By Erin Egan, Vice President and Chief Privacy Officer, Policy
At Facebook, we believe that part of having a free and open internet means that people should be able to share their data with the apps or services they like most. As our CEO Mark Zuckerberg recently said, if you share data with one service, you should be able to move it to another. This gives people control and choice, while also promoting innovation. That’s why we support the principle of data portability.
For almost a decade, we have enabled people to download their information from Facebook, and we recently improved our tools to make it easier to take that information to another service. But we’re confident we can offer people even more control through a new generation of data portability tools that protect privacy and support innovation. To do that, however, we and other online services need to demonstrate to people that they can trust their data will be protected as they move it among different services.
To build portability tools people can trust and use effectively, online services need clear rules about what kinds of data should be portable and who is responsible for protecting that data as it moves to different services. Although some laws, such as the GDPR and CCPA, already guarantee the right to portability, we believe companies and people would benefit from additional guidance about what it means to put those rules into practice.
Unpacking Data Portability
That’s why, today, we’re publishing a white paper that sets forth five questions about data portability and privacy that we hope will help advance a global conversation about what it means to build privacy-protective data portability. These are complex questions and we hope to make a small contribution to the thought and research from privacy experts, think tanks and regulators already working on data portability.
The paper can be downloaded here.
We hope that it will help identify the issues we and others are facing — and offer some ideas on how to overcome them.
- What is data portability? Even though “data portability” is already written into laws in some places, the concept still means different things to different people. We try to set out a taxonomy for distinguishing between different types of data transfers with the aim of identifying what is — and isn’t — “data portability.”
- Which data should be portable? We discuss different takes on what it means for a person to port the data they have “provided” to a service and what factors stakeholders should consider in defining the scope of portable data.
- Whose data should be portable? Data is often associated with more than one person in digital services, like photos, videos and contact lists. Should transferring companies limit data portability in those cases? How can providers ensure that each individual’s rights are accounted for?
- How should we protect privacy while enabling portability? What responsibilities, if any, should transferring companies have with respect to people requesting or receiving data transfers and people whose interests may be implicated by a transfer?
- After people’s data is transferred, who is responsible if the data is misused or improperly protected? Should transferring or recipient companies be accountable? Should users themselves be responsible for issues that affect their (or their friends’) data?
Data portability has the potential to benefit everyone, from users to startups to established companies. We hope this paper will be the start of a series of conversations with privacy experts, policymakers, regulators and other companies around the globe about how data portability should be implemented to maximize the benefits while mitigating the risks.
But we’re not just asking questions. While we look forward to working with others to develop rules of the road, there are a number of steps we’re already taking:
- Exploring future portability tools. In 2018, we improved our data portability tool, Download Your Information. We’re now exploring what the next generation of portability tools should look like.
- Developing new standards as part of the Data Transfer Project. In 2018, we joined Google, Microsoft and Twitter on the Data Transfer Project to find a common way for people to transfer their information whenever they want. Since then, companies such as Apple have joined our effort.
- Hosting conversations with experts and policymakers around the world. We’ll host and join a series of roundtables and workshops with policymakers and experts on data portability around the world — from Washington, DC, to Singapore, Buenos Aires, and Berlin — to move forward on regulation. In these workshops, we will draw on the lessons from our global Trust, Transparency and Control Design Jam series to explore options for new data portability tools. We hope others will join these conversations.
- Contributing to innovative projects such as the UK Data Mobility Sandbox. Globally, we’re working with experts, NGOs, and governments on initiatives aimed at answering some of the questions raised in our paper.