I’ve been on the board of Dataportability.org since its founding three years ago. The concept made quite a splash when it was first announced, but I knew that after the hype wore off would come all the hard work of making it real. And that’s where XDI would be needed.

Ever since then, I’ve watched the concept of Data Portability become somewhat of a buzzword with different companies and communities. As is often the case with buzzwords, actual understanding runs a mile wide and an inch deep.

Which is why this article from DP Communications Chair Alisa Leonard caught my eye: it goes right to the heart of defining what data portability really means. I especially like this quote:

It is important to first understand that true data portability puts the ultimate power of data control in the hands of the user, not the web application using that data.

She goes on to explain precisely why this means Facebook does not yet provide data portability:

Facebook has long fallen under scrutiny for having immense control over end user data. The development of Facebook Connect and the Open Graph API have been steps in the direction of data portability, but ultimately, Facebook continues to maintain, under their TOS, the last word on your data usage through an all-encompassing license to do what they wish with your data (including sub-license it to other entities).

What matters is that while they now allow more access to your data through the download feature, the Facebook TOS has not changed— meaning your data is still on their server and while you can download, you cannot remove your data entirely (if you wished to do so). This is data accessibility, not data portability.

I’d go one step further: companies and sites that provide true data portability will provide 100% programmatic access to the data that you store there. Which means you can do more than just remove/delete it. You can read it, write it, or move it somewhere else — all under your control, using the tool, program, or service of your choice.

That’s how email works today: I can read, write, delete, and move my email from my email provider completely under my control, not theirs. (The “moving” part is not actually something that most email provider’s support directly, i.e., you have to copy it from one provider and write it to another, which is anywhere from difficult to almost impossible.) But if you can do all these things, and you can do them easily without barriers — that’s true data portability.