“Data portability” is a feature that lets a user take their data from a service and transfer or “port” it elsewhere. This often comes up in discussions about leaving a particular social media platform and taking your data with you to a rival service. But bringing data to a competing service is just one use for data portability; other, just-as-important goals include analyzing your data to better understand your relationship with a service, building something new out of your data, self-publishing what you learn, and generally achieving greater transparency.
Regardless of whether you are “porting” your data to a different service or to a personal spreadsheet, data that is “portable” should be easy to download, organized, tagged, and machine-parsable.
EFF supports users’ legal right to obtain a copy of the data they have provided to an online service provider. Once you move beyond that, however, the situation gets more complicated. Data portability interacts, and sometimes even conflicts, with other digital rights priorities, including privacy and security, transparency, interoperability, and competition. Here are some of the considerations EFF keeps in mind when looking at the dynamics of data portability.
Privacy and Security
Any conversation about data portability in practice should keep privacy and security considerations front and center.
First off, security is a critical concern. Ported data can contain extremely sensitive information about you, and companies need to be clear about the potential risks before users move their data to another service. Users shouldn’t be encouraged to share information with untrustworthy third parties. And data must always be protected with strong security in transit and at its new location.
How do we unravel the data you provide about yourself to a service from the data your friends provide about you?
Second, it’s not always clear what data a user should have the right to port. There are a lot of questions to grapple with here: When does "data portability" presume inclusion of one's social graph, including friends' contact information? What are all the ways that can go wrong for those friends’ privacy and security? How do we unravel the data you provide about yourself, the data your friends provide about you, and all the various posts, photos, and comments you may interact with? And then, how can we ensure data portability respects all of those users’ right to have control over their information?
While there are no easy answers, the concept of consent is a starting point. For example, a service could ask friends for their specific, informed consent to share contact information when you initiate a download of all your data. Companies should also explore technical solutions that might allow users to export lists of friends in an obfuscated, privacy-protective form.
Portability works hand-in-hand with transparency. If some of your data is easy to download and use (portable) but the rest is secret (not transparent), then you are left with an incomplete picture of your relationship with a service. Conversely, if you are able to find out all the information a company has about you (transparent) but have no way to take it and interact with it (not portable), you are denied opportunities to further understand and analyze it.
Companies first should be transparent about the profile data that they collect or generate about you for marketing or advertising purposes, including data from third parties and inferences the company itself makes about you. Comprehensive portability should include this information, too; these data should be just as easy for you to access and use as the information you share voluntarily.
Portability works hand-in-hand with transparency to return power to users.
Both portability and transparency return power to users. For example, a comprehensive download of the data Facebook stores about a user’s browsing habits and advertising preferences might help her reverse-engineer Facebook’s processes for making inferences about users for targeted advertising. Or, in another example, the ability to take complete metadata about one’s music preferences and listening patterns from Spotify to another streaming service might make for a better user experience; Spotify might have figured out over time that you can’t stand a certain genre of music, and your next streaming service can immediately accommodate that too.
Data portability can also work alongside “interoperability.” Interoperability refers to the extent to which one platform’s infrastructure can work with others. In software parlance, interoperability is usually achieved through Application Programming Interfaces (APIs)—interfaces that allow other developers to interact with an existing software service.
This can allow “follow-on innovators” to not only interact with and analyze but also build on existing platforms in ways that benefit users. For example, PadMapper started by organizing data about rental housing pulled from Craigslist posts and presenting it in a useful way; Trillian allowed users to use multiple IM services through the same client and added features like encryption on top of AIM, Skype, and email. On a larger scale, digital interoperability enables decentralized, federated services like email, modern telephony networks, and the World Wide Web.
Depending on the context and platform, data portability is vital but not sufficient for encouraging competition. In many markets, it’s hard for competition to exist without portability, so we must get this part right.
Data portability can support users’ right to “vote with their feet” by leaving a platform or service that isn’t working for them.
But on its own, data portability cannot magically improve competition; the ability to take your data to another service is not helpful if there are no viable competitors. Similarly, data portability cannot fend off increasing centralization as big players buy up or squash smaller competitors. Initiatives like the Data Transfer Project among Facebook, Microsoft, Twitter, and Google could ultimately be important, but won’t meaningfully help competition unless they allow users to move their data beyond a small cabal of incumbent services. Right now they don’t.
Combined with other substantive changes, data portability can support users’ right to “vote with their feet” by leaving a platform or service that isn’t working for them and taking their data and connections to one that does. Making these options real for people can encourage companies to work to keep their users, rather than hold them hostage.