Director of public policy Matt Perault introduced a series of four guests posts weighing in on the topic, writing, “Being able to take our information from one app or service and move it to another makes our lives more convenient and promotes innovation. But, as we’ve seen with Cambridge Analytica, when third parties are able to access people’s information, even with their consent, that can also raise privacy concerns. That’s why we’re working with organizations and experts across the industry to develop approaches that make sure people can move their data between services in ways that protect their privacy.”
Highlights follow from the four guest posts:
Facebook has long treated its possession of your friends’ contact information as a key competitive advantage, making it difficult for users to collect or export it. For example, when users were first able to share an email address with friends on their profile page, it was displayed as a graphic rather than text, so that it couldn’t be cut and pasted. Some users may also recall when Facebook, in 2012, temporarily replaced users’ non-Facebook addresses with new “@facebook.com” addresses by default, making it harder to obtain off-Facebook contact information about your friends. And although there’s a hard-to-find setting where Facebook users can allow their friends to download their contact information, it is by default set not to allow such downloading—one of the rare Facebook settings that defaults away from, rather than toward, more sharing with friends.
Facebook has consistently justified its attempts to restrict sharing contact info as a privacy and security measure, but the alignment with its own business goals was always more than a little convenient. That’s rather ironic, considering that a huge part of Facebook’s meteoric growth was driven by importing contact information from other services.
Data portability—letting someone download their data and transfer it elsewhere—isn’t the only way that people can leverage their Facebook data on another service. There’s also interoperability—the ability to use the Facebook Platform API (application-programming interface) to run an app that can make use of your Facebook data on an ongoing basis. The problem is that Facebook’s policy for app developers has long required that in order to make full use of the API, apps “can’t replicate core Facebook features or functionality, and must not promote [their] other apps that do so.” For example, “your app is not eligible … if it contains its own in-app chat functionality or its own user generated feed” akin to Facebook’s messaging product or Facebook’s News Feed. If Facebook wants to shed its image as a platform monopolist, it needs to remove this anti-competitive provision and allow users to easily make use of their Facebook data on interoperable competing services.
Mark Jamison, director and Gunter professor, Public Utility Research Center:
If users of these products feel like renowned science-fiction star Truman Burbank, who discovers that his whole life has been captured by hidden cameras, it’s for good reason. Too many social media companies have allowed people to remain ignorant of how they’re being watched and who’s doing the watching.
If customers like portability and companies want to provide it, then it’s a win-win. But legislating portability in the name of enhancing competition is problematic and far more complicated than policy makers may realize.
Unfortunately, it may be too late to avoid some of the regulatory and legislative fallout. But the options being considered—open vs. closed systems and data portability—seem to miss the impetus for the user outcries. Users are upset because they’re surprised and dismayed by revelations about how tech companies use people’s data. They feel they lost something that was rightfully theirs.
Social media companies should meet this disillusionment head on. Accept the public outcry as a mandate for change before governments overstep. Engage with users openly. Tell them what has been going on and what is currently going on in ways that respect their time and intelligence. And remind people about the true relationship between the tech company and user. Notice I don’t call the users “customers.” They are not. They’re critical suppliers to companies that would not exist without them and they should be treated with respect.
Most of us are now familiar with the grand bargain of our digital economy. We enjoy the benefits of the innovative products and services available to us, often for free, in exchange for our data. We experience the pleasure and ease they bring to our lives when we download apps for work, entertainment, transportation, food—almost anything. For the most part, we don’t dwell on who has our data and how it’s being used. That is, until something unexpected occurs that frays our trust and calls into question whether consumers are bearing too much risk in the deal.
Europe has set a high bar by granting broad rights to consumers over their data. The General Data Protection Regulation, commonly referred to as the GDPR, gives users rights to access, correct, delete, restrict and move their data from one service provider to another. It is a strict approach that is moving other major markets to consider strengthening their own data privacy laws, even at the state level. California, for example, recently passed a new privacy law that requires companies to disclose the types of data they collect and allows consumers to opt out of having their personal information sold. The California law does not include all of the same rights as the GDPR, but, importantly, it does include a right for users to access and move their data from one service provider to another.
Facilitating innovation will require data policies that go beyond strong user centered controls and privacy protections. This is particularly true for foundational platforms that serve as intermediaries between most people and the internet. For example, the mobile app marketplace, which didn’t even exist a decade ago, is projected to generate around $189 billion in revenue in 2020. There are now millions of apps available through Apple’s iTunes App Store, Google Play and other app stores. Consumers rely on feeding data through them to access new products and services. Businesses rely on accessing that data in order to grow.
Positive developments for consumer privacy do not need to come at the expense of innovation. But getting the balance right will require appropriate guardrails to protect people’s privacy and security and ensure that their data is handled consistent with their expectations. Computers may process in bits of data, but the choice between privacy and openness isn’t binary. Both are required to protect consumers rights and attain the innovative potential of the digital age.
Nico van Eijk, professor of information law, Institute for Information Law:
Too often, data portability is viewed as a binary interaction involving the consumer who wants to move their data elsewhere and the service provider that currently holds the consumer’s data. In the ideal world of data portability, these two parties reach agreement about moving the consumer’s data and everybody moves on.
But the simplicity of this transaction breaks down when you start asking yourself exactly what data you’re referring to. The posts and videos showing your music preferences? Information about your behavior on the internet, like your search results? Or products you bought?
Data portability is not between two parties. It’s about managing a complex traffic hub with conflicting interests. It requires users and providers to look at the intertwined interests of many in ways that go beyond simple compliance.