Your personal data is under constant attack. A week doesn't go by without news of yet another massive personal data breach. The only person who can't get at your data, it seems, is you. Google, in partnership with Microsoft, Twitter, and Facebook, will be changing that with the open-source Data Transfer Project (DTP). This project is developing tools that will enable consumers to transfer their data directly from one service to another.
This builds on Google's previous work for transferring data between individual cloud data storage services: Download Your Data, aka Takeout, which users can use to download a machine-readable copy of the data they have stored in over 50 Google products. With Download your Data, you can also transfer your Google Drive files directly to your Dropbox, Box, or MS OneDrive accounts.
Also: 4 tips for making data cleanup easier and more efficient TechRepublic
DTP's goal is to enable a connection between any two public-facing product interfaces for importing and exporting data directly using common application programming interfaces (APIs). The DTP was developed to test concepts and feasibility of transferring specific types of user data between online services.
The DTP will be powered by "adapters" which will convert proprietary data formats into a small number of canonical formats known as "Data Models." Data within these models will then be used to transfer data from system to system.
The data transfer between any two providers will use the providers' existing authorization mechanism. Thus, each provider will still control their service's security.
All individual credentials and user data will be encrypted both in transit and at rest. This will be done with perfect forward secrecy. In this protocol, a new unique key is generated for each transfer.
Even if all this works smoothly, there will be problems. For example, canonical data formats may not mitigate problems such as formatting limitations or inconsistent feature support. On the plus side, DTP's approach is expected to show that a substantial degree of industry-wide data portability can be achieved without dramatic changes to existing products or authorization mechanisms. In short, it makes data transfer easy enough that the DTP companies hope other firms will join them in building export and import functionality into their services.
According to Craig Shank, Microsoft's VP of Corporate Standards, DTP will be designed for users to easily and safely transfer personal data. Specifically:
- Build for users: Data portability tools need to be open and interoperable with industry standards and easy to find, intuitive to use, and readily available for users to easily transfer data between services or download it for their own purposes.
- Use strong privacy and security standards: Providers on each side of the portability transaction need to have strong privacy and security measures to guard against unauthorized access, diversion of data, or other types of fraud. Users need to be told in a clear and concise manner the type and scope of data being transferred, how the data will be used, and the privacy and security practices of the destination service.
- Focus on a user's data, not enterprise data: Data portability needs to focus on data that has utility for the individual user such as content a user creates, imports, or approves for collection or has control over with the data controller service provider. Data portability for organizations are to be controlled by the organizations' own policy over their data.
- Respect everyone: We live in a collaborative world where people connect, share, and create together. Data portability should focus only on providing data that is directly tied to the person requesting the transfer to strike the right balance between portability, privacy, and the benefits of trying a new service. This means the service providers need to make sure that the related private information of people beyond the data subject are respected.
That's all very nice, but let's get down to brass tacks: What can you use this for once DTP is up and running? The DTP developers suggest the following use cases:
- A user discovers a new photo printing service offering beautiful and innovative photo book formats, but their photos are stored in their social media account. With DTP, they could visit a website or app offered by the photo printing service and initiate a transfer directly from their social media platform to the photo book service.
- A company is getting requests from customers who would like to import data from a legacy provider that is going out of business. The legacy provider has limited options for letting customers move their data. The company writes an Adapter for the legacy provider's APS that permits users to transfer data to the company's service, also benefiting other providers that handle the same data type.
- An industry association for supermarkets wants to allow customers to transfer their purchase history from one member grocer to another, so they can get coupons based on buying habits between stores. The Association would do this by hosting an industry-specific Host Platform of the DTP.
These are all excellent suggestions. Now, when can we expect to see it? Good question.
As Brian Willard, Google software engineer, and Greg Fair, Google product manager, point out, "It is very early days for the Data Transfer Project and we encourage the developer community to join us and help extend the platform to support many more data types, service providers, and hosting solutions."
Also: How to become a developer: A cheat sheet TechRepublic
They continued, "The prototype already supports data transfer for several product verticals including: photos, mail, contacts, calendar, and tasks. These are enabled by existing, publicly available APIs from Google, Microsoft, Twitter, Flickr, Instagram, Remember the Milk, and Smugmug." There's clearly a lot of work to be done here still, but these technology powers are off to a good start.
If you want to try it for yourself, you can check out the code via Docker and Code. To get it to work you'll need each service's API keys.
Will other companies support this? That's also an excellent question. Back in the '80s when I was writing C programs instead of technology articles, I worked a lot on data interoperability. It was frustrating. While everyone recognized that open data APIs and formats were a good thing, few companies were willing to expose their data to others.
Perhaps now, when it is clear that the open-source approach is the best way to create programs, companies will be more willing to entertain the notion that sharing data with users can work to their benefit as well.