Vice president and chief privacy officer, policy Erin Egan introduced the white paper in a Newsroom post, writing, “To build portability tools that people can trust and use effectively, online services need clear rules about what kinds of data should be portable and who is responsible for protecting that data as it moves to different services. Although some laws, such as the [European Union’s General Data Protection Regulation and the California Consumer Privacy Act], already guarantee the right to portability, we believe companies and people would benefit from additional guidance about what it means to put those rules into practice.”
The white paper sought answers to the following five questions:
- What is data portability? The term means different things to different people, so Facebook set out to establish a taxonomy enabling people to distinguish between different types of data transfers and determine what is and what isn’t data portability.
- Which data should be portable? The social network explored what it means for someone to port data they have provided to a service and what factors stakeholders should consider in defining the scope of portable data.
- Whose data should be portable? Facebook pointed out that data is often associated with more than one person, offering as examples photos, videos and contact lists. The social network asked, “How can providers ensure that each individual’s rights are accounted for?”
- How should we protect privacy while enabling portability? The company explored which responsibilities transferring companies should bear when people request or receive data transfers, as well as to people whose interests may be implicated by those transfers.
- After people’s data is transferred, who is responsible if the data is misused or improperly protected? Transferring companies, recipient companies, or users themselves?
Egan also described steps that Facebook is already taking on the data portability front, writing, “Data portability has the potential to benefit everyone, from users to startups to established companies. We hope this paper will be the start of a series of conversations with privacy experts, policymakers, regulators and other companies around the globe about how data portability should be implemented to maximize the benefits while mitigating the risks.”
She said that after improving its Download Your Information tool last year, Facebook is exploring what the next generation of data portability tools should look like.
Egan also mentioned the Data Transfer Project, which Facebook joined last July, along with Twitter, Google and Microsoft.
And the company plans to host a global series of roundtables and workshops with policymakers and data portability experts, as well as continuing to contribute to projects such as the U.K. Data Mobility Sandbox and working with experts, nongovernment organizations and governments on related initiatives.