Three months after the enforcement of the EU General Data Protection Regulation (GDPR), we spent 2 hours co-chairing a participatory session on the current state of implementation of the Data Portability Right.
The session was part of a larger track of events at the MyData conference (https://mydata2018.org/programme/), focusing on this fundamental GDPR right and spanning from panels exploring the risks and opportunities of it, to talks covering more technical aspects and currently available tools.
Instead of listening to service providers talk about their implementation of the data portability, the session was intended to make participants talk and share their experience as beneficiaries of such right.
To drive the discussions of the participants who joined us we framed the session around three main questions:
- Which services are you aware of, which are offering data portability?
- Have you executed your data portability right? What was your experience?
- How would your perfect data portability service look like?
Below is the main conclusion of our discussions.
“What we got so far, it’s data portability 1.0.”
All the major social platforms are offering data portability functions. This includes Google Takeouts, Facebook, Twitter, Instagram, Snapchat, Viber and Whatsapp.
Some of these functions were always there or at least since before the GDPR enforcement. Nevertheless, in some case they still remain hidden, unknown to the users, difficult to find.
At the same time, some third party tools have emerged. Synchronos offers a commercial tool and cloud space to save your ported data. Differently from Synchronos, two other projects: the Data Access and Fair&Smart are instead trying to lower the barriers for the users to execute their portability rights, acting as agents helping them to find data portability functions within their services or to fire data portability requests when these tools are not available. When portability requests are satisfied they provide cloud space to host the users ported data.
Beyond the existing landscape, when it was time to evaluate how data portability is currently implemented by the major internet providers, consensus was that these tools are still hidden or not existent and that so far their perceived value, beyond compliance, remains small. From an end-user perspective, portability involves raw data, which are not meaningful, difficult to understand or re-use.
Taking it from there, we asked the participants what the reason could be for such an approach to data portability, from a service provider perspective. Among others, we concluded that data portability, if made too easy, beyond simple compliance, can lead to customer churn. A risk more than an opportunity.
We agreed that we are living in the era of Data Portability 1.0 or more properly data download-ability. As a result, users feel they got control of their data if the can download them, but still they don’t perceive any additional empowerment if they can’t easily re-use them.
“Users now urge to have access to Data Portability 2.0.”
This requires the possibility to seamlessly move their data from one service to another. This shouldn’t only make it easier to onboard users on new competitive services, but rather help in creating a better knowledge of the given subject to other complementary services. This will not only stimulates current businesses to acquire customers from competitors, but rather offer them the opportunity to create enhanced services, identify new markets and make efficient re-use of existing data.
While achieving this requires to first identify new business models around compliant re-use of data for new purposes, from a technology point of view, it requires interoperable interfaces.
This is indeed something that the Google Transfer Project is aiming to build. Open source tools and interface that if implemented, allow businesses to provide data portability in a way that their customers can not only move their data out seamlessly, but also transfer it into another service.
We agree that this could be the main driver for organizations to simplify data portability, not for the sake of making it easier to export the data they have, but rather to import those data that their customers have on other platforms. This way data portability finally becomes an opportunity rather than a threat.
After we understood what the real meaning of data portability should be, we concluded our discussion by exploring what desirable features any Data Portability 2.0 tools should have from a user perspective.
“Data Portability 2.0 must build on simple to understand and simple to use User Interfaces.”
Users demand for interfaces where services from and to which to port their data (including also personal data stores) could be easily selected and connected. A dashboard should allow users to track and record previous data portability requests (IMO DLTs and Personal Data Receipts can indeed play a role here too in order to increase transparency), and in future also allow to manage erasure of data.
But most importantly, Data Portability 2.0 (DP 2.0) should offer granularity. Users should be able to select at the level of single data category, which data to port and where and not only be offered the full bundle of data or nothing.
We hope that this user perspective on data portability will open up new innovation opportunities. If you share the same or different opinions on this topic and are interested in discussing it more, do get in touch with us.