Facebook just released a white paper on data portability

4 min read

Georgia Iacovou

05 Sep 2019

Are they serious, or is this just more privacy posturing?

Data portability is where you can take any data you produce for one service, and move it to another. E.g. taking all data away from Facebook, and putting it into a Facebook alternative so you don’t have to ‘start again’. Data portability is just like an idea that’s been buzzing around for a while now, but no one major really engages in it.

The white paper makes some very good points:

These are fair questions and observations — we should all be thinking about how to solve these problems, of course.

The very point of data portability is to afford more control to the user: 'imposing additional controls' is just another way for Facebook to maintain influence.

The most interesting part of the paper is the fifth question they ask, which has the longest answer. The question is: who is responsible if the data is misused after transfer? They then speculate for many words on how this should be addressed. Here are some of the words:

Apart from these basic steps, the Working Party does not offer guidance on how service providers should protect against misuse by third parties. In conversations with stakeholders, we often hear that transferring service providers should consider imposing additional controls to ensure that recipients process user data with privacy and security in mind.

Pay special attention to the bolded text, because data portability aside, how much do Facebook (who are service provider) protect against misuse of data by third-parties at the moment?

Third-party responsibility is not a data portability problem

If a user wants to transfer their data from Facebook to another Facebook type service, the responsibility flows as so:

  1. Facebook — once the request is made, Facebook’s responsibility is to deliver it to the user and remove all requested data from their servers.
  2. The user now has the data — they can do what they want with it including not even advance to the next step
  3. User puts data into Facebook alternative — this service is now responsible for handling the data appropriately

What the Facebook alternative do with the data is none of Facebook’s concern at all; what Facebook seem to be doing here is over-complicating one of the simplest parts of data portability.

‘Imposing additional controls’ is not necessary, and just another way for Facebook to maintain influence. The very point of data portability is to afford more control to the user so if a service provider starts to have a big say on how and where data is transferred, user control will quickly dissolve.

Why Facebook care so much about who data is transferred to:

This quote from Mark Zuckerberg himself indicates that he has a profound misunderstanding of what data portability really is — whether that misunderstanding is wilful or not is impossible to know.

True data portability should look more like the way people use our platform to sign into an app than the existing ways you can download an archive of your information.

Mark Zuckerberg, in a recent opinion piece

Then the white paper follows this quote with: “In other words, people should be able to transfer their information directly to a provider of their choosing, in a way similar to how people use Facebook Login today.”

They are suggesting that there should be no middle man: Facebook transfers your data to the Facebook alternative, on your request. Moves like that ensure power remains centralised to Facebook, as usual.

True data portability means that there should always be a middle-man: either the user, or some trusted transfer service. But never the service you are making the transfer from.

This white paper follows the Data Transfer Project which Google, Apple and Microsoft are also part of.

the author

Georgia Iacovou

Content Writer, Metomic