Will the Data Transfer Project secure our personal data?


The DTP (Data Transfer Project) is an initiative launched by the giants of the Internet, Google, Facebook, Twitter, and Microsoft, which aims to streamline the exchange of data between users and service providers, and between the latter directly by standardising information somewhat, or more exactly by formatting it. The general idea is to impose a kind of “standard” in the export or import of an individual user’s data. At the moment, we have the impression that it is the Apps that are constantly asking us for access to our data, to facilitate or enrich their operation. Facebook or Twitter and also all the APIs that connect to them wish to access our photos, our language preferences, our location, our stock of cultural information, our contacts, etc. Obviously, we feel we are being watched, and we try to limit these unilateral exchanges. But the situation has changed with the arrival of the GDPR in Europe and certainly with the explosion of the volumes of data passing between the various suppliers. Standardisation was essential.


DTP: a two-way exchange

Going well beyond this, the DTP offers two-way exchanges. Just like on LinkedIn, we can retrieve all the information stored on our account, we can do it via Facebook or Google, or even at Microsoft. Our photos, our emails, our “friends” will become pieces of information that we can download and save wherever we want. This project seeks to establish a genuine guarantee of access to our personal information at any time and regardless of the service provider. Naturally, this is something that should please us all. Recovering all our published photos, texts published on a blog, or our favourite and playlists, is a way of not forgetting anything in our past. Withdrawing everything will also be an option open to everyone.


A white paper, published this summer, specified what the basic principles of this project are and what impact they will have on data security. Here is a brief summary.


Developing a data standard:

all data is transformed into a single format (by data type) so that all providers have access to the same information. This results in centralised access to a highly secure data platform. In the same way, we recover our data in a single unique format that is therefore usable on all kinds of web services, without having to draw from one or the other and without compatibility concerns.


Providing “adapters” to “connect” providers:

importing or exporting data will be done via strong user authentication in both directions. This will optimise the tracking of access to personal data.


Source diagram: DTP White Paper


Managing authorised tasks:

this involves linking operators with each other and with the data by listing all possible actions and related access procedures. Again, establishing a standard for data use and unifying protocols should be a guarantee for the user. Transparency in this area is essential. Is what exactly is being done with our data a major issue at the moment?

The project (DTP) has not yet been deployed, but work is progressing rapidly. In terms of security, it can be compared to the contribution of the blockchain, in the sense that a transparent sharing of responsibilities between data providers or importers will ultimately strengthen the overall security of the system. As the flaws of a single actor (such as the problems recently encountered by Facebook) become everyone’s business upstream, we can imagine that they will eventually be eliminated.

Would sharing the Data be the best way to make it more reliable and secure?


To read aslo:Why is it so hard to recruit cybersecurity experts?