DataPortability.org Workgroup is still born

As I write this, the interwebs are kicking off with the news that Plaxo, Facebook, Google and Robert Scoble have joined the DataPortability.org Workgroup. I can hear the cries already. First up Mike Butcher at TechCrunch who in Twitter said this is MASSIVE NEWS and reported that:

As TechCrunch US reports, today Facebook, Google and Plaxo have joined the DataPortability Workgroup, implying that users will soon be allowed to export their contacts from one social network to another, leaving each to compete on their own merits.

Wrong.

Then there's Adam Ostrow at Mashable basically repeating the same story:

In practice, all three of these companies (and presumably the many other big players that will now be forced to join) are currently major competitors, so it is to-be-determined how open things will really become for those of us on the outside.

Also wrong.

In all the discussions around this topic, I have yet to see cogent description about how this is going to work given the data privacy laws that exist around the world. Once again, we have a US centric view of the so-called flat earth that fails to recognize there are real laws with real force that will almost certainly kill this initiative stone dead.

Returning to Thomas Otter's explanation of EU law, from my previous post and in particular his reference to the UK Data Protection Act:

Personal data:

1. Shall be processed fairly and lawfully
2. Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose(s)
3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed”.
4. Shall be accurate and, where necessary, kept up to date.
5. Processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection of the rights and freedoms of data subjects in relation to the processing of personal data.

Laws in other parts of the EU are stiffer. In Germany for example, concern over privacy has stopped the rollout of social networks in certain companies when employees became concerned that their rights under law were under threat as a result of these networks.

What is infinitely more worrying is that the Workgroup has apparently not solicited the membership of a single representative from the enterprise community. Microsoft alone has more right to representation than anyone else with its 500 million desktop application users. SAP, Oracle and IBM, with their many millions of users should also be represented. Instead what do we have?

A rag bag of players misguidedly thinking they are going to sort the problem of portability out on behalf of the rest of us. Over mine and pretty much everyone else I know's dead body. This from my Irregular colleague James Governor and analyst at Redmonk:

I have some issues with the slogan - Sharing is Caring. its not caring if your "friends" don't want their data shared and you do anyway

That's precisely the type of situation against which EU data protection laws are meant to protect its citizens.

I don't believe these people have a clue what they're walking into. It might work in the US, but the US is not the world. The EU matches it by population. India and China eclipses both the EU and US combined by a considerable margin. Where are their voices? Does this group seriously believe they are going to take on the force of law as they thrash out the issues? Assuming of course they're able to come to agreement, something I seriously doubt.

Some will say this thinking is reactionary and irrelevant because the group represents what people want. It's not. It's pragmatic. The moment social networking solutions hit enterprises - and they are - issues around data protection must be considered.  Of course we all want interoperability and of course the notion of data portability makes sense. Progressing the concept of individual attention data ownership is critical and important to the perceived rights of many people. This is not new. But no informal body can hope to achieve anything on this scale without the support of local laws. It sure as heck won't work in the place business wants it to: at the confluence between social graph data, data mining and business processes that are seen as key to driving advertising, let alone other business processes.

In all the talk I've seen, I've not heard a single word that seeks to address this issue. Instead we have a group of self-interested people, blinded by their own evangelical zeal. That's dangerous. The digital socialist cry of 'We the people' may work in some markets but it doesn't work in law. That's why this initiative with all its good intention is effectively stillborn.

PS - as sure as night follows day: Techmeme is all over the story