Establishing trust in data portability - DTI's Trust Model
Our goal at the Data Transfer Initiative is to be the global leader on user-driven, end-to-end data portability. We help shepherd best-in-class open-source portability tools, build resources like Portability Map to engage broader audiences, and offer our support to stakeholders across the ecosystem working on portability in a variety of respects. Our product and policy principles articulate what we believe to be necessary to realize our mission of empowering people through a vibrant ecosystem of safe and secure data transfers.
To that end, I’m pleased to share today a new “beta” version of DTI’s Trust Model. Our initial Trust Model Report, released in March of this year, described the role and nature of trust in the context of data portability, and included in its Appendix an initial, high-level trust model. This “v2” model is intended as an expansion and successor to that Appendix. It offers more granular and specific criteria we believe are important for establishing trust in server-to-server data transfers, derived in part from our own threat model work.
Understanding the intended use of this model is key to understanding its effects. The model is intended to facilitate information sharing to promote trust and mitigate risk in the context of data portability transactions, rather than serve as a litmus test for the establishment of a relationship or to establish a legal contract. Use of a model and shared terms in this broader context is preferable to the use of independent and unconnected mechanisms, particularly in that it facilitates greater neutrality and consistent application of review. That said, we expect organizations to use this Trust Model within the context of their specific needs.
Here are a few additional considerations for proper use of this model:
- The model is intended to facilitate trusted relationships for data portability, not to represent compliance or the ability to comply with any laws, including the EU’s Digital Markets Act.
- Some questions in the model extend beyond regulatory considerations. In this exercise, we chose to err on the side of comprehensiveness, with the intention of global applicability, and in transactions between a wide range of parties.
- Example artifacts listed are *illustrative *examples and are not intended to be exhaustive, or even necessary to address these criteria. In addition, a single artifact (e.g., privacy policy) may apply to multiple criteria.
- Context is key in establishing a trust relationship. Answers that suffice for one context may not for another, such as a more sensitive data type.
- The goal should not be to ‘score 100%’ on this. The model doesn’t require asking specific questions in any or all circumstances; and it includes no thresholds to establish sufficient trust, as such levels are highly contextual.
- The model includes questions regarding the jurisdiction and compliance obligations of the transfer parties. These are meant to provide contextual awareness of the practices in place, not judgmental value nor intended to validate legal compliance.
- Balance is key in all respects. Answers should be as simple and consolidated as possible, such as by providing an established privacy policy. At the same time, there should be room to elaborate and have a dialogue between the transfer parties, where nuance and contextual explanation can help produce trust.
- Relevant risks identified are based upon DTI’s threat/risk model and are not intended to convey a uniform level of risk or any level of risk reduction based on the Trust Model.
Because of the significance of the EU’s DMA as a regulatory instrument, data portability is often viewed from that lens, particularly in policy circles. In many ways, EU to EU transfers between parties that are presumed to be in compliance with the GDPR represent the “easy” case for trust. Things like privacy policies are required, and *prima facie *checks with regard to many of the elements of this model should generally be sufficient, at least in the absence of contrary indications of concern. But the internet is global, and transfer parties have global userbases, and a comprehensive trust model designed to be future-proof yet also allow for tailored application in more straightforward situations is more useful than something specifically designed for the EU context.
We refer to today’s release as a “beta” product in the sense that we do not consider it to be final. Over the coming weeks, we will incorporate additional input and thinking into a final version, to be released in the spring, as we develop future workstreams to promote trust in the data portability ecosystem.
Take a look, and let us know what you think!