Why Every Site Should Have A Data Portability Policy

Editor’s note: Today the DataPortability Project announces PortabilityPolicy.org – the result of a 16 month effort that it hopes the industry will embrace. This guest post explains what a Portability Policy is, why your site should have a one, and why you should be looking for them. The author, Elias Bizannes, is the chairperson and executive director of the DataPortability Project.

Why Did We Do This?

The software industry is still figuring out the right balance between open and closed, but we at the DataPortability Project believe that communication is the first step.

Tell your visitors what they can expect from you and what you expect from them in return. Your Portability Policy explains the ways that your customers can use the digital “stuff” they’ve entered into your product, including pictures, settings, messages, sounds, lists, or anything else your product manipulates. Can they bring things in? Can they get them out? Can other products use things in-place, or do they need to make copies? Can your product work with stuff that’s hosted someplace else?

What is a Portability Policy?
Your Portability Policy is a plain-language document that tells your visitors what they can easily bring in and take out. Steve Greenberg, chair of the working group that developed the idea, describes it like this: “In the same way that your Privacy Policy tells visitors what you can do with information they provide, your product’s Portability Policy tells visitors what they can do with it. It should be clear enough that an average user can understand, and short enough that people can actually read it.” The new site, PortabilityPolicy.org, contains a series of questions that will help guide you in creating a Portability Policy as well as several samples.

“We need a Creative Commons for EULAs”
Greenberg and his team started with the idea that the existing ToS (terms of service) and EULA (end user licensing agreement) model was broken, and something new was needed.

The model we use for agreements between people and products comes from a time when the average person didn’t need to deal with very many of them. Developing software was complex and expensive so there weren’t that many choices. The cost of networking to move the our digital data around was enormous. The practical outcome was that you didn’t need agreements with many companies, and your data wasn’t moving around very much anyway. Until four or five years ago this was good enough, but it no longer matches how we use our computers today.

Cheap broadband and a new generation of software development tools changed everything. Today you, the user, have a host of choices for pretty much anything you want to do.There’s no more reason why you need one product to provide everything you do online, like you need one grocery store to provide everything you eat.

The long-term goal of the Portability Policy group is to create a range of standard portability terms and license clauses that improve communication between people and service providers. What we are announcing today is a set of questions that sites can answer to explain how people can bring data in and take it out. Our intention is to expand this set of questions through ongoing industry conversation—along with machine-readable text and simplified iconography—so people can determine at a glance whether the product meets their needs, and product owners can be confident that customers really understand and agree to the terms.

The DataPortability Project wants to open and simplify communication so people make informed choices, enabling market forces to help products meet demand more effectively. In the same way the capital markets have a taxonomy and standard form of communciation when companies disclose their financial results, the DataPortability Project advocates a new specificity in the service agreement language. One that enables full understanding of how personal data can be used in the digital age by companies and their websites.

An applied example: Twitter
There are three important things to note about the questions that make up the Portability Policy: there is no right or wrong answer to the questions nor are they binding; a company doesn’t have to answer all of the questions; and a company can respond to each question as much as it wants, as long as it provides the minimum answers required.

So what would it look like if Twitter had a Portability Policy? If they were to be lazy, a bare-bones Portability Policy might look like this:

…and that’s it. All the above answers can be selected from the page with the questions at http://portabilitypolicy.org/questions.html

If Twitter wanted to say more—for whatever reason—they could write more. For example, they might want to expand on what API’s they provide, or discuss the reasons behind their decision to not allow you to reuse your identify from other sites. This is where the design of the Portability Policy shows its value—it’s easy to implement and hurts no company by answering the bare minimum; and at their discretion, they can expand to provide context on their decisions or add additional transparency, in a comparable way to other similar services.

Why Data Portability matters to companies and users
People should have control over their personal information because it will unlock value in their online experiences. But it’s not a zero-sum equation.

Site owners have an economic interest to support the portability of people’s data. For example, imagine you are a social network and your revenue model relies on targeted advertising. What value is there in locking in a user’s data, if the data is wrong? Possession may be nine-tenths of the law, but being a walled garden is not a competitive advantage; sites need ongoing access to—not storage of—a person’s data, as it changes. (I’ve written about this before.)

In fact, a lot more economic value could be created if sites realized the opportunity of an Internet whose sites do not put borders around people’s data. (You can read more about this in my theory about the information value chain.)

Our belief is that Data Portability is a more complex problem culturally than technically. The Portability Policy attempts to help change that culture through better communication.

So how does the Portability Policy help with the goal of giving users more control over their data? We believe sites and their users have a relationship, and the relationship is stronger if the user can trust the website to protect their domain over their data. The more freedom the user has to move data, the more likely the user is to share it. And as users become more knowledgeable about how sites might control their data without their knowledge, the websites that are transparent about data use will stand in the best stead with the public.

What’s next
Among the future work the workgroup will be looking at:

  1. Evolving the questions. What else should we be asking companies to disclose?
  2. Developing icons. How can we communicate the messages more simply?
  3. Machine readable. How can we create more value in the interpretation of the questions by computers?

We are launching the questions today, and we’ve explored uses cases with the machine readable questions like a status bar when you visit a site. Our icons are also being developed, with an example of the direction below.

This is the beginning of the dialogue between portability advocates, companies and users. As websites adopt the Portability Policy, we will evolve the standard questions. For example, our new credit card potability working group is raising awareness on an important issue—but it’s a business-to-business issue and not one relevant to sites that don’t take credit cards. We will incorporate questions that cater to that workgroup’s suggestions in addition to other issues the community brings up. (The Credit Card group previously was an independent effort, and they decided to come under our umbrella to support our broader goals.)

Recommended practices in answering questions will emerge, enabling us to assess websites on an equal basis, comparing them on the key issues that matter for data portability. We believe this is something all companies can easily support with minimal cost, as they gain greater visibility into user expectations and find common ground for communicating with their users.

To help websites adopt a Portability Policy, we are releasing a basic generator that help companies pre-fill a Portability Policy. We’ve also worked with a select few companies as we announce this today to show the diversity of applications. For example, Topguest.com launched the other week and filled out their Policy with minimal effort. Beyond the web, we can point to the .tel domain registry that has implemented a portability policy, and in entertainment we can point to Tubefilter.

This is the start of a conversation and we look forward to hearing how people can help us grow this initiative. For services interested, feel free to contact me or write a message on our community mailing list.