From GDPR Data Request
In most cases you cannot charge a fee to comply with a subject access request.
However, you can charge a “reasonable fee” for the administrative costs of complying with the request if:
- it is manifestly unfounded or excessive; or
- an individual requests further copies of their data following a request.
You should base the reasonable fee on the administrative costs of complying with the request.
By having this export functionality, users asking to export their data is certainly not “manifestly unfounded or excessive”.
If there is a “reasonable administrative fee”, then it should be passed onto all users, i.e. on top of premium users too…?
This is just a thought – I understand that there is a difference between a SAR and the data export functionality – txn data is just a subset of the personal information Emma stores on its users, which is why I propose that it becomes a ‘basic’ feature in the spirit of GDPR.
Its the user’s data, albeit enriched through categorisation from EMMA, and to put a paywall in front it while it’s being used by the app to get better, make money (and deliver customer value) is very much in keeping with what GDPR is meant to help balance (returning ownership to the individual, and enforcing responsible stewardship on organisations)
I don’t have a particularly strong horse in this race as my banks and credit cards offer data exports, but it’s a broader point that I think is worth considering for the wider community…