Data portability can be understood as the ability to move, copy or transfer datasets easily from one database, storage or IT environment to another without changing their content. The necessity to move data in proper format applies to both cloud and on premises systems. With many businesses moving to cloud, secure data transfer is a major challenge. Concerns like, will their cloud-hosted applications and services function as intended after data transfer? Will the data be protected with same level of privacy? are prominent. The need for interoperability will influence privacy regulations and data protection frameworks. Interoperable formats include JSON (JavaScript Object Notation), XML (Extensible Markup Language), CSV (Comma-Separated Values): text files with data-elements separated by comma such as spreadsheets.
Data portability helps not only the customers but also your organization. It is a key concept to leverage the benefits provided by hybrid and multi-cloud architectures. As consumers, it is their right to use and move personal information between different entities and platforms for several benefits like moving data in required format to a provider who offers discounted compute resources, being able to use a different provider in situations where there are various issues with the current one.
Data Portability Regulations
Data Portability is defined in several regulatory law templates: General Data Protection Regulation (GDPR) which is a European Union’s information protection and privacy law, the California Consumer Privacy Act(CCPA) to name a few. Data Portability applies to any information which can identify a specific individual. Such information is referred to as personally identifiable information (PII), Examples of PII are:
- Name
- Address
- Phone Number
- Passport Number
- Email Address
- Social Security Number
The enforcement of such regulations makes it mandatory for companies to deal with data management and protection issues. These regulations specify the requirements for managing and transferring the PII of citizens. According to GDPR, personal data also includes:
- Location data
- Browsing history
- Online identifiers including IP address
- Health Information
- Socio-Economic / Cultural identity of a person
How to achieve Data Portability
It is important for the businesses to find ways to securely transfer sensitive consumer data. ‘Proposed regulations’ was passed by The California Attorney General as a guide on how to transfer sensitive data in a secure way : “If a business maintains a password-protected account with the consumer, it may comply with a request to know by using a secure self-service portal for consumers to access, view, and receive a portable copy of their personal information if the portal fully discloses the personal information that the consumer is entitled to under the CCPA and these regulations, uses reasonable data security controls, and complies with the verification requirements set forth in Article 4.”
Data Transfer Project (DTP) is an open source, service-to-service program founded by Google that allows data portability between many online platforms. Other members of this program are Apple, Facebook, Microsoft and Twitter. This program enables user-initiated data portability between any two online service providers.
Data Portability under India’s Personal Data Protection Bill
The Competition Commission of India has been actively monitoring emerging trends in the digital sector to ensure competitiveness. With the growing significance of consumer data, it becomes imperative to consider data privacy and the challenges that come with it. The Personal Data Protection Bill proposed in 2019 is an effort to build a robust data protection regime. The bill aims to comprise user’s right to port data which is an important aspect in the digital markets. Recently a report was presented by The Joint Parliamentary Committee on the bill which includes recommendations on how portability should be interpreted in the digital sector.
There is a long way to go considering the many technical barriers to data portability. But once these issues are taken care of, it won’t be long before data portability becomes the standard. Establishing a digital environment where no single organization has complete control over user data is important. Thus, data portability will ensure improved data privacy and security.
