How is sovereignty maintained? Focus is on GDPR-compliant personal data sharing. This is achieved via the Personal Data Intermediary (PDI) [6.3], which acts as the individual’s “Dataspace Identity” and allows individuals to control their data. The PDC [2.1] facilitates correlation between participant user data and the PDI identity.
DS4Skills is a human-centered data space, in which sovereignty remains on the individual’s side, ensuring that personal data exchange is GDPR-compliant. The user always retains control over its information. With this approach, human-centricity is not just an ethical principle, but also an operational property of the ecosystem: personal data can only be shared if the owner authorises it explicitly. Sovereignty’s protection is based on mechanisms that guarantee transparency, traceability and control, avoiding unauthorised use of data without the owner’s consent. To make it possible, the dataspace incorporates specific components that enable this control without neither centralising the power in one single actor nor forcing the user to manage multiple consents. If you want to know more, follow this link.
Sovereignty is materialised through the Personal Data Intermediary (PDI) [6.3], that acts as the “Individual’s Dataspace Identity”. The PDI allows the user to manage and exercise its control over its personal data, granting, revising and revoking consents in a clear and auditable manner. Instead of the personal data being only controlled by the dataspace providers or consumers, the PDI acts as a neutral intermediary that ensures that every personal data exchange complies with the decisions and conditions set by the data owner. In this manner, individual’s identity in the dataspace is not only a technical identifier but it is also a mechanism that allows the user to have visibility and control over who accesses their data, for what purpose and under which conditions.
Complementarily, the PDI [2.1] is the technical component that allows sovereignty to be applied in the data space operatively. The PDC allows the correlation between the user’s data and the identity managed by the PDI, so control decisions are translated into actual enforcement of data access and transfer rules. In practice, this means that the PDC guarantees that the personal data flows are only executed only when a valid contract and an operative agreement exist among parties, connecting the PDI decisions with the technical transactions of the space. Overall, the PDI and the PDC allow the user’s sovereignty to not to be just a concept, but also an applicable reality: personal data are uniquely shared when the individual authorises it and under the conditions it establishes, guaranteeing transparency, traceability and regulatory compliance in every exchange within the dataspace.