercise one or more of these rights, and strict time limits and deadlines apply to responding to such requests promptly. See Practice Note: How to handle data subject requests. This Flowchart sets out a process for dealing with data subject requests made under the UK GDPR and reflects the requirements in the UK GDPR together...

The EU General Data Protection Regulation (EU GDPR) sets out several rights for data subjects, including the right to access their personal data, and rights to rectification, erasure, restriction of processing and data portability. Data subjects may ask an organisation to exercise one or more of these rights at any time, and strict deadlines apply to meeting such requests. For comprehensive guidance on managing data subject access requests, see Practice Note: Ireland-How to handle data subject access requests. This Flowchart outlines a process for dealing with data subject requests made under the EU GDPR. It reflects the Regulation’s requirements alongside guidance issued by the Data Protection Commissioner (DPC), and should be read with Practice Note: Ireland-How to handle data subject access requests and Ireland-Evaluating a data subject access request-flowchart, where relevant. Note 1-data subject requests The EU GDPR grants data subjects a number of rights, including: a right of access to their personal data rights to rectification, erasure and restriction of processing a...

Under Regulation (EC) 1049/2001, commonly known as the Access to EU Documents Regulation, individuals may formally request access to documents held by the EU institutions concerning human and veterinary medicines (and those unrelated to medicines)...

In this issue: Advertising, marketing and sponsorship Consumer protection Contracts Data protection International Supply chain LexTalk®Commercial: a Lexis®Nexis community Daily and weekly news alerts New and updated content Dates for your diary Trackers Latest Q&As Advertising, marketing and sponsorship ASA Ruling—25 June 2025 Three objections were lodged with the Advertising Standards Authority (ASA) about statements on the website of Bodystreet Franchise (UK) Ltd, a fitness studio promoting Electro Muscle Stimulation (EMS) training. The ASA upheld all three challenges. See: LNB News 25/06/2025 44. CMA proposes strategic market status designation for Google's search services The Competition and Markets Authority (CMA) has opened a consultation on designating Google with strategic market status for general search and search advertising under the Digital Markets, Competition and Consumers Act 2024. Proposed interventions include compulsory choice screens for search providers, fair ranking obligations, enhanced publisher controls, and data portability measures. The scope would cover Google’s...

These measures pursue a straightforward aim: to strip away the friction that frequently stops customers moving between cloud providers. It brings in compulsory contractual commitments and openness duties intended to dismantle technical, commercial and contractual hurdles that foster vendor lock-in. That spans lengthy terms, punitive exit charges and constraints on data export, each of which must now be carefully dealt with explicitly within customer agreements...

New Risk & Compliance forecast as at 16 December 2025 Our Risk & Compliance forecast dated 16 December 2025 monitors proposed regulatory developments across risk and compliance, bringing them together to help you prepare for any updates that may affect your organisation. Please examine it thoroughly; however, for ease, we have signposted a few matters that ought to be on your radar below. New items we’re tracking this month ICO guidance on lawful basis—the ICO plans to release, in winter 2025/26, refreshed guidance on lawful basis to address DUAA 2025 changes...

This Practice Note outlines the legal and practical considerations relevant to digital rights management (DRM), and examines how far technical tools and other safeguards can be deployed by rights holders to protect and administer their digital works lawfully and effectively in practice. It also sets out the categories of offences that may arise where technological protection measures are bypassed or where rights management information is abused in any context. What is digital rights management? DRM describes the technical mechanisms used by copyright owners of digital material to label, monitor and secure their assets. These controls are applied to block unauthorised copying, for instance by using encryption, ensuring that only approved software and permitted users can open a given digital file where appropriate. DRM also serves to identify content and to manage its distribution to consumers, eg by tracking how often a work is accessed for the purpose of calculating the royalties payable lawfully, or to support business models such as online music subscription services. For example, the video...

What is digital health? Digital health is a broad umbrella describing how information and communication technologies are used to enhance prevention, diagnosis, treatment, monitoring, and the management of health conditions and lifestyle habits that influence wellbeing. Its rise reflects the coming together of healthcare and technology, and a move away from provider‑focused, ‘one size fits all’ delivery towards personalised, patient‑centred care. This Practice Note explores data protection considerations across three digital health use cases: Wearables Use of artificial intelligence (AI) in medical diagnostics Digital health records Unlike mobile health (mHealth), which is limited to care delivered via mobile devices, digital health is wider in scope. It encompasses modern care models such as digital therapeutics, telemedicine, digitised health systems and electronic health records, as well as AI, machine learning and data analytics. For more on mHealth, see Practice Notes: Digital health—regulation of mHealth apps and medical software and mHealth—data protection considerations. Digital health solutions can be applied at every stage...

This Practice Note explores the following data protection, privacy and security matters arising in connection with the use of autonomous and connected vehicle technology: The technology Declaration of Amsterdam Cooperative Intelligent Transport Systems (C-ITS) United Kingdom General Data Protection Regulation Privacy and Electronic Communications Regulations 2003 Cybersecurity The Product Security and Telecommunications Infrastructure Act 2022 Connected and autonomous vehicles in the EU International Practical issues For further detail and context on additional UK legal considerations linked to this technology, see the Practice Notes: Autonomous vehicles—key legal issues and Autonomous vehicles and insurance, and for a concise overview of dates and key points, see: UK automated vehicles—tracker. To monitor developments within the EU, also consult the Practice Notes: Automated vehicles—key legal issues in the EU and EU automated vehicles—tracker. The technology Contemporary vehicles already incorporate a suite of external communications, such as satellite navigation, in-car entertainment and emergency assistance, capable of automatically transmitting precise...

STOP PRESS: This document is currently being revised to take account of the implementation of the Data (Use and Access) Act 2025 (DUAA 2025), which updates the UK GDPR and the Data Protection Act 2018. For additional guidance on the compliance implications of DUAA 2025, please see Practice Note: Data (Use and Access) Act 2025—compliance implications. [ Name of individual making request ] [ Address of individual making request ] [ Date of this response ] Dear [ insert name of individual making request ] I write in reply to your request dated [ insert date of request ]...

STOP PRESS: This document is being revised to take account of the commencement of the Data (Use and Access) Act 2025 (DUAA 2025), which updates the UK GDPR and the Data Protection Act 2018. For further guidance on DUAA 2025 compliance impacts, see Practice Note: Data (Use and Access) Act 2025—compliance implications...

STOP PRESS: This document is currently being revised to account for the commencement of the Data (Use and Access) Act 2025 (DUAA 2025), which amends the UK GDPR and the Data Protection Act 2018. For further guidance on DUAA 2025’s compliance implications, consult Practice Note: Data (Use and Access) Act 2025—compliance implications...