Portability Part 1: An Introduction

 In Data, Financial Data, Portability, Privacy & Regulations, Security

If you were to do a Google search for “data portability” today, you would get over 64 million results to choose from. Although that’s not a huge number compared to other searches you may conduct (for example, search “fintech” and you would get upwards of 816 million results), it’s enough to make you realize that the concept is being talked about in a lot of different places. Whether you’re a consumer, developer, financier, or all of the above, data portability affects you. 

Portability Briefly Explained

So what exactly is data portability? Simply put, it’s the idea that the personal digital data that different companies are gathering about you (like your purchase histories, preferences, cookies, locations, etc.) should be accessible by you, the subject, and that you should have the right to share that data with whoever else you want. Data portability also involves the premise that data should be in a form that is understandable to the subject, as well as to other entities they may want to share it with. 

Ideas around portability are increasingly applied to all kinds of data, perhaps none more than financial data that’s collected across various platforms. Right now, most people engage in at least one form of online banking or utilize some other app that directly utilizes their financial information. Think of apps you’re most likely familiar with, like Mint, Venmo, Zelle, EveryDollar, PayPal, or the other digital wallets or financial institution apps you regularly use. Let’s take one of those platforms for a moment – Venmo –  to apply some of the concepts of data portability. In their Privacy Policy (updated February 2022), Venmo clearly states that if you open an account with them, they will collect information about your account, identity, device, geolocation, and financial information (bank account and routing numbers or credit cards connected to your account), not to mention the transactions you make using their platform. In addition, Venmo can also access users’ social media details like friend lists, profile picture, etc. if the user authorizes it.

Data portability in the context of Venmo asserts that because you, the user, are the owner of all that data being collected, you should be able to access it and then share it with whoever else you want to – like one of the other apps or platforms you’re using, for example, to help you build investments, pay off your mortgage, or whatever other financial goals you may have. The problem is, the data Venmo (or other platforms) collects isn’t automatically accessible or portable to be able to be shared securely across different platforms. 

Portability Briefly Applied

Data is collected in order to be helpful, but it actually isn’t helpful until it’s organized into normalized and structured formats. In the past, most businesses hired third parties to assemble the data they collected for them. These companies are commonly called “data aggregators.” First they take the personal and financial data about a business’s users, then they clean it up, put it into a relevant context, and finally categorize it into meaningful subsets so that the business that hired them can understand it and take appropriate action based on the insights gleaned. 

Many of these well-known data aggregators have also become portability platforms in recent years – so not only are they aggregating the data for the business itself; they’re also aggregating it for the business’s users and putting it in a form that users can share with other parties of their own choosing. Making data portable previously involved something called “screen scraping”, which is essentially reading and copying information from one location so that it can be used in another location. While some companies still use screen scraping to access and send data, many are now turning to more secure processes.

The Old Way Versus the New Way

One thing you might worry about in the process of porting your data from one place to another is security – and rightly so. You want to be able to share your data only with the people you’ve designated. So how do you keep your data secure in the process? Well the old way of using a data aggregator and screen scraping is definitely not the best way. In order for the third party data aggregating/portability platform to access the collected data, the original data collecting company needs to share authentication information with them, like the usernames and passwords of their users. Then the third party has to hopefully keep that authentication info secure while they use it to access the company’s data. That poses a huge risk, however, because it requires that highly sensitive material be stored somewhere else in addition to its original location of use. The problem with that is that the more places information is stored, the more likely it can be accessed by people who shouldn’t have access to it. 

The new way of portability, the way Pentadata does it, is better for many reasons, security being just one. Pentadata doesn’t aggregate data – we don’t store personal information collected about another business’s users. Instead, we simply transport data from one place to another in real time. When a user wants to share data from one location to another, we facilitate the movement of that data without ever storing it on our end. We are simply the highway by which the data travels from one platform to another. 

Why Does This Matter?

Like we said at the beginning, it doesn’t matter whether you’re a consumer, developer, financier, or all of the above – data portability is relevant to you. As a consumer, data is being collected about you. As a developer, you’re not only collecting data but also being held to standards of privacy and portability. As a financier, you are sharing data about your users. Whether you play one or several of those roles, you have a right and obligation to portability. For your own safety and trustworthiness, then, how portability happens matters. 

In our increasingly digital world, we believe that legislation needs to speak to data possession and movement. That’s why Pentadata is a member of the Digital Commerce Alliance, which provides high standards for both merchants and consumers as it pertains to digital data. Together the DCA and Pentadata champion Consumer Data Transparency Rights, including the rights to access, portability, and security. These things are important now and will become even more crucial as we move into a digital future. Because when data is securely portable, it opens up a world of possibilities for consumers and companies alike. 


This post is Part 1 of a 5-part series on data portability. Stay tuned in the upcoming weeks for the next installations.

Recent Posts