Portability in Practice - A Discussion with Google
Recently, I had the pleasure of hosting a “portability in practice” virtual event with Google’s data portability product and engineering leads. Google is one of DTI’s Founding Members, and long before that, was an early leader in implementing data portability, all the way back to the days of the Data Liberation Front. They’re making changes to their data portability Application Programming Interfaces (APIs), and joined DTI and special guest Megan Kirkwood (of Tech Policy Press and author of a recent study on portability solutions) to share updates and take feedback from interested stakeholders.
At DTI, we were eager to hold this conversation in part because it wasn’t focused on legal compliance. Data portability obligations are included in a few legal frameworks in various jurisdictions, notably the European Union’s General Data Protection Regulation and Digital Markets Act. Discussions of whether current practices meet these regulations are increasingly common, not only in official channels hosted by the European Commission, but also in policy think tanks and conferences in many countries.
But regulations don’t exist for themselves – they are adopted to achieve benefits, and in the case of data portability, it’s important to continuously monitor how things are going on the ground. So we invited stakeholders who use Google’s data portability APIs to sit down with us, and with Google, to talk about the latest API changes and help identify key investment priorities to deliver the most portability benefits to end users.
I was pleased by how the discussion went. We had 39 total guests present, including a number of small developers along with teams from DTI and Google. (The event was held under Chatham House rules, so I won’t share the names.) The tone was collaborative and positive as a whole, acknowledging that progress is being made, although there is more to be done. Here’s an overview of key take-aways, specifically with regard to Google’s Data portability APIs and practices:
- Google’s data portability APIs now allow users to specify that third party access be provided one-time, for 30 days, or for 180 days with renewal; these options match three paradigms of use cases for data portability: service switching, trying out a new service, and ongoing use of services in parallel.
- New data minimization features enable developers to select specific time periods for data retrieval (e.g. the most recent 24 hours), rather than needing to download a user’s full data history each time. This feature will improve control and privacy protection for end users.
- Some portability APIs are only available in select jurisdictions, notably the European Union and United Kingdom. The Google team responded that it is exploring additional availability, and does not have a specific timeline at this point for expansion.
- Participants identified some granular concerns with existing feedback mechanisms, such as the desire for clear signals when a portability request fails due to a user’s location, and more information about the decisions each user makes regarding the duration and scope of authorisation. Other considerations raised included data refresh times and error messages related to user account types. The Google engineering team took the feedback and will discuss how best to address it, taking into account a balance of useful information for developers and user privacy considerations.
- Verification remains a significant burden for many organizations seeking to show their eligibility for access to data portability APIs. Google and DTI are currently collaborating on potential options to address these challenges as an extension of DTI’s work on trust. In addition, the Google team noted plans to improve their verification process’s presentation and flow in general, aiming for more automation and immediate feedback.
During the discussion, the Google team greatly appreciated and acknowledged the useful and constructive feedback and shared that they are actively working on improvements related to several of the topics raised. Others, they said they’d take back for more thought. They emphasized that these conversations help them better understand and internalize user priorities and needs, which is essential for driving progress.
Google maintains a public tracker for its data portability APIs and encourages continued feedback to be provided in that channel. And at DTI, we want to hear thoughts and ideas too! As noted, we’re investing actively in becoming a public resource on all matters data portability.