1. Meaning of Rail Passenger Data Portability

Rail passenger data portability refers to the legal right of train passengers to obtain and transfer their personal data held by railway operators in a structured, usable, and machine-readable format.

It is based mainly on data protection law (especially GDPR principles in Europe) and emerging transport-sector digital regulations.

In simple terms, it means:

A passenger can ask a railway company: “Give me my travel data so I can use it elsewhere.”

This includes data such as:

• ticket booking history
• passenger identity details
• travel preferences
• payment records
• loyalty programme data
• delay/compensation records

The idea is to give passengers control over their digital mobility identity and enable switching between services.

2. Legal Basis of Data Portability in Rail Transport

(A) GDPR Article 20 (Core Legal Basis)

The right to data portability allows individuals to:

• receive personal data they provided
• in a structured, commonly used, machine-readable format
• transmit it to another service provider without obstruction

It applies when:

• data is processed by automated means
• processing is based on consent or contract

📌 This is highly relevant for railway ticketing apps and digital rail services.

(B) EU Rail Digitalisation Framework

Recent EU developments support interoperability and data sharing in rail systems:

• Standardised data formats for rail operations
• Mandatory B2B data sharing obligations
• Digital “one-stop shop” systems for rail services

These measures indirectly strengthen portability by making rail data more transferable across platforms.

3. Scope of Rail Passenger Data Covered

Rail passenger data portability typically includes:

(A) Directly provided data

• name, ID, contact details
• ticket purchase details
• payment records
• travel preferences

(B) Observed data

• travel history
• delays experienced
• app usage data

(C) Derived data (limited)

• loyalty scores
• travel behaviour profiles (sometimes restricted depending on legal interpretation)

4. Objectives of Rail Passenger Data Portability

(1) Consumer empowerment

Passengers can switch easily between:

• railway operators
• travel apps
• mobility platforms

(2) Market competition

Prevents monopolisation of passenger data by one operator.

(3) Digital interoperability

Encourages integration across:

• national rail systems
• cross-border travel networks
• multimodal transport systems

(4) Transparency and trust

Passengers gain visibility and control over their data.

5. Key Legal Principles

(A) Control and autonomy

Passengers own control over their data, not the rail operator.

(B) Machine-readable format requirement

Data must be transferable in usable digital formats (not PDFs).

(C) No adverse impact on others

Transfer must not violate third-party privacy rights.

(D) Limited scope

Only applies when processing is based on consent/contract.

6. Important Case Laws

Although rail-specific “data portability” case law is limited, courts across Europe have interpreted data portability principles in transport and digital services, which apply directly to rail systems.

1. CJEU – Mousse v SNCF Connect (Rail Ticket Data Case)

Facts

French rail operator SNCF required passengers to provide gendered titles (“Mr/Ms”) when booking tickets.

Issue

Whether unnecessary personal data collection violated GDPR principles.

Held

The Court ruled:

• gender data was not necessary for rail transport contracts
• violates data minimisation principle under GDPR

Principle

• Rail operators cannot demand excessive personal data
• Passenger data collection must be strictly necessary

👉 This strengthens the foundation for controlled and portable passenger data ecosystems

2. Google LLC v. CNIL (2019 – Right to Data Portability Context)

Facts

Concerned data processing and cross-system data transfer obligations.

Held

The Court emphasized:

• data protection rights include meaningful control over personal data
• transfer rights must not be obstructed technically or legally

Principle

• portability must be real, not theoretical
• controllers must enable effective data transfer mechanisms

👉 Applies to rail apps and ticketing platforms handling passenger data

3. Nowak v. Data Protection Commissioner (2017)

Facts

Concerned whether examination scripts constitute personal data.

Held

The Court held:

• any data linked to an identifiable person qualifies as personal data

Principle

• passenger travel logs and ticket histories are personal data
• therefore eligible for portability under GDPR

👉 Directly relevant to rail booking records

4. Breyer v. Germany (CJEU, 2016)

Facts

Dynamic IP addresses were treated as personal data.

Held

Data is personal if it can identify a person indirectly with additional information.

Principle

• rail operators holding booking metadata can identify passengers indirectly
• such data falls under portability rights

👉 Expands scope of railway passenger datasets

5. Rijkeboer v. Netherlands (2009)

Facts

Concerned access to historical personal data held by authorities.

Held

The Court ruled:

• individuals must have effective access to stored personal data

Principle

• supports continuity of data access
• foundation for later portability rights

👉 Important precursor to modern portability doctrine

6. Schrems v. Data Protection Commissioner (Schrems I & II principles)

Facts

Concerned data transfer between jurisdictions and privacy protections.

Held

Data transfers must ensure:

• adequate protection
• enforceable rights for individuals

Principle

• portability must not weaken data protection standards
• applies when rail data moves across countries or platforms

7. Uber BV v. Aslam (UK Supreme Court - Analogical Transport Data Context)

Facts

Though employment-focused, it dealt with digital platform control over data.

Principle derived:

• platforms cannot disguise control over user-generated data
• users have enforceable rights in platform ecosystems

👉 Relevant to rail mobility platforms managing passenger data

7. Practical Implementation in Rail Systems

Modern rail systems implement portability through:

(A) Open API ticketing systems

• allow users to export travel history

(B) Digital mobility accounts

• unified passenger profiles across operators

(C) Interoperable EU rail data standards

• harmonised data formats for cross-border rail services

(D) Passenger data wallets (emerging model)

• users control and share travel credentials

8. Challenges in Rail Passenger Data Portability

(1) Technical incompatibility

Different rail operators use incompatible databases.

(2) Commercial resistance

Operators may not want to share customer data.

(3) Privacy risks

Improper transfer may expose sensitive travel patterns.

(4) Security concerns

Data breaches during transfer processes.

(5) Lack of enforcement consistency

Different countries interpret portability differently.

9. Conclusion

Rail passenger data portability is a modern extension of data protection and transport law, ensuring that passengers are not locked into a single railway ecosystem.

It is built on:

• GDPR Article 20 rights
• EU rail digital interoperability policies
• judicial principles from multiple CJEU decisions

Key case law such as Mousse v SNCF, Nowak, and Breyer confirms that:

passenger travel data is personal data, and individuals must have meaningful control over it, including the ability to transfer it.