right to data portability

IoT is the technology of connecting electronic devices to each other or to the human agent. These tools perform tasks in various sectors of industry and commerce in accordance with the protocols given to their processor. But the mechanism of action of these tools sometimes faces challenges related to private information of individuals. Accordingly, laws enacted in developed legal systems, including the European Union, provide for rights for information holders. The purpose of this study is to analyze one of the rights expressed as "the right to exchange private data". The main question of the present study is to answer the nature of this right and the challenges of its implementation. The hypothesis of this study is that in accordance with the provisions of Article 20 of the EU General Data Protection Regulation adopted in 2016, the right to exchange private data constitutes the transfer of the right to monitor and control information collected by IoT tools from the primary controller. Is secondary. The exercise of this right is fraught with challenges, including the scope of the provisions of the right, the exceptions to the basic principles of the exercise of the right, and the mechanism of non-return processing of private data from one controller to another. The implementation of this right in the Iranian legal system is subject to the implementation of some legislative policies, including the reform of existing laws, the implementation of the infrastructure for the use of IoT tools, public awareness and supervision of competent authorities.