'What about privacy and security' is a question that comes up regularly when discussing Data Portability. I'd like to address some of the reasons why Data Portability is actually good for privacy. More safe than today.
Data Portability is not about putting more personal data in the cloud. We're dealing with data that's already out there. The goal is to provide the ability to give access to your data to applications you trust.
Using proper protocols and formats to move the data such as oAuth and OpenID is safer than allowing sites to scrape your mail account by giving it your username and password. They are safer because you are not giving your username and password away and because the access is scoped. Scoped access mean that you can grant specific and precise access to only the data you want to share with the requesting application (e.g. just your address book) as apposed to giving them complete access to your entire gmail account (address book, email, account history, google searches etc).
Federated Karma - Market Forces made Explicit
It may be possible to build a distributed trust or Karma system that sites and services can expose on Authorization Screens so that users can make informed decisions before trusting an application.
Users could rate services and the ratings would be normalized and made available via trusted Karma aggregation services.
This would provide an explicit meta layer of market sentiment at the point of permitting a data portability transaction.
This solution is far better than the Facebook Protection Fee solution.
Privacy is the wrong word
The real issue should not be labeled Privacy. Privacy is an idea but it's not actionable. It can not be converted into 'functionality'. We should be discussing 'access controls', 'portable permission metadata' and 'universal privacy models'. These ideas combined allow us to define and implement privacy preferences in concrete terms.
Privacy advocates can never and should never come to peace with it, but it's clear that traditional ideas of privacy are changing.
Remember that It was once thought unconscionable to share you photos, daily activities, location, relationship status and other personal information for the world to see. Now it's standard practice for young people around the world.
What taboos of personal privacy will fade next? It's quite possible the question asked by future generations of Internet users will ask not why their data is available for everyone to see, but rather why it isn't.
"I think therefore I am".
Maybe now it's
"I tweet therefore I am".