An open source initiative by major tech companies will allow users to transfer data in and out of participating providers with the Data Transfer Project (DTP).
Thanks to the General Data Protection Regulation, a legal regulation by the European Union that sets guidelines for the collection and processing of users’ personal information by companies—many online services have started providing tools that allow their users to download their data in just one click.
Now the process of moving data is being further simplified by creating a platform where users can transfer photos, playlists and other data with one click.
Here are some simple use-case examples DTP developers shared to describe the use of this new platform:
- Trying out a new service — A user discovers a new photo printing service offering beautiful and innovative photo book formats, but their photos are stored in their social media account. With DTP, they’d visit a site or app offered by photo printing service and initiate a transfer directly from their social media account to the photo book service.
- Backing up your data — A user in a low-bandwidth area has been working with an architect on graphics and drawings for a new house. At the end of the project, they want to transfer all their files from a shared storage system to the user’s cloud storage service. They can simply go to the cloud storage Data Transfer Project User Interface (UI) and move hundreds of large files directly, without straining their bandwidth.
In the hypothetical example below, a Google Photos user wants to move their photos from Google to Microsoft OneDrive. They go to Google’s file transfer interface, choose the destination, and hit ‘send.’ They then must authorize the transfer using both services’ chosen methods, in this case OAuth. The selected files are automatically copied and routed to the destination, without using either bandwidth or hardware of the user.
Creators of the DTP believe that users should be able to seamlessly and securely transfer their data directly from one provider to another:
Our vision for this project is that it will enable a connection between any two public-facing product interfaces for importing and exporting data directly. This is especially important for users in emerging markets, or on slow or metered connections, as our project does not require a user to upload and download the data over what may be low bandwidth connections and at potentially significant personal expense.
The DTP is powered by an ecosystem of adapters that convert a range of proprietary formats into a small number of canonical formats (Data Models) useful for transferring data. This allows data transfer between any two providers using the provider’s existing authorization mechanism, and allows each provider to maintain control over the security of their service. This also adds to the sustainability of the ecosystem, since companies can attract new customers, or build a user base for new products, by supporting and maintaining the ability to easily import and export a user’s data.
Transferring data using canonical formats will not necessarily mitigate problems such as
formatting limitations or inconsistent feature support. However, the approach illustrates that a substantial degree of industry-wide data portability can be achieved without dramatic changes to existing products or authorization mechanisms, while still providing a flexible enough platform to adapt and expand to support new formats and use cases brought by future innovation. Additionally, the Data Transfer Project has been developed to increase participation by motivating providers to build both export and import functionality into their services.
Security & Privacy
The security and privacy of user data is a foundational principle of the Data Transfer Project. Because there are multiple parties involved in the data transfer (the user, Hosting Entity, providers, and Contributors) no one person or entity can fully ensure the security and privacy of the entire system. Instead, responsibility is shared among all the participants. Here are some of the responsibilities and leading practices that contribute to the security and privacy of the DTP.
When transferring data between providers, data minimization should be practiced. Practically this means that the receiving provider should only process and retain the minimum set of data for the individual that is needed to provide their service. The sending provider should provide all needed information, but no more.
The Hosting Entity should configure their Host Platform to notify the user that a data transfer has been initiated by the user. Ideally, the user of the source and destination account are the same. However, user notification is designed to help protect against situations where that is not the case, and so notifications alerting the user of the transfer request should be sent to both the source account and the destination account. Depending on the sensitivity of the data being transferred, the Hosting Entity should consider delaying the start of the transfer so that the user has the opportunity to cancel the transfer after receiving the notification.
In a blog post, Microsoft called for more companies to sign onto the new effort, adding that “portability and interoperability are central to cloud innovation and competition.”
“For people on slow or low bandwidth connections, service-to-service portability will be especially important where infrastructure constraints and expense make importing and exporting data to or from the user’s system impractical if not nearly impossible,” Microsoft said.
It should be noted that the Data Transfer Project could have some serious implications for smaller service providers participating in the project, making it easier for their customers to leave and join services from popular brands with lucrative offers or free services.