Q: Are there common standards by which Data Transfer Project partners should abide in performing transfers?

As described in the white paper, DTP adheres to the following principles:

We believe the following principles around interoperability and portability of data promote user choice and encourage responsible product development, maximizing the benefits to users and mitigating the potential drawbacks.

Q: What kinds of data can be transferred through DTP?

The terms of each organization’s API determine the data types that can be transferred between providers. This ordinarily includes data stored in a specific users’s account, but may not be limited to that data, depending on the organizations involved. Additional or substitute functionality outside of the Data Transfer Project would be required for data transfers requiring particularly high integrity (e.g. health records).

Q: Who is responsible for protecting data before, during, and after the transfer takes place?

Each organization is responsible for securing and protecting the data stored on its platform, regardless of whether it is supporting a transfer out or receiving a transfer from another organization. Generally, this includes established practices in securing access, authorization, and authentication to public APIs or other mechanisms. Additionally, this includes writing and enforcing policies governing access to that information through an API or other mechanism. Those specific terms govern the conditions of transferring data into or out of each provider. Additionally, there are baseline security requirements detailed in the White Paper, such as encryption in transit, that should always be adhered to.

Q: When data is transferred, do the Partners all get a copy?

No, when a user initiates a data transfer, their encrypted information flows from one provider directly to another that is chosen by the users. Only the source service, the destination service (and hosting provider, if it is not the source or destination service) have access to the data. No other DTP partners or 3rd parties have access to a copy of the data as part of the transfer.

Q: Why aren’t there more, smaller companies in the Project?

DTP is an open source project centered around the idea that less-resourced companies can use and build on the common models and codebase developed by the community of contributors. All companies are welcome to participate. Although the DTP reduces the technical burdens of service-to-service transfers, development work is required of each participating organization. Deciding to participate in the project may require shifting limited resources from other priorities. We are continuing to make integrating with DTP easier. Our goal is to help companies of all sizes realize the value of providing users more control over their data.

If you are interested in joining the project, please visit our community page to learn how.