On 1 August 2019 the Italian Data Protection Authority requested input from the European Data Protection Board with respect to the commercialisation/monetisation of personal data and its relationship with the right to data portability, with the objective of establishing a common position at the European Union level.
The Italian DPA’s Press Release can be found here and the letter sent by Antonello Soro, Italian DPA, to the EDPB here.
The request for an Opinion follows numerous reports from companies to the Garante concerning the Weople App which provides members with money in exchange for their personal data. Weople also offers a number of commercial, statistical and market analysis services. In their reports to the Italian DPA, the retail companies lamented that they have received numerous data portability requests from Weople to transfer the personal and consumer data of the holders of fidelity cards on the behalf of individuals.
The legitimacy of data platforms in general has recently received a significant amount of attention as of late in Italy. The behaviour of Weople is typical of data platforms where multiple data portability requests are made on behalf of users in order to populate personal data values which can be sold on the data market. Importantly, however, it’s not clear if the right to data portability can be applied when the aim is to monetise personal rata as opposed to the aim being the exercise of one’s fundamental rights.