With “Download Your Data,” Google allows users to get a copy of their data if they ever want to switch to a different service. Google, along with Twitter, Facebook, and Microsoft, is now taking this a step further by directly transferring data between different products to make switching seamless.
The Data Transfer Project is an open source initiative “dedicated to developing tools that will enable consumers to transfer their data directly from one service to another, without needing to download and re-upload it.” With portability and interoperability as the goal, this reduces the barrier to switching especially for those with limited bandwidth to download tens of gigabytes of data and then manually upload it to another product.
With its Takeout feature in 2011, Google pushed the idea of “data portability” to give users control of their information and as an incentive to “develop great products because we know [users] can pack up and leave at any time.” Besides switching, this give people the ability to try out a new service or back up data to multiple clouds.
Founded in 2017, details on how companies can join are available here, while individual developers are also invited to contribute. DTP is still in “very active development” and the group warns of bugs and other “hiccups” for early developers exploring the project.
At a high-level, this initiative involves companies developing tools to “convert any service’s proprietary APIs to and from a small set of standardized data formats.” At launch, there are “adapters” for seven different service providers across five different types of consumer data.
A number of security features are in place like independent authentication required from both accounts information is being transferred from and to, as well as explicit user approval. Additionally, the open source nature of the project will allow third-parties to verify data isn’t being collected or used for profiling, while users can also download and run the framework themselves.
All credentials and user data will be encrypted both in transit and at rest. The protocol uses a form of perfect forward secrecy where a new unique key is generated for each transfer. Additionally, the framework allows partners to support any authorization mechanism they choose. This enables partners to leverage their existing security infrastructure when authorizing accounts.