There are a lot of new online services available that makes our life easier. But it is difficult for the users to switch from one service to another because it involves downloading from one service and re-uploading it into another service. The General Data Protection Regulation (GDPR) which is a legal regulation by European Union has set some guidelines for collecting and processing the user’s personal information by companies. There are online services available which provides tools that permit the users to download their data in a single click.
This however is not enough to simplify the process of securely transferring your data between services. The giant companies like Google, Facebook, Microsoft, and Twitter have collaborated to launch a new open-source, service-to-service data portability platform, called the Data Transfer Project.
Data Transfer Project and how it works
Data Transfer Project (DTP) is a collaboration of organizations committed to building a common framework with open-source code that can connect any two online service providers, enabling a seamless, direct, user initiated portability of data between the two platforms.
Data Transfer Project uses existing APIs and authorization mechanisms to access data. It then uses service specific adapters to transfer that data into a common format, and then back into the new service’s API.
Data Transfer Project use-case examples which the DTP developers shared to describe its use
Trying a new service : A user finds a new photo printing service providing beautiful and innovative photo book formats, but their photos are stored in their social media account. Using DTP, they can visit a site or app offered by photo printing service and initiates a transfer directly from their social media account to the photo book service.
Backing up your data : An architect in a low-bandwidth area is working on graphics and drawings for a new house. At the end of the project, he needs to transfer all the files from a shared storage system to the user’s cloud storage service. They can go to cloud storage Data Transfer Project User Interface (UI) and transfer large files directly, without affecting their bandwidth.
The DTP project has developed adapters for seven different service providers—Google, Microsoft, Twitter, Instagram, Flickr, Remember the Milk, and SmugMug—across five different types of consumer data, including photos, mail, tasks, contacts, and calendar.
Security and Privacy
The Data Transfer Project system design makes sure that all credentials and user data stays encrypted both during transition and while at rest. It uses a forward secrecy where a new unique key is generated for every transfer and ensures that the admins do not have access to the encryption key.
The DTP protocol also supports data minimization which permits the users to select and transfer minimum data from one service to another required to successfully provide their service.
The system also requires both the source account and the destination account to generate alerts to notify the user that a data transfer has been initiated in an effort to prevent unauthorized data transfer.
Besides this, DTP also supports rate limiting the number and frequency of transfers for a given user, authorization token revocation, in case a token is leaked, and minimal scopes for authentication tokens.
DTP is still in an underdevelopment state abd is not ready to be used. However the existing code for the project are made available on GitHub, along with a white paper [PDF] describing its scope.
Microsoft have called for more companies to sign onto the new effort and reported in their blog that portability and interoperability are central to cloud innovation and competition. The Data Transfer Project could have some serious implications for smaller service providers participating in the project, which makes it easier for their customers to leave and join services from popular brands with profitable offers or free services.