Exported data uses standard, non-proprietary format with documented schema

GDPR Art. 20(1) specifies that data portability must deliver data in a structured, commonly used, and machine-readable format. CCPA §1798.110(d) requires that exports be provided in a format that allows transmission to another entity. A proprietary binary export, a JSON file with cryptic abbreviated field names, or an unversioned blob does not satisfy either requirement — users cannot interpret it, import it into another tool, or verify its completeness. This is a gap regulators check explicitly: if your export requires technical assistance to parse, it fails the portability standard. Beyond compliance, a well-structured export is also a trust signal that you built the product to serve users, not trap them.

Structure all data exports as self-documenting JSON with a _meta block, full descriptive field names, and a format version number.

{
  "_meta": {
    "exportedAt": "2026-04-18T10:00:00Z",
    "formatVersion": "1.0",
    "schemaUrl": "https://example.com/docs/data-export-schema",
    "description": "Personal data export. All timestamps are UTC ISO 8601."
  },
  "profile": {
    "id": "usr_abc123",
    "email": "user@example.com",
    "displayName": "Alice",
    "createdAt": "2025-01-15T08:30:00Z"
  },
  "activityHistory": [
    { "eventType": "page_view", "path": "/dashboard", "occurredAt": "2026-02-20T14:22:00Z" }
  ],
  "purchases": [
    { "orderId": "ord_xyz", "amount": 2900, "currency": "usd", "createdAt": "2026-01-10T09:00:00Z" }
  ]
}

Use full descriptive field names — never abbreviations like ts, uid, or amt. Publish schema documentation at the schemaUrl and update it with the format version when the export structure changes.

• ID: export-format-standard

• Severity: low

• What to look for: Enumerate every relevant item. If a data export feature exists, inspect the format of the exported file. Is it JSON, CSV, or another standard format? Is there documentation or a README embedded in the export explaining the schema (field names, data types, relationships between records)? Is the format stable enough that a user could import it into a spreadsheet or third-party tool without custom parsing? Check whether the export is a flat file (easier to import) or deeply nested (harder to work with). Check whether the exported file includes a format version so it can be interpreted correctly if the schema changes in the future.

• Pass criteria: At least 1 of the following conditions is met. Exported data is in JSON or CSV format. A schema description is included (either embedded in the JSON as a _schema key or in a separate README inside a ZIP). The format is stable and documented enough for a user to understand their data without technical assistance.

• Fail criteria: Export format is proprietary, binary, or undocumented. No schema information is provided. The export requires a specific application to parse.

• Skip (N/A) when: Data export feature does not exist (in which case the previous check already flags this as a failure).

• Detail on fail: Example: "Data export downloads a binary .dat file with no schema documentation." or "JSON export exists but field names are abbreviated without documentation (e.g., 'ts' for timestamp, 'uid' for userId).".

• Remediation: Structure the JSON export with self-documenting field names and include a schema block:

  {
    "_meta": {
      "exportedAt": "2026-02-21T10:00:00Z",
      "formatVersion": "1.0",
      "schemaUrl": "https://example.com/docs/data-export-schema",
      "description": "Personal data export. All timestamps are UTC ISO 8601."
    },
    "profile": {
      "id": "usr_abc123",
      "email": "user@example.com",
      "displayName": "Alice",
      "createdAt": "2025-01-15T08:30:00Z"
    },
    "activityHistory": [
      { "eventType": "page_view", "path": "/dashboard", "occurredAt": "2026-02-20T14:22:00Z" }
    ],
    "purchases": [
      { "orderId": "ord_xyz", "amount": 2900, "currency": "usd", "createdAt": "2026-01-10T09:00:00Z" }
    ]
  }
  

  Use full, descriptive field names (not abbreviations). Include a _meta block with export date, format version, and a link to schema documentation.