L’articolo di Massimiliano Pappalardo.
***
Starting from the early months of 2019, a number of large-scale Italian retailers submitted to the Italian Data Protection Authority, the Garante, very similar complaints concerning massive data subject requests received from Italian startup Weople, whereby such a company exercised, on behalf of the data subjects that subscribed to its services via a mobile app, the right to data portability in connection to the personal data collected by the retailers’ loyalty programs. The transfer of such data was to go directly to Weople.
In a nutshell, in order to promote the services of the platform, including the exercise of the right to portability on behalf of the data subjects, Weople promises its subscribers benefits proportional to the amount and quality of personal data conferred to the platform and collected through different sources (basically the loyalty programs where the data subjects have a subscription), which the platform exploits to create commercial value.
The two main issues raised by the Garante were:
- The merchantability of personal data.
- The transfer of the personal data to the database of an intermediary and a consequent risk of duplication of the databases subject to the portability.