What are the main insights about the data portability gathered during NGI DAPSI Programme?

After 3 years, NGI DAPSI is coming to its end. Here are the gathered insights and the main achievements.

NGI DAPSI is the European project funded by the European Commission under the European Union’s Horizon 2020 Research and Innovation Programme, and part of the European Commission’s Next Generation Internet (NGI) initiative

The Next Generation Internet (NGI) initiative, launched by the European Commission back in 2016, aims at shaping the future internet as an interoperable platform ecosystem with values such as: openness, inclusivity, transparency, privacy, cooperation, and protection of data.

Why NGI DAPSI?

The General Data Protection Regulation (GDPR) applies since 25 May 2018. Specifically, Article 20 has the purpose of making significantly easier for citizens to have any data which is stored with one service provider transmitted directly to another provider. Now, the new data protection regulation on portability has been developed to give the concerned persons better control over their personal data.

NGI ​DAPSI launched 3 years ago, with an aim to foster the advanced research for the delivery of open-source results in the Services & Data Portability field through the support to researchers, SMEs and startups or innovator, engaging them in a 9-months Programme providing up to 150k€ of funding and a pack of services such as coaching and mentoring in technical and non-technical areas.

The team

During the period of 38 months, the success of the NGI DAPSI project was enabled by the wholesome cooperation of the Project Consortium made of 6 partners:

The main project achievements 

In the NGI DAPSI 3-years-long Programme, we have defined and tackled the challenges within six main data portability research domain, such as:

  1. DATA TRANSPERENCY – For a more personal data storage and a more fine-grained data transfer when exercising personal data access right
  2. DATA COMPATIBILITY & INTEROPERABILITY – To facilitate switches between data providers
  3. SECURITY & PRIVACY – To ensure that the personal data are transferred in a secure way
  4. SERVICE PORTABILITY – To empower users to share their date with any service provider and host that they trust
  5. DATA SOVEREIGNTY – To empower users to transfer a complete data set or part of it to any new provider without giving reasons
  6. OTHER – Matters related to data correction, data ownership, user education…

After 3 Open Calls and 46 top-notch projects supported, we gathered insights and the main achievements from each data portability research subdomain we investigated during the past 3 years.

Data transparency 

  • Developed open standards for storage and delivery of data, e.g., vocabularies, metadata description…
  • Assured the control of traceability for the data subject
  • Created visualization tools to improve user understanding
  • Enabled users to change their setting at any time

Data compatibility & interoperability

  • Used established and open data models and standards, common standards and shared vocabularies
  • Designed a cross-domain data architecture
  • Established tools for data conversion from one format to another

Security & privacy

  • Secured data encryption & transmission during transfer
  • Enabled full anonymization 
  • Ensured correctness & integrity of data during transfer

Service portability

  • Made data and identities usable and portable across services
  • Introduced suitable microscale alternatives and interoperable standards that can be universally deployed
  • Created or enhanced viable open alternatives for the key proprietary services that people depend on 

Data sovereignty 

  • Formulated self-defined data usage rules, influencing and tracing the data/information flows
  • Implementation of methods to give the individuals the freedom to choose which parts of data to share and transfer 

However… some implementation challenges still exist

  • Defining the range, format and frequency of data to be included in the data portability.
  • Determining how standards will be implemented and disputes resolved.
  • Challenges that may arise in developing a common format for different services.
  • The lack of proper business models is a fundamental challenge. 

What have we concluded?

  • Open source projects may help small businesses to realize the right to data portability.
  • Data subjects should be able to make self-determined decisions based on their own free will, without being led there by “recommendations” from a system that does not act neutrally.
  • The law is ahead of technology and practice: an evaluation could clarify to what extent the right to data portability can be implemented in practice considering the sanctions of the GDPR.