DOCSLIB.ORG

Introduction

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Introduction Response to Request for Comment on Data To Go: An FTC Workshop on Data Portability August 21, 2020 Introduction Thank you for the opportunity to provide comments as part of the Federal Trade Commission’s Workshop on Data Portability to take place on September 22, 2020. Apple, Facebook, Google, Microsoft, and Twitter collaborate to support the Data Transfer Project (DTP) ( datatransferproject.dev ), which supports direct, service-to-service portability. We appreciate the opportunity to share our work on this Project, including the principles and practical considerations that guide this work, in response to your questions. Direct portability enables individuals (“users”) to copy data between two authenticated accounts directly, without having to download the data and re-upload it to a new service. D TP is an open-source project that will make it easier for people to switch services, or try new and innovative products, by improving the ease and speed of data portability. In this comment, we briefly summarize the technical foundations of DTP and explain how our principles guided us toward this approach. More information on these topics, and others, can be found in the DTP White Paper. 1 However, this comment primarily provides an update on participation and governance of the Project in response to your questions about how companies are currently implementing data portability; the benefits and costs of data portability; and the security of data in transit between businesses. 1 Data Transfer Project Overview and Fundamentals (July 20, 2018), https://datatransferproject.dev/dtp-overview.pdf. 1 What is the Data Transfer Project History of the Project DTP was launched in 2018 to create an open-source, service-to-service data portability platform so that all individuals across the web could easily move their data between online service providers whenever they want. The current partners 2 are Google, Microsoft, Twitter, Facebook, and Apple. The partners believe portability can support innovation and enable users to easily take advantage of the offerings that best suit their needs. For example, DTP provides practical tools that let users backup or archive important information, organize information within multiple accounts, recover from account hijacking, and retrieve data from deprecated services. It is designed to support individual users, as opposed to commercial customers of a provider. Data portability can also present challenges for data security and privacy, but DTP partners have agreed to support and follow a set of principles to mitigate these concerns. Implementing measures such as encryption in transit guard against unauthorized access, diversion of data, or other types of fraud. The application of privacy principles, such as data minimization and transparency when transferring data between providers, also provide important privacy and security benefits for users. How Does DTP Work DTP is a collaboration of organizations committed to building a common framework with open-source code that can connect any two online service providers, enabling a seamless, direct, user initiated portability of data between the two providers. DTP is powered by an ecosystem of adapters that convert a range of proprietary formats into a small number of canonical formats useful for transferring data. This allows data transfer between any two service providers using the provider’s existing authorization mechanism, and allows each provider to maintain control over the security of their service. A service provider only has to write one adapter for a data type, which will then work with all other service providers that have built adapters for that data type. This also adds to the sustainability of the ecosystem, since companies can attract new customers, or build a user base for new products, by supporting and maintaining the ability to easily import and export a user’s data. 2 To become a partner in the Data Transfer Project, an organization must agree to follow the principles and best practices described in the DTP White Paper, contribute to DTP efforts, and participate in DTP by committing to add and maintain adapters. These organizations have their logos on the DTP website and represent the Project in public conversations. 2 When a user initiates a data transfer, their encrypted information flows from one provider directly to another that is chosen by the user. Only the source service and the destination service (and hosting entity, if it is not the source or destination service) have access to the data. No other DTP partners or third parties have access to a copy of the data as part of the transfer. It is worth noting that DTP doesn’t include any automated deletion architecture. Once an account holder has verified that the desired data is migrated, they would have to delete their data from their original service using that service’s deletion tool if they wanted the data deleted. The DTP partners each offer deletion tools for their users, and encourage all providers to do the same. Importing and exporting data directly can benefit users and the broader ecosystem of service providers in a variety of industries. Direct transfer is more practical and efficient for users by shifting the burden of transferring or copying data from their hardware to the service provider’s infrastructure. This is especially important for users in emerging markets, or on slow or metered connections, as our project does not require a user to download and upload the data over what may be low bandwidth connections and at potentially significant personal expense. Our Principles Partners in DTP agree to support and promote the following principles, which are described in the White Paper3 and are listed on our website.4 ● Build for users Data portability tools should be easy to find, intuitive to use, and readily available for users. They should also be open and interoperable with standard industry formats, where applicable, so that users can easily transfer data between services or download it for their own purposes. ● Privacy and security Service p roviders on each side of the portability transaction should have strong privacy and security measures—such as encryption in transit—to guard against unauthorized access, diversion of data, or other types of fraud. It is important to apply privacy principles such as data minimization and transparency when transferring data between providers. When users initiate a transfer they should be told in a clear and concise manner about the types and scope of data being transferred as well as how the data will be used at the destination service. Users should also be advised about the privacy and security practices of the destination service. These measures will help to educate users about the data being transferred and how the data will be used at the destination service. More details are in the Privacy and Security section below. 3 Data Transfer Project Overview and Fundamentals (July 20, 2018), https://datatransferproject.dev/dtp-overview.pdf. 4 Data Transfer Project FAQ, h ttps://datatransferproject.dev/faq. 3 ● Reciprocity While portability offers more choice and flexibility for users, it will be important to ensure that flexibility is consistent across the ecosystem. A user’s decision to move data to another service provider should not result in any loss of transparency or control over that data. Specifically, individuals should have assurance that data imported to a provider can likewise be exported again, if they so choose. There should not be a dead-end for users in transferring their data, and any service provider that only offers import should be transparent and upfront about this. ● Focus on user’s data Portability efforts should emphasize data and use cases that support the individual user. Focusing on content a user creates, imports, approves for collection, or has control over, reduces the friction for users who want to switch among products or services or use their data in novel ways, because the data they export is meaningful to them. Portability should not extend to data that may negatively impact the privacy of other users, or data collected to improve a service, including data generated to improve system performance or train models that may be commercially sensitive or proprietary. This approach encourages companies to continue to support data portability, knowing that their proprietary technologies are not threatened by data portability requirements. For a detailed taxonomy of such data, see ISO/IEC 19944:2017. ● Respect Everyone We live in a collaborative world: people connect and share on social media, they edit docs together, and they comment on videos, pictures, and more. Data portability tools should focus only on providing data that is directly tied to the person requesting the transfer. We think this strikes the right balance between portability, privacy, and benefits of trying a new service. We believe these principles promote user choice and encourage responsible product development, maximizing the benefits to users and mitigating the potential drawbacks. Privacy and Security One of the questions posed in the request for comment is “who should be responsible for the security of personal data in transit between businesses?” This is a question that DTP necessarily confronted while developing our protocols. The security and privacy of user data is a foundational principle of DTP. Because there are multiple parties involved in the data transfer (the user, Hosting Entity, 5 Providers,6 and partners) 5 A Hosting Entity is the entity that runs a Host Platform of DTP. In most cases it will be the provider sending or receiving the data, but could be a trusted third party that wants to enable data transfer among a specific group of organizations. 6 Providers are any company or entity that holds user data. Providers may or may not be partners. Provider is similar to Cloud Service Provider as defined in ISO/IEC 17788:2014 section 3.2.15.
Load more

Recommended publications
  • CCIA Submission to Rekabet Kurumu's Inquiry Into the Digital
    CCIA Submission to Rekabet Kurumu’s Inquiry into the Digital Economy 27 April 2020 I. Introduction The Computer and Communications Industry Association,1 (“CCIA”) welcomes the opportunity to contribute to the market study into competition and the digital economy by Rekabet Kurumu (“Rekabet”), the Turkish Competition Authority. CCIA commends Rekabet for seeking a better understanding of the legal, economic and policy challenges that arise with the digitalization of the global economy and its significance in the competition analysis. CCIA looks forward to furthering the dialogue with Rekabet in this regard. The tech sector has had transformative effects on the entire economy. Tech has increased efficiency and lowered entry barriers in many markets and allowed the introduction of entirely new business models. Digital media distribution tools have created a space for individuals to broadcast their audio, photo and video content creations to the world. Online retail intermediaries like Hepsiburada and Trendyol allow small and medium sized enterprises to reach consumers and meet demand far beyond their geographic footprint, more quickly and cheaper than ever before. Social media services dramatically lower the cost for advertisers to reach their audience and avoid advertising wastage. Studies suggest that the consumer benefit of free online services is worth thousands of lira per person, per year.2 In order for innovation in the technology market to continue driving the global economy, both competition policy and sound antitrust enforcement must play a crucial role in ensuring that 1 The Computer & Communications Industry Association (CCIA) is a non-profit membership organisation that represents the interests of a wide range of companies in the Internet, technology and telecoms industries.
    [Show full text]
  • Masters Thesis Stojko.Pdf
    DEPARTMENT OF INFORMATICS TECHNICAL UNIVERSITY OF MUNICH Master’s Thesis in Information Systems An Information Model as a Basis for Information Gathering to comply with Data Portability according to GDPR Art. 20 Laura Stojko DEPARTMENT OF INFORMATICS TECHNICAL UNIVERSITY OF MUNICH Master’s Thesis in Information Systems An Information Model as a Basis for Information Gathering to comply with Data Portability according to GDPR Art. 20 Ein Informationsmodell als Basis fur¨ die Informationserhebung zur Datenportabilitat¨ nach Art. 20 DSGVO Author: Laura Stojko Supervisor: Prof. Dr. Florian Matthes Advisor: Dipl. Math.oec. Dominik Huth Date: November 15, 2018 I hereby declare that this thesis is entirely the result of my own work except where other- wise indicated. I have only used the resources given in the list of references. Munich, 15. November 2018 Laura Stojko Abstract With the announcement of the General Data Protection Regulation (GDPR) by the Euro- pean Union, data privacy laws shall be harmonized in European countries. In the digital era, personal data is of high significance for companies, especially within customer data- driven industries (e.g. social media platforms). Due to the new importance of personal data and its usage, the awareness for data privacy is increasing among people. Thus, good data privacy management is of high relevance for companies and customers. This thesis focuses on article 20 of the GDPR, which describes data portability as one essential aspect for new rights of the data subject. Data portability enables customers to receive their per- sonal data from companies and transfer it to others. Thereby, a level playing field within the market is supported.
    [Show full text]
  • Natural Language Processing 2018 Highlights
    NLP 2018 Highlights By Elvis Saravia 1 Table of Contents Introduction ............................................................................................................................................ 4 Research ................................................................................................................................................. 5 Reinforcement Learning ...................................................................................................................... 5 Sentiment Analysis and Related Topics ................................................................................................ 7 AI Ethics and Security .......................................................................................................................... 9 Clinical NLP and ML ........................................................................................................................... 12 Computer Vision ................................................................................................................................ 15 Deep Learning and Optimization ........................................................................................................ 17 Transfer Learning for NLP .................................................................................................................. 19 AI Generalization ............................................................................................................................... 20 Explainability and Interpretability
    [Show full text]
  • Data Transfer Project
    Data Transfer Project August 20, 2018 Federal Trade Commission 600 Pennsylvania Ave NW Washington, DC 20580 To Whom It May Concern: Thank you for the opportunity to provide comment on the Federal Trade Commission’s Hearings on Competition and Consumer Protection in the 21st Century. As you may know, Google, Microsoft, Twitter, and Facebook recently announced the Data Transfer Project (datatransferproject.dev). We are excited to share our work on this project, including the thinking ​ ​ behind it, in response to your questions. Data portability is critical for user control and competition. Not only is this project relevant to the questions you raised in your request for comment on these topics, but we also encourage the Commission to consider the importance of portability throughout your process. The mission of the Data Transfer Project is to support direct, service-to-service portability. This will ultimately enable users to transfer data between two authenticated accounts behind the scenes, without having to download the data and relocate it themselves. This is an open-source project that will make it easier for people to switch services, or try new and innovative products, by improving the ease and speed of data portability. We have attached a detailed white paper that describes the technical foundations of the project and explains how our principles guided us toward this approach. The paper also includes detailed descriptions of the security and privacy considerations that are built into the project. Please let us know if you have any additional questions. Thanks, Keith Enright Julie Brill Damien Kieran Erin M. Egan Chief Privacy Officer Corporate Vice Data Protection Officer Vice President & Chief Google LLC President & Deputy Twitter, Inc Privacy Officer General Counsel Facebook, Inc.
    [Show full text]
  • The Future of Data: Adjusting to an Opt-In Economy October 2018
    The Future of Data: Adjusting to an opt-in economy October 2018 Prepared for 2 | Oxford Economics 2018 Contents Executive summary ...................................................................... 4 The dawn of the opt-in era ............................................................ 7 Who are these people and what do they want? ............................. 10 Not all consumers are the same .................................................... 15 The rise of the data economy ........................................................ 16 How industries use data ............................................................... 18 Meet the leaders ............................................................................ 21 Life in the data age ........................................................................ 29 The path forward: Calls to action ................................................... 30 Research methodology ................................................................. 31 Contact us .................................................................................... 32 Oxford Economics 2018 | 3 Executive summary 4 | Oxford Economics 2018 In a world increasingly driven by data, We found that consumers have individual consumers suddenly have a lot contradictory views of the information of power. How they exercise this power, economy. They will share sensitive data and the ways companies respond, will be yet do not trust the companies they share a major story for years to come. with, or fully understand how much is
    [Show full text]
  • Written Testimony of Keith Enright Chief Privacy Officer, Google United
    Written Testimony of Keith Enright Chief Privacy Officer, Google United States Senate Committee on Commerce, Science, and Transportation Hearing on “Examining Safeguards for Consumer Data Privacy” September 26, 2018 Chairman Thune, Ranking Member Nelson, and distinguished members of the Committee: thank you for the opportunity to appear before you this morning. I appreciate your leadership on the important issues of data privacy and security, and I welcome the opportunity to discuss Google’s work in these areas. My name is Keith Enright, and I am the Chief Privacy Officer for Google. I have worked at the intersection of technology, privacy, and the law for nearly 20 years, including as the functional privacy lead for two other companies prior to joining Google in 2011. In that time, I have been fortunate to engage with legislators, regulatory agencies, academics, and civil society to help inform and improve privacy protections for individuals around the world. I lead Google’s global privacy legal team and, together with product and engineering partners, direct our Office of Privacy and Data Protection, which is responsible for legal compliance, the application of our privacy principles, and generally meeting our users’ expectations of privacy. This work is the effort of a large cross-functional team of engineers, researchers, and other experts whose principal mission is protecting the privacy of our users. Across every single economic sector, government function, and organizational mission, data and technology are critical keys to success. With advances in artificial intelligence and machine learning, data-based research and services will continue to drive economic development and social progress in the years to come.
    [Show full text]
  • What If Cities Took a Central Role in Returning Citizens' Personal Data To
    mesinfos.fing.org “WHAT IF CITIES TOOK A CENTRAL ROLE IN RETURNING CITIZENS’ PERSONAL DATA TO THEM?” 2020 THE “MESINFOS - SELF DATA ACKNOWLEDGEMENTS: CITIES” TEAM AT FING: Special thanks to Virginie Steiner (La Rochelle), Manon Molins, Chloé Friedlander, Guillaume Jacquart, Sylvie Turck (Nantes Métropole), and Maria-Inés Léal Fanny Maurel // Sarah Medjek for MyData France. (Grand Lyon), as well as to Guillaume Chanson, Cécile What if cities took a central role in returning > an analysis of the relevant governance models Christodoulou, Aurialie Jublin, and Mathilde Simon. citizens’ personal data to them, so their citizens can when considering how to share personal data with individuals; TRANSLATION: Jianne Whelton use personal data to make their lives easier, get to know each other better, contribute to territorial > a survey of cities efforts to share data, including decision making or participate in public interest some examples to draw inspiration from (and some CREATIVE COMMONS projects? to avoid); > illustrated methodologies you can use to This document is available under a Creative Commons Attribution 4.0 License (France): For the past year, Fing has been working with three https://creativecommons.org/licenses/by/4.0/deed.fr. implement a Self Data initiative in your region major French cities — Nantes Métropole, (the energy (plus examples drawn from our work with Nantes You are free to share — copy and redistribute the material in any medium or format — and adapt — remix, transform, and build upon the material for transition), La Rochelle (sustainable mobility), and Métropole, La Rochelle and Greater Lyon): identify any purpose, even commercially — under the following terms: attribution — you must give appropriate credit, provide a link to the license, and indicate Greater Lyon (social welfare) — to enable them to the relevant personal data, imagine use cases if changes were made.
    [Show full text]
  • Network-Based Classification of Developer Roles in Open-Source
    Bachelor’s Thesis NETWORK-BASEDCLASSIFICATIONOF DEVELOPERROLESIN OPEN-SOURCE-PROJECTS: ANEMPIRICALSTUDY nils alznauer November 18, 2020 Advisor: Thomas Bock Chair of Software Engineering Examiners: Prof. Dr. Sven Apel Chair of Software Engineering Prof. Dr. Andreas Zeller Professor for Software Engineering Chair of Software Engineering Saarland Informatics Campus Saarland University Nils Alznauer: Network-based Classification of Developer Roles in Open-Source-Projects: An Empirical Study, © November 2020 Erklärung Ich erkläre hiermit, dass ich die vorliegende Arbeit selbständig verfasst und keine anderen als die angegebenen Quellen und Hilfsmittel verwendet habe. Statement I hereby confirm that I have written this thesis on my own and that I have not used any other media or materials than the ones referred to in this thesis Einverständniserklärung Ich bin damit einverstanden, dass meine (bestandene) Arbeit in beiden Versionen in die Bibliothek der Informatik aufgenommen und damit veröffentlicht wird. Declaration of Consent I agree to make both versions of my thesis (with a passing grade) accessible to the public by having them added to the library of the Computer Science Department. Saarbrücken,______________________ _____________________________ (Datum/Date) (Unterschrift/Signature) ABSTRACT For many Open-Source Software (OSS) projects, no official core developers or project leaders can be found. Identifying core developers for these projects is crucial as OSS projects have very high turnovers in their community. To mitigate this turnover and ensure a smooth-running project, consistency in some developers is needed. This consistency is provided by people maintaining the project for an extended period of time. As Open-Source Software is used by many people worldwide due to it being free, there is an obligation for many projects that the program is secure and follows specific quality standards.
    [Show full text]
  • Paper #3: Facebook
    Yaletap University Thurman Arnold Project Digital Platform Theories of Harm Paper Series: 3 The Section 2 Case Against Facebook May 2020 Jackson Busch Michael Enseki-Frank Natalie Giotta Joe Linfield Przemyslaw Palka Emily Wang Introduction Facebook is currently facing four separate antitrust investigations by the DOJ, the FTC, a group of state attorneys general, and the House Judiciary Committee.1 Should one or more of these entities bring a monopolization claim against Facebook, they will need to provide robust evidence that Facebook possesses market power in a relevant antitrust market and that Facebook has acted anticompetitively in acquiring or maintaining that power. In this paper we show that, based solely on publicly available data, enforcement agencies have sufficient grounds to bring a strong case against Facebook under Section 2 of the Sherman Act. To show that Facebook has violated Section 2, the Supreme Court has laid out a two-part test. Plaintiffs must show “(1) the possession of monopoly power in the relevant market and (2) the willful acquisition or maintenance of that power as distinguished from growth or development as a consequence of a superior product, business acumen, or historic accident.”2 This report follows the Grinnell framework in organizing the Section 2 case against Facebook. Part I shows that Facebook possesses monopoly power in a relevant antitrust market. Because Facebook is a two-sided non-transactional market, we analyze the social media market and the digital advertising market separately. We discuss why each side of the platform constitutes a relevant antitrust market and provide “indirect evidence” that Facebook has market power by showing high market shares and barriers to entry.
    [Show full text]
  • New York University Stern School of Business Welcome Remarks
    THE GLOBAL ANTITRUST ECONOMICS CONFERENCE 31 May 2019 — New York University Stern School of Business Welcome Remarks: Luis Cabral & Lawrence White Luis Cabral: Good morning, New York. My name is Luis Cabral and I’m the Chair of the Economics Department here at Stern School of Business at New York University. It gives me great pleasure to welcome you all to the Global Antitrust Conference. I’ve looked at the lineup and it’s a super-super-duper star-studded lineup, so I’m well aware of the opportunity cost of me standing here in front of you. But I cannot resist telling you a brief anecdote that involves one of our speakers, Roger Noll, who is here in front of me, and that’s the following. Next week it will be thirty years to the day that I was defending my doctoral dissertation — I was five years old back then [Laughter] — and Roger was on the committee. I was told it was just a formality, but of course I was very nervous. I mean it was the first time I was defending a PhD thesis — it was also the last, by the way, thank God. My thesis was on regulation and antitrust. So I go through the normal motions: I give my spiel and then the various members of the committee ask questions and so forth. So I go through it. Paul Milgrom said, “Okay.” Then Mike Riordan asks a few questions, then he’s fine. And Tim Bresnahan asks a few questions and he’s fine. Then, finally, it comes to Roger, and there’s a pause.
    [Show full text]
  • Infocity #130
    Contents Искусственный интеллект Dell Alienware 15 R4 в редакции... 4 и Alienware 17 R5 45 News / Azerbaijan Xiaomi Mi Notebook Pro 2 6-10 News / Mobile Operators 16-17 News / World 22-27 Mobility 47 Samsung Galaxy Note 9, часы Galaxy Watch Samsung Galaxy Tab S4 №8(130)/август 2018 и Smart-колонка Galaxy Home и Galaxy Tab A 10.5 35 Главный редактор: Вусал Аскеров Security e-mail: [email protected] Baş redaktorun müavini: Gündüz Babayev e-mail: [email protected] Директор: Дмитрий Андрианов Barracuda e-mail: [email protected] Message Archiver - Редактор сайта: Рауф Джафаров 28-29 архивирование электронной e-mail: [email protected] почты для обеспечения Huawei Nova 3 30 сохранности корреспонденции Отдел рекламы: Тел.: (+99450) 210-38-78. Sony Xperia XA2 Plus 31 и контроля корпоративной e-mail: [email protected] переписки 56-58 Xiaomi Mi Max 3 Отдел распространения: Peripherals & Gadgets Тел.: (+99470) 240-77-27 Samsung C43J89 60 Контакты компаний- распространителей: Apple Blackmagic eGPU ГАЯ (+99412) 565-67-13, (+99412) 598-35-22 ГАСИД (+99412) 493-23-19, (+99412) 493-98-14 33 Xpress-Elita (+99412) 437-28-10 AMY (+99412) 440-46-94 Xiaomi Mi A2 и Mi A2 Lite 35 А.В.С.-МЕДИА (+99412) 493-45-84 Nokia X5 35 АЯН-ПРЕСС (+99412) 497-17-79 Moto Z3 37 61 Адрес редакции: Huawei Honor Note 10 37 Азербайджан, Баку, Magic Leap One 67 ул. Шарифзаде, 19. LG Q8 (2018) 38 Тел./Факс: (+99412) 434-55-76. Oppo F9 Digital Photo Моб.: (+99470) 240-77-27 Fujifilm XF10 73 e-mail: [email protected] Nikon Журнал зарегистрирован Coolpix P1000 в Министерстве Юстиции Азербайджанской Республики.
    [Show full text]
  • Glenelg Technical Report 20160418.Docx RURAL LAND USE STRATEGY TECHNICAL ASSESSMENT and BACKGROUND REPORTING
    This report has been prepared by: RMCG Suite 1, 357 Camberwell Road CAMBERWELL VIC 3124 P: (03) 9882 2670 E: [email protected] W: www.rmcg.com.au ABN: 35 154 629 943 Offices in Bendigo, Melbourne, Torquay, Warragul and Penguin (Tasmania) Key Project Contact Shelley McGuinness M: 0408 194 993 E: [email protected] Document review and authorisation Job Number: 22-G-13 Version Status Date Author Review QA Approved Issued Copies 1.0 Draft 1/5/2015 S. McGuinness S McGuinness H. Buck S McGuinness Glenelg Shire 1 2.0 Final 26/5/2015 S. McGuinness S McGuinness H. Buck S McGuinness Glenelg Shire 1 3.0 Final 19/04/2016 S. McGuinness S McGuinness S McGuinness Glenelg Shire 1 Note: (e) after number of copies indicates electronic distribution RMCG Melbourne:RMCG Client Files (M):SHELLEY-22:22-G-13 Glenelg Shire Council - Rural Land Use Strategy:TECHNICAL ASSESSMENT REPORT:FINAL REPORT:Glenelg Technical Report 20160418.docx RURAL LAND USE STRATEGY TECHNICAL ASSESSMENT AND BACKGROUND REPORTING 1 INTRODUCTION 5 OVERVIEW ................................................................................................................................................ 5 APPROACH ............................................................................................................................................... 5 THIS REPORT ........................................................................................................................................... 6 2 GLENELG SHIRE 7 3 PLANNING POLICY CONTEXT 8 GLENELG PLANNING SCHEME .............................................................................................................
    [Show full text]