Data Portability: Carefully Chipping Away at the Garden Walls

A lot of effort in recent months has been expended toward something people are calling “data portability.” Just about everywhere you look; you’ll bump into people pontificating about it. In case you’ve been out of the loop (perhaps hiking in the Himalayas), you can run the term through your favorite search engine to pull back numerous articles and blog posts on the subject. You might even want to dip into the Twitter and FriendFeed streams to see the ebb and flow of the micro debate.

Much of the popular parlance around the portability of user data between sites was brought to the foreground by the DataPortability Project. The project, founded as a workgroup in 2007, was quickly picked up by others working in the field of social networking. It is a group run by volunteers helping to define a shared understanding of and implementation stack for making the promise of data portability a reality.

Not the Only Game in Town

While the DataPortability Project widely popularized the term, there are a number of workgroups, foundations and corporate-sponsored initiatives contributing to the same end goal. In fact, many of them predate the DataPortabilty Project itself, and their own momentum helped propel the concept into the mainstream. Most of the initiatives share the same core belief that users should have ultimate control over their own data, but each has its own unique approach. The rapid proliferation of the term in various contexts, however, clouded how this core belief is converted into something actionable. The confusion extends beyond the casual observer to the active participants as well.

To provide some visibility into the initiatives running loosely under the data portability banner, we can touch on a few of the more visible ones. These range from user advocacy groups, to technical specification committees, to companies developing software solutions. First, we should start with the familiar names like Google, MySpace, Facebook, Twitter and Yahoo.

• Data Availability — Data Availability is a set of open, standards-based APIs (application programming interfaces) for use within the MySpace Developer Platform to access features common to social networking sites. The Data Availability initiative was announced as working with Yahoo, eBay, Twitter, and Photobucket.
• Google Friend Connect — Google Friend Connect is a widget-based mechanism by which developers can add access to common social features within their Web site. After signing in with an OpenID, users can interact with other users in their social network using the widget embedded in the enabled site.
• Facebook Connect — Facebook Connect adds the ability for users to link their Facebook identity and friends to sites that leverage the Facebook Platform API. The end result of the connection is the ability to link your Facebook social graph with your social network on a third-party site.

What’s probably obvious from this short list is that each relies on developers implementing their own (often proprietary) APIs. Even though there is a promise of them being interoperable, it’s not necessarily a goal of the big players to ensure that’s the case. There is one stand-out trying to bridge this divide: OpenSocial

OpenSocial defines a set of APIs for use by social applications to connect users across various Web sites. Developers can leverage the common APIs to allow data to flow between enabled sites’ friendship networks and update feeds. The vision and specifications are managed by the OpenSocial Foundation, a non-profit entity jointly operated by Yahoo, MySpace and Google. According to their charter, “the OpenSocial Foundation is to ensure the sustainable and open development of the OpenSocial initiative and related intellectual property.”

Toward Open Standards

They’re still in the early days, but this approach has promise. The key is their stated commitment to open standards that isn’t tethered to a specific site. While the other implementations are more geared toward allowing off-site access to on-site services, OpenSocial promises a framework for the development of decentralized offerings.

The digital elephant in the midst of these discussions, however, is the “policy question.” A lot of the work being done to enable data portability centers on the technology solutions. Just as important, if not more so, are the questions about the “ownership” of and “access rights” to the user’s data.

Most social network users are familiar with the methods for connecting their various identities across them by entering their account names or feed links into other systems. What’s probably not as obvious is that in a lot of these cases, the Terms of Service (TOS) for the sites are likely to be incompatible. Just because it’s technically possible to feed your data from one system to another, you may be in violation of the TOS you agreed to when signing up for that site. Evaluation of the Data Availability TOS, for example, uncovers the fact that while you can access the data in MySpace, you’re not allowed to do anything other than display it.

Unfortunately, this is an area of exploration that needs a lot more thought. Just as it took a long time to line up compatible open source licensing models, it’s likely that the coming wave of data portability standards will need to grapple with this issue as well. Not only will the development community need to settle on a set of common, interoperable technology standards, they’ll also need to be cognizant of the rights associated with their use.

It probably goes without saying, but it will be difficult to accept a solution to the TOS conundrum that comes out of a single company. Instead, the most viable solution may come from one of the many initiatives working in the data portability universe. These largely open groups are working hard to think through many of the complicated issues that are required to deliver on the complete promise of true data portability that is under the control of the user. Further, some of them include representation by multiple larger companies providing input alongside those of the open community.

Among the groups worth watching are the following:

• DataPortability Project — Working to codify and advocate for the interoperability of user-controlled solutions for the sharing of their data.
• Identity Commons — Working on the social, legal and technical issues involved in managing your online identity.
• Project VRM — Working on codifying the user’s control over their relationships as customers with vendors.
• Liberty Alliance — An organization developing solutions based on open standards where users can conduct online transactions while protecting the privacy and security of their identity.

Open Web Foundation — An independent, non-profit organization developing and protecting open, non-proprietary specifications for Web technologies.

At the end of all this, the goal is to realize the central actor in the social network play is the user. The walls around the traditional gardens are becoming more transparent, but it’s still unclear who should ultimately be in control of the data. It’s the goal of the overall data portability community to establish the primacy of the users, and empower developers with the tools to realize the value in their portability. These tools will come in the form of software for developers and policies that govern their use.