The Article 29 Working Party has issued draft guidelines to be adopted next month for review and comments: 

• Guidelines on the Right to Data Portability
• Guidelines on Data Protection Officers 
• Guidelines on Identifying a Controller or Processor's Lead Supervisory Authority

The Guidelines on the Data Right to Portability, in particular, helpfully expands on an individual's "right to receive personal data processed by a data controller." This is supposed to help data subjects manage and reuse such personal data themselves.

*A stray observation: In stark contrast to the EU, such a right is not recognized in the U.S. outside of the patient-health data and financial-information contexts. Here, data that is seamlessly collected by online services and IoT products (e.g., "wearables" such as FitBits) is widely considered to be proprietary. Generally, service providers are under no obligation to disclose to customers personal data that has been collected about them. The difference in approach between the U.S. and the EU, in large part, stems from each's views on individual privacy as a legal right. The U.S., for example, adheres to the Third Party Doctrine, which heavily influences what a person's reasonable expectations of privacy are considered to be. Put differently, data shared with service providers is not considered "private." Conversely, a data subject's "right to receive personal data processed by a data controller," as enshrined by the GDPR, further adds to the sharp juxtaposition between the two jurisdictions.