Posted on: Monday 29th of July 2019
One of the most important ways we can respect people’s rights to their own data is to give them control over it. This means making sure they have a way to move their information from one service to another — this is the principle of data portability. As Mark Zuckerberg noted in a recent op-ed on regulation, data portability “gives people choice and enables developers to innovate and compete.”
Putting data portability into practice, in a way that ensures data can be ported safely and securely at the individual’s command, is still being explored by companies and regulators. It can also take many forms. It can simply involve the bilateral transfer of data from one service provider directly to another. But it could also enable someone to port their data “multilaterally,” from and to multiple different providers, which we describe as “data mobility.” In the data mobility model, people can use what’s known as a data facilitator or personal information management service, which serves as a secure central hub where they can consolidate, control, and combine information from multiple sources, including social networks, financial institutions or health services. This gives people the option to use their information in a controlled manner with a variety of services they choose. What new experiences could people enjoy if they could securely combine, for example, data about their social media interests and their health goals and port that onto a new social fitness app?
We’ve been exploring the data mobility model for data portability as part of the Data Mobility Infrastructure Sandbox. The Sandbox is a project organized by Ctrl-Shift, a UK-based business innovation consultancy specialising in the strategic value of trusted personal data, in partnership with the UK government, civil society and other companies, that explores whether the current infrastructure through which people can choose to share their data with services through a data facilitator is safe, protects and respects people’s data protection rights, and can provide them with legitimate value. Ctrl-Shift published a report on the Sandbox’s findings last month.
Over the last six months, Data Mobility Infrastructure Sandbox participants have 1) examined the end-to-end system design and security of a data mobility model facilitated by a personal information management system; 2) worked with users to understand their experience porting data and identify gaps in privacy and security controls that might reduce their interest in data portability; and 3) worked with developers and non-profits to understand the value they might provide if they had access to data through a data mobility system.
The Sandbox report details where the data mobility model already has the right approach to encouraging safe data sharing by people, identifies a number of gaps that need to be addressed to ensure data is protected by facilitators and recipients, and begins to chart a path forward for a model of data mobility that both protects individuals and generates tangible benefits for them and businesses. We look forward to continuing this collaboration as part of our ongoing exploration of ways to facilitate data portability for our users.
Stephen Deadman, Data Protection Officer, Facebook