Designing for data portability
These design principles for data portability build on our thinking from exploring open APIs in the telecoms industry:
- Help people understand their own and others’ rights
- Don’t hide portability
- Understand the social context
- Understand who should have control
- Let people delegate control
- Think beyond accounts
- Allow time for groups to make decisions
- Provide ways of resolving disputes
- Minimise or delete data after transfer
- Remember, technology won’t fix everything
1. Help people understand their own and others’ rights
Make people’s rights to portability clear to them. Help people understand what data will and won’t be transferred and empower them to make decisions that are fully informed by the opportunities and risks.
2. Don’t hide data portability
Data portability should be designed into services and based on the needs of the people using it, not hidden away in settings.
3. Understand the social context
Understand who is described in the data, who might have rights over it, who has control and who doesn’t. Also consider if someone might be reliant on someone else to guarantee their rights and how people will be affected if things go wrong.
4. Understand who should have control
Does one person have control by default? When might others need control? How easy is it to give and get control?
5. Let people delegate control
Design services that allow people to give control over data to someone they trust. That could be a colleague, parent, partner or grandchild.
6. Think beyond accounts
People share services and devices, regardless of who is logged in. Accounts do not always mean it is clear who data is about and who has rights over it. More accounts may not be the answer.
7. Allow time for groups to make decisions
Data portability may often be a group decision. As such, it requires time for people to discuss and think through the implications.
8. Provide a way of resolving disputes
People won’t always agree. When people’s rights compete, services should provide a mechanism for mediation. These should be open, fair and understandable to all.
9. Minimise or delete data after transfer
People should be given the option of deleting or minimising data when transferring it to another service.
10. Remember, technology won’t fix everything
Some of the questions data portability raises won’t be answered by more software. It is important to understand when human intervention and mediation may be required.