Doing Data Portability Right
Users of online services want active control over the information they share with those services. They want to ensure their information is protected and secure, and that it can also go with them should they choose a new or competing service. Data portability—the capability to migrate personal data you’ve shared with one service to another—is regularly suggested as a potential solution to these concerns. Thoughtfully designed portability and interoperability can strengthen user choice and control; however, if not approached in a thoughtful manner, data portability and interoperability can be in tension with users’ interest in privacy, security, and marketplace competition.
Everyone Wants Data Portability
Legislators, regulators, technologists, companies, and civil society all have ideas on how to tackle data portability. Two weeks ago Facebook asked experts Kevin Bankston, Mark Jamison, former FTC Commissioner Terrell McSweeny, and Nico van Eijk to share their perspectives on how Facebook and other companies should protect privacy while allowing users to share information between apps and services. Bankston in particular offers three suggestions that set out the challenges of data portability and interoperability: (1) set clear technical standards that everyone can adhere to; (2) solve the “graph portability problem”; and (3) allow interoperability as well as data portability for competitive apps.
Numerous stakeholders, including CCIA, recently filed comments with the FTC which detail the complicated technical and competitive factors evident in the conversation around data portability, interoperability, privacy, and security. Chief among those factors is determining the appropriate scope of data made portable and the extent of interoperability for particular services, which are indicators for the policy aims advocates for data portability are seeking to achieve.
The Interoperability Spectrum
At one end of the interoperability spectrum, data portability tools can be tuned to provide users with more control over the information they share with services. These sorts of data portability tools allow users to move the data they have shared with one service to another at the user’s direction. Because of the limited amount of data that is exposed to a new system (belonging just to one user), and the low frequency of connection to a new service, the privacy and security risks to the user and others are also limited.
At the other end, data portability tools with more comprehensive access to users’ shared data and more interoperability between services can lead to broader privacy concerns, reduce system security, and have unforeseen competitive consequences. Proponents of such mechanisms should be clear about the goals they wish to achieve and confident that they will achieve them, as the trade-offs for users can be substantial.
It is axiomatic in system design that the risk of inadvertent disclosure or data leakage through vulnerabilities increases when there are more ways to access data. Making independently designed systems interoperable at scale means that there are more ways to access data—and not just for the intended parties. Further, the greater the volume of data and variation in its original source, the greater the privacy and security risks to users and services.
The graph portability problem that Bankston describes exemplifies these risks in the social media context. A user’s “social graph” is the intricate map of the connections between the information they provide to a service, their interactions with other users on that service, and their interactions with the service itself. It could include information that is shared with or belongs to friends or third parties (including photos, group memberships, contact information, event participation, and more). Tools that allow users to migrate their complete social graph implicate the privacy of other users whose social graphs overlap and interconnect. What friend wants their information on a service they don’t necessarily trust or with which they haven’t willingly shared?
More generally, increasing the scope of portable data could also expose analytic information containing valuable insights generated by a service—insights that could eventually lead to innovative new features or more efficient operation. Inadvertent or intentional access to these insights could allow some companies to duplicate the features of others, reducing the incentive of companies to innovate.
Extensive interoperability between a service and its competitors can also cause prohibitive technical and competition issues. For example, new or smaller companies might be unable to match the transfer capabilities of incumbents, to the detriment of their ability to deliver their own services. Frequent automated collaboration could also lead to inadvertent collusion and information sharing between interoperable services. So while it might seem tempting to use data portability and interoperability as a means to ensure smaller companies and startups can compete with incumbents, that is not a guaranteed result.
Developing Proper Interoperability
These potential pitfalls do not mean that data portability and interoperability are unrealistic aims. Rather, they point to principles that can help ensure that these risks are mitigated and consumers are empowered. In particular, data portability tools should: (1) allow users to move data they have provided to a service, but not data that may relate to other users; (2) afford consumers control over how and when the tools are used; and (3) be tailored to the privacy and security expectations of specific products and services. The Data Transfer Project, a joint effort by Facebook, Google, Microsoft, and Twitter, among others, to create a common, open-source technical framework capable of securely transferring a user’s data from one service to another at the direction of that user, is one such tool that fulfills these criteria.
Thoughtfully designed interoperability between services is an important means of enhancing user choice and control, but to ensure data transfers between systems are private, secure, and balanced, data portability tools should be voluntary, industry-developed, and responsive to actual consumer needs.
Ethan is a Research Fellow for CCIA