Skip to content
GDPR, Data Portability and Data About Multiple PeopleContents

Contents

Close
Principles

Designing for data portability

These design principles for data portability build on our thinking from exploring open APIs in the telecoms industry:

  1. Help people understand their own and others’ rights
  2. Don’t hide portability
  3. Understand the social context
  4. Understand who should have control
  5. Let people delegate control
  6. Think beyond accounts
  7. Allow time for groups to make decisions
  8. Provide ways of resolving disputes
  9. Minimise or delete data after transfer
  10. Remember, technology won’t fix everything

1. Help people understand their own and others’ rights

Make people’s rights to portability clear to them. Help people understand what data will and won’t be transferred and empower them to make decisions that are fully informed by the opportunities and risks.

2. Don’t hide data portability

Data portability should be designed into services and based on the needs of the people using it, not hidden away in settings.

3. Understand the social context

Understand who is described in the data, who might have rights over it, who has control and who doesn’t. Also consider if someone might be reliant on someone else to guarantee their rights and how people will be affected if things go wrong.

4. Understand who should have control

Does one person have control by default? When might others need control? How easy is it to give and get control?

5. Let people delegate control

Design services that allow people to give control over data to someone they trust. That could be a colleague, parent, partner or grandchild.

6. Think beyond accounts

People share services and devices, regardless of who is logged in. Accounts do not always mean it is clear who data is about and who has rights over it. More accounts may not be the answer.

7. Allow time for groups to make decisions

Data portability may often be a group decision. As such, it requires time for people to discuss and think through the implications.

8. Provide a way of resolving disputes

People won’t always agree. When people’s rights compete, services should provide a mechanism for mediation. These should be open, fair and understandable to all.

9. Minimise or delete data after transfer

People should be given the option of deleting or minimising data when transferring it to another service.

10. Remember, technology won’t fix everything

Some of the questions data portability raises won’t be answered by more software. It is important to understand when human intervention and mediation may be required.