Summary and recommendations

Competition, innovation and trust

Data portability has the potential to empower people as groups, as well as individuals. The ability to transfer data easily between services could open up markets and broaden consumer choice. It can also make a range of things that are currently difficult a lot easier, from switching a home’s energy supplier to managing family bills.

Forward-thinking organisations could also use data portability to invent completely new services. Our prototype DietScan is one such example that could help families live a healthier lifestyle.

However, new services that allow data portability need to make sure they are respectful of people’s rights. If they don’t, they risk losing the trust of their users.

As such, digital rights need to be considered from the outset to create services people can trust and make the most of the opportunity that data portability presents.

Designing services for groups

We believe a new approach to service design is required: one that considers the needs and relationships of multiple people from the outset. This doesn't mean perfectly modelling relationships in software code, it means enabling people to use services in ways that supports their existing relationships, by asking questions like:

• Who is described in the data that will be transferred?
• Is it clear what data will be transferred?
• How does the service make people aware of their own and others’ rights to data portability?
• How does the service help people understand the benefits and risks of transferring data?
• How can people trust organisations that data is being transferred between?
• Who gets the power to transfer data about multiple people?
• When will that power to transfer data need to be shared or delegated?
• When is there a need for human intervention?

We believe these questions, and our data portability design principles, are a good starting point for designing new services that respect the rights of multiple people.

The opportunity for policy-makers

As policy-makers begin to think beyond the implementation of GDPR and start looking to the next generation of data protection policy, we recommend they consider ways to encourage organisations to recognise shared rights in their services. Policy-makers can help create the right conditions to facilitate the design of services that are respectful of the rights of multiple people.

There is also the need for ambitious organisations to explore and develop new social consent patterns, and forge industry standards for data portability that safeguard people’s rights over data.

There may also be a need to create new mechanisms that mediate competing rights between people. The UK’s strong legal system and lively civic technology scene put it in an excellent position to seize this opportunity – namely, setting international standards around creating services that respect the rights of multiple people.