Difference between revisions of "Data Portability"

What is Data Portability^[1]

Data Portability is the concept that the users or owners of a given dataset should be able to easily move or copy this data between different software applications, platforms, services, and computing environments. The term “data portability” actually encompasses two related, but separate, issues:

• First, organizations should be able to easily import and export the data they collect and store, converting between different formats and standards if necessary.
• Second, individuals should have the right to migrate their personal data between different providers or data processors.

In general, the second concept of data portability (which is more philosophical) depends on the first (which is more technical). To provide consumers with their personal data, organizations must be able to efficiently migrate this data between different IT environments in the first place.

The rise of cloud computing services has heightened technical concerns about data portability. In particular, many organizations are worried about potential “vendor lock-in,” where users feel stuck or trapped with a particular IT provider because of the costs of migrating their data to another provider. For example, an IT provider may store data in a proprietary format that makes it difficult to convert to another, more usable format.

What is the Right to Data Portability^[2]

The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used, and machine-readable format. It also gives them the right to request that a controller transmits this data directly to another controller.

The right to data portability entitles an individual to:

• receive a copy of their personal data; and/or
• have their personal data transmitted from one controller to another controller.

Individuals have the right to receive their personal data and store it for further personal use. This allows the individual to manage and reuse their personal data. For example, an individual wants to retrieve their contact list from a webmail application to build a wedding list or to store their data in a personal data store.

The right to data portability only applies when:

• the lawful basis for processing this information is consent or for the performance of a contract; and
• when carrying out the processing by automated means (ie excluding paper files).

At a Glance

• The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
• It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
• Doing this enables individuals to take advantage of applications and services that can use this data to find them a better deal or help them understand their spending habits.
• The right only applies to information an individual has provided to a controller.
• Some organizations in the UK already offer data portability through midata and similar initiatives which allow individuals to view, access, and use their personal consumption and transaction data in a way that is portable and safe.

The Importance of Data Portability^[3]

Data portability has become commonplace - although not universal - among applications designed for use on many vendors' personal computers (PCs) and servers. The same cannot yet be said for Cloud Service Providers (CSPs). As more organizations move data and data processing to cloud services, a lack of data portability can cause problems if, for example, customers want to move data from one cloud platform to another or change their service provider.

• Different CSPs commonly have proprietary data formats, templates, and related parameters that can lock users into specific platforms. Often, these formats are not standardized, making data portability difficult. According to the Institute of Electrical and Electronics Engineers (IEEE), cloud interoperability and data portability are major challenges for enterprise adoption of cloud computing services.
• For consumers, data portability lets people easily coordinate the personal data they keep on multiple social networking sites. On social networking sites, such as Facebook, LinkedIn, and Twitter, users can share their contacts, posts, photos, videos, sound clips and personal or professional information across the various platforms. In that way, users know their data is current and consistent, without having to modify the content on each service's site. Users can, of course, opt out of this data-sharing feature if they want to show different portfolios on different services.
• In 2010, Facebook improved its data portability with a feature that lets users download all their network content as a single zipped file for viewing with a browser offline. This feature helps users to keep track of their data without fear that crackers might permanently alter or destroy it. The downloading feature backs up the data so it can be easily replaced in the event of a network failure causing data loss in the cloud. If the network has an outage or some other problem, users can simply upload their backed-up data to replace the damaged network data.
• Data portability provides users of social networking services with added convenience when different services allow reciprocal access to first-party data. For example, a user on Facebook may import contacts from Google's Gmail email service. In a perfect world, all social networking services would allow users to freely and easily migrate data among them. Things haven't worked out that way. Instead, services sometimes take a territorial attitude toward user data.
• Without data portability, a person's data is accessible only through the platform where it is stored. Such a siloed approach to data can result in vendor lock-in, inaccessible data, and even data quality issues.

Data Portability and the Cloud^[4]

Data portability is crucial in the cloud. Before the cloud, most of your personal data was on your hard drive: the only thing that had to care about was to use standard format for storing data, or importing/exporting them. But with the cloud, the data storage layer is not under your control any longer. You not only need to import/export this data in a seamless way, but you have to move data through the cloud. Of course, this standardization principle applies to all kind of data, but in the case of personal data, those data movements must be driven by the data subject, rather than the data controller..

Think tanks and industry trailblazers have long collaborated to bring about benefits of standardization. One great use case is TCP/IP—the protocol upon which the internet agreed to grow. By standardizing data portability, new products can be developed around a universal method for plugging and unplugging user data.

But to reach the Eden of secure data portability, developers and organizations must first meet the storage and security problems the cloud presents. These include but aren’t limited to:

• Security — Portable data presents challenges to organizations on two fronts. First, the incoming data must be thoroughly inspected and validated as safe before it is ingested into a network. Second, businesses must ensure safe delivery of outgoing data packages to counterpart networks. Each stage of these transaction points present compliance exposure, so security is paramount to efficient portability.
• Communication with destination applications — Compliance regulations can make for strange bedfellows. Rather than their normal practices of secretly innovating their products to gain advantage in the marketplace, competitors must now devote a portion of their resources to working together to ensure their applications can talk at least enough for data portability. In many organizations this will require at least a partial philosophical shift.
• Balancing portability against innovation — While changing standards make increased communication between competitors necessary, ever-changing applications, especially in a continuous delivery model, will constantly change or enhance the way they handle data. This will create additional data handling fields that won’t match up across the spectrum of service providers, and standards will be needed for separating companies’ intellectual property from the customer right to portability.

As organizations look to a future that will exist almost entirely in the cloud, international standards for data portability must be at the forefront of development planning. Failing to plan to provide customers with the right to portability is guaranteeing a cumbersome, potentially expensive problem in the near future.

See Also

References