Wiki

Wiki

5.2 Consent-Driven Exchange

How does consent trigger the flow? This flow is triggered by the individual granting consent via their PDI [6.3]. It requires a valid Contract [4.0]. The PDC [2.1] performs additional Control Plane [5.1] verifications on the consent validity before accessing personal data.

In a Consent-Driven Exchange, the data flow is activated when the data owner grants their consent through the Personal Data Intermediary (PDI) [6.3]. This consent represents the event that triggers the exchange and facilitates access to the personal data inside the data space, guaranteeing that control over the data always remains in the hands of the owner. These flow execution is framed in the Data Exchange model defined by the PTX Protocol.

Once consent is granted by the PDC [2.1], it incorporates this authorization into the Control Plane [5.1] and performs the additional verifications before enabling any access to personal data. These verifications include verifying that consent is active, it hasn’t been revoked and is consistent with the contract and the associated usage policies. Within this process, the PDC uses the connector’s identity and user management mechanisms to ensure the correct linkage between user consent and the participant’s internal systems. (see: https://github.com/Prometheus-X-association/dataspace-connector/blob/main/docs/USER_MANAGEMENT.md).

Only when all the Control Plane validations have been successfully completed, the PDC authorizes the access to personal data and enables its transfer through the Data Plane that executes the flow according to the technical mechanisms defined by the PTX Protocol, without introducing new authorization decisions. The complete interactions between contract, consent, PDI and the connector, as well as the sequence that leads to the data flow activation, is illustrated here:

Consent-Driven Data Exchange (Source Prometheus-X)
Consent-Driven Data Exchange (Source Prometheus-X)

References