Earlier this year we saw Facebook take significant steps towards giving users greater control over their data in the form of a new data portability initiative.
Under the new controls, which are called “Transfer Your Information”, users will now be able to transfer their notes and posts to external services such as Google Docs, Blogger and WordPress.com. It follows previous efforts to allow the sharing of photos and videos to Backblaze, Dropbox, Google Photos and Koofr.
These new initiatives serve as a way for Facebook to ‘lower the walls’ of its ecosystem, so to speak, and make it easier for users to access relevant information across a variety of platforms. But it also raises some interesting questions about the role of data portability in the future of the internet.
Upon making the announcement, Facebook’s director of privacy and public policy Steve Satterfield made an interesting comment.
“We plan to continue expanding our data types and partners in the future,” he said.
“However, the ecosystem we are building to support data portability will not come to fruition without regulation that clarifies which data should be made portable and who is responsible for protecting data once it has been transferred. We hope that today’s updates can help advance conversations with policymakers, developers and experts about these issues.”
Both the European Union’s GDPR and California’s Consumer Privacy Act (both of which apply to Facebook) require companies to provide personal information in a readily usable format upon request.
And while these requirements are clear in the regulation, what is not always so clear (and likely what Satterfield was referring to) is what formats data has to be in and whether or not interoperability measures are required.
There is no doubt that data portability can serve as a way to benefit both consumers and businesses, however, there are still some details that need to be figured out before it can truly reach its full potential.
As the Centre of Regulation in Europe points out, there is an inherent conflict in data portability regulation. While a personal data portability right promotes the exchange and reuse of data, principles of data minimisation (which exist in the GDPR) can undermine this.
The European Data Protection Board has also suggested that there is a liability issue, if data shared under a data portability agreement is then misused.
To make data portability better, it is recommended that these regulators firstly take time to clarify some of these legal grey areas and put a more concerted effort into enforcing these laws.
The possibility of a ‘continuous data portability’, in which consumers are given the ability to frequently transfer their personal and non-personal data, is also raised by the Centre of Regulation in Europe as a way to get data portability into the mainstream.
This would require the development of standardised APIs to be run directly on the data located on a data controller’s server. While data portability now is very focused on making one-off transfers (such as Facebook’s recent initiatives) a continuous framework would require a more permanent level of interconnectedness between entities.
Whether or not this is ultimately feasible remains to be seen, however, we have seen the potential benefits of a more collaborative data portability scheme right here in Australia in the form of the Consumer Data Right.
At smrtr, we are staunch believers in providing consumers with control of their data and the potential power of a data portability initiative. We are constantly looking for ways to work with open data for both consumer and commercial benefit so a continuous data portability framework would further enable us to map together this relevant information.
Image: Unsplash/Solen Feyissa
By Boris Guennewig, Co Founder & CTO at smrtr