With a combination of open source software and low code development, organizations can be freed from vendor lock-in and maintain full control over their data.
With the low code revolution now well underway, business leaders are starting to consider its impact on regulatory compliance, privacy, and security. However, vendor lock-in and a general lack of control over where their data resides remain key concerns, especially given that most low code development platforms (LCDPs) are either partially or fully closed source.
Addressing these challenges is a top priority as organizations store ever-greater quantities of sensitive data in the cloud in increasingly disparate environments. That’s why there must be a standardized and universal way for organizations to locate, access, and control their data, without being beholden to their technology vendors.
On the other hand, low code presents the promise of reduced costs and faster development cycles. At the same time, in a closed source environment, the vendor has the final say in how your data is stored, accessed, and transmitted, making it impossible to achieve true digital sovereignty.
This conundrum is exactly what makes low code development a natural fit for the open-source model. Organizations can enjoy the benefits of low code while preserving digital sovereignty and, in doing so, maintain complete control over its availability and the application of universal privacy, security, and compliance policies.
What is data portability?
Data portability refers to the ability to move data between different applications and computing environments. In the context of cloud computing, data portability means having the freedom to migrate data between cloud service providers and different architectures, including private, public, and hybrid clouds. However, true data portability is also extensible to on-premises and collocated data centers and other environments.
While there are no globally recognized standards defining data portability, it is defined on local levels by legislation like Europe’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA). For example, Article 20 of the GDPR applies the right of portability to any data that can be used to identify an individual. Personally identifiable information (PII) includes, but isn’t limited to, names and addresses, social security numbers, email addresses, and passport numbers. Some types of data are only considered PII when it’s combined with other data. For example, birthdates are only considered PII when combined with other personal data, such as names and email addresses.
Why is data portability important?
In promoting interoperability, data portability is a fundamental feature of digital sovereignty. It has become all the more important in the face of evolving regulatory demands. For example, GDPR grants individuals the right to access and receive a copy of their personal data by sending a subject access request (SAR). In most cases, businesses are obliged to respond to an SAR within one month. The CCPA, which is modelled on GDPR, sets forth similar requirements.
Naturally, complying with SARs is much more complicated if the data you have on the subject is spread across multiple formats and environments. When data is stored in siloes or ‘walled gardens’ that are incompatible with one another and subject to vendor lock-in, complying with SARs can get very costly and time-consuming. However, by achieving full data portability, you can connect all your data sources to a single, centrally managed dashboard that allows you to comply with SARs in a fraction of the time.
GDPR specifically states that individuals should be able to receive their data in a structured and commonly used format, regardless of where it is collected. This can be more complicated than it sounds, since the data in question may be collected by many disparate sources, such as web browsers, IoT devices, wearable devices, GPS data, and countless more. Another important feature of GDPR is the right individuals have, with a few exceptions, to request that their data be deleted. Once again, data portability is vital for making that possible, since you need visibility into the data to ensure its complete erasure.
A common example of data portability in action is the way it has been widely adopted by social media platforms in response to GDPR and CCPA. Platforms including Facebook and Twitter now allow users to download a zip file containing all their data in order to comply with SARs. Facebook, for example, is typically able to comply with an SAR in just ten minutes.
Meeting the demands of regulatory compliance isn’t the only advantage of achieving full data portability. In addition to protecting privacy, it also helps organizations create a more accurate picture of their customers so they can design their services around their unique preferences. While this might sound like the exact opposite of digital privacy, it’s important to remember that the goal of legislation like GDPR isn’t to stamp out personalized marketing and service delivery, but to give individuals more control over how their data is used and for what. In other words, it’s about adding a layer of trust and transparency to the relationships that consumers have with businesses. When you have permission to use an individual’s data in such cases, data portability ultimately ensures that organizations can fully benefit from that permission.
Of course, data portability can and should be applied to any kind of data, not only that which is subject to regulatory compliance. This is why organizations are focusing on using data virtualization and federation to get more out of their data. With a consolidated environment, business leaders can enjoy a simplified view of their data and create useful analytics hubs to drive informed, real-time decision-making.
How can open-source software help?
Digital sovereignty is easily the greatest strength of the open source software licensing model.
Using an API-centric platform and being able to modify and adapt the source code itself, end users are free to add any data source and manage them consistently, even if they are spread across multiple environments. In the case of LCDPs, this gives organizations the freedom to build their entire software stacks on top of a privacy-first, secure-by-design architecture over which they have complete control and ownership. In a closed source LCDP, by contrast, end users can only do what the vendor allows them to do. When that happens, you can end up with a single point of failure in terms of availability, privacy, and security.
Openness is a cornerstone of LCDPs like Corteza. To achieve complete digital sovereignty and data portability, every level of the software stack should be open and extensible, allowing end users to seamlessly integrate any data source and facilitate its conversion into a unified and readily accessible format. By adopting open data standards, end users can access data when and where they need it, thus enhancing efficiency and simplifying compliance.
Data owners and data protection officers should be able to access data from a single access point anywhere in their software environments. This capability should ideally be extended to public websites as well, such as those powered by popular content management systems like WordPress and Drupal. The plug-and-play approach helps maintain continuous discoverability and control of private data held in the public domain.
Using a common and open-source data format to store and transfer data makes portability far simpler and quicker. Interoperable data formats include JSON for Linking Data (JSON-LD), CSV, and XML. With an open source LCDP, you can pull data from any source and connect it to a single, unified format for immediate access and complete interoperability. If the platform doesn’t natively support a given source format, the fact that it is open source means you’re free to create the required interoperability layer.
Ultimately, data portability introduces a level of operational simplicity at a time when computing architectures are becoming more disparate and organizations are generating more and more data. It’s also redefining the relationships between businesses and consumers by putting trust and transparency at the center of the stage. Open-source software is the key to making that happen, while low code development makes it much easier to achieve those goals at the scale and speed organizations need today.
Planet Crust is the driving force behind Corteza, a 100% open-source low-code development platform that gives you complete control over your data. Get started today for free to see how it works.