Q: What are some use cases for data portability?

There are many use cases for users porting data directly between services, some we know about today, and some we have yet to discover. A couple of examples of ones we know users want today are:

Creating online backups for bulk personal data — Getting a backup of years’ worth of photos and videos, in case anything goes wrong with an account or a service, is a precaution many people can’t afford to take if local storage must be involved. Backups to online cloud backup service ought to be widely available and easy to use.

Trying out a new service — Whether a user is moving an album worth of photos to an album printer, or testing a new music service or a service to track everything they read, it should be possible to port some or all of one’s photos, playlists or reading history to try out the new service.

Leaving a service — A home-owner in a low-bandwidth area has been working with architects who have developed detailed drawings and plans for new buildings. When the project is over, there should be an easy way that doesn’t consume all the home-owner’s bandwidth to transfer the large project files to long-term cloud storage.

Q: What kinds of data can be transferred through DTP?

The terms of each organization’s API determine the data types that can be transferred between providers. This ordinarily includes data stored in a specific users’s account, but may not be limited to that data, depending on the organizations involved. Additional or substitute functionality outside of the Data Transfer Project would be necessary for data transfers requiring particularly high integrity (e.g. health records).

Q: Who is responsible for protecting data before, during, and after the transfer takes place?

Each organization is responsible for securing and protecting the data stored on its platform, regardless of whether it is supporting a transfer out or receiving a transfer from another organization. Generally, this includes established practices in securing access, authorization, and authentication to public APIs or other mechanisms. Additionally, this includes writing and enforcing policies governing access to that information through an API or other mechanism. Those specific terms govern the conditions of transferring data into or out of each provider. Additionally, there are baseline security requirements detailed in the White Paper, such as encryption in transit, that should always be adhered to.

Q: When data is transferred, do contributors to DTP or partners of the Data Transfer Initiative all get a copy?

No, when a user initiates a data transfer, their encrypted information flows from one provider directly to another that is chosen by the user. Only the source service, the destination service (and hosting provider, if it is not the source or destination service) have access to the data. No other contributors or 3rd parties have access to a copy of the data as part of the transfer.

Q: Are there common standards by which contributors to the Data Transfer Project should abide in performing transfers?

As described in the white paper, DTP adheres to the following principles:

We believe the following principles around interoperability and portability of data promote user choice and encourage responsible product development, maximizing the benefits to users and mitigating the potential drawbacks.