Rights to Portability, to Object, and Against Automated Decision-Making
Portability gives data the subject provided in a machine-readable format, only where processing is by consent or contract and automated. The right to object to direct marketing is absolute; other objections are not. Automated decision-making with legal or significant effect is generally prohibited.
The Right to data portability lets subjects port data to themselves or another controller in a structured, commonly used, machine-readable format (e.g., CSV or Excel). It applies only to data the subject provided (actively or as observed data), where processing is based on consent or contract, and where processing is automated. It cannot adversely affect others' rights, including trade secrets.
When a subject objects to processing for direct marketing, the controller must cease all such processing, including related profiling - this is absolute. Objections based on public-interest tasks, official authority, or legitimate interests are not absolute: the subject must give reasons, and the controller may refuse if it has compelling overriding grounds or needs the data for legal claims.
The right against Automated decision-making is a general prohibition on fully automated decisions (including profiling) with a legal or similarly significant effect (e.g., contract cancellation, denial of a benefit or citizenship). It applies without action by the subject. Exceptions: the decision is necessary for a contract, authorized by law, or based on explicit consent.