Building a Personal Data Sharing Infrastructure

The personal data sharing technical infrastructure we are building within aNewGovernance is supported and governed by the cross-sectoral personal data space we advise for. The infrastructure is still to invent but we propose the following blocks bellow:

1. Digital services connectors

Digital services that want to participate in the personal data sharing ecosystem must provide API connectors and authentication federation means for data transfer, and propose a seamless user experience. Following the aNG separation of powers principle (SPP), digital services hold and use transferred data but cannot manage permissions, as this task is reserved for Operators representing individuals’ control over personal data circulation (block 2.). SPP brings trust and flexibility in the ecosystem and materializes the transition from a platform-centric ecosystem, where services define data sharing rules, to a human-centric ecosystem where users are in control. API connectors must follow an open and shared data transfer framework (block 3.c.). The user experience must follow a standard permission design (block 4.a.) and data must be shared following standard data models (block 4.b./4.c.).

2. Operators (or tools) for individuals

Operators represent individuals for data transfer and connect digital services together. Following the aNewGovernance separation of powers principle (SPP) Operators cannot hold and use transferred data as their role is to register permissions on a distributed permission registry (the Human Permission Layer or HPL described in block 3.). Operators must follow standard design and data models for permission (block 4.a.). Operators must comply to rules described in the Trust framework (5.). Operators can be private companies with a dedicated business model, they should be interoperable and substitutable, thus constituting a competitive market, without lock-in. Subsequently, permissions stored on the HPL by one operator have to be accessible from all other operators on demand of the user. Operators must propose to the end user a permission dashboard allowing access of all given permissions for data transfer in a unique place which gives easier control of its data for the user.

In 2020 aNG worked with MyData to expore the existing operators on the market in the paper: Understanding the MyData Operators. Some of these operators already recieved the MyData Operators certification.

3. Open and common components for the ecosystem

Digital services and Operators rely on open components produced and managed in coordination with all stakeholders of the ecosystem. The components are the following: 

a. The Human Permission Layer (or HPL) is a registry of all individuals’ permissions for data transfer that is distributed among all stakeholders and governed by the personal data space governance body (aNG). At first, this is materialized by interoperable operators that apply the SPP and are governed by aNG. The operators share a permission management protocol.

b. The legal open framework is a contract framework for personal data sharing allowing services to define liabilities and conditions for data transfer, thus protecting themselves in the ecosystem. At the ecosystem level, the legal framework provided by the IHAN Rulebook is of inspiration. The legal open framework relies on specific jurisdictions or sectoral regulations, handles cross-jurisdictions and cross-sectoral cases. It is built upon a versioning system (similar to computer code) allowing each service of the ecosystem to create new contracts on the basis of existing ones, thus harmonizing the personal data space legal infrastructure and reducing costs. 

c. An open transfer framework is a set of rules allowing services and operators to propose standard, privacy proof and secure APIs, authentication and authorization means. Services can expose data they hold or access data held by other services through people’s permissions managed by the operators. It harmonizes the ecosystem and reduces costs for all stakeholders. 

d. A marketplace for personal data sharing allowing digital services to expose access to personal data they hold or discover personal data they could reuse. It defines how services can sell or buy access (not ownership nor property) to personal data. It implements transparency rules defined in the Trust Framework (block 5.) and specific jurisdictions or sectoral regulations. 

4. Sectoral and cross-sectoral standards

a. Permission standard gives Operators design rules for asking permissions to end-users and defines a unique  permission data model and permission protocol. The uniqueness of these standards allows users to be presented permissions always in the same manner for better understanding and allows Operators to be interoperable and substitutable. (probable standard: Kantara Consent Receipt standard).

b. The person description data model is an ontology that gives services a unique way to define a person in all sectors allowing sectoral as well as cross-sectoral interoperability. Requiring all services to apply the same data model is preferable for interoperability but not always possible, so open conversion mechanism have to be proposed within the open transfer framework (block 3.c.). (probable standard: semantic web standard)

c. Non personal data models are ontologies that give services a unique way to define all non personal objects (goods, services, offers, drugs, skills, etc.) in a unique way. Requiring all services to apply the same data models is preferable for interoperability but not always possible, so open conversion mechanism have to be proposed within the open transfer framework (block 3.c.). Non personal data models are defined at a sectoral level through
sectoral data spaces.

5. Trust framework

a. The trust guidelines give services and Operators a set of transparency and behavior rules to follow in order to be a part of the ecosystem.

b. Services, operators and finalities registries allow all stakeholders to identify themselves in the ecosystem and describe use cases finalities for better transparency and auditability.

c. The certification label is a referential allowing third party organizations to certificate and audit Operators in order to allow them to be a part of the ecosystem.

d. The rating system allows third party organizations to rate services based on their compliance to regulations guidelines rules. Coupled with an automated reputation rating mechanism it gives Operators the opportunity to display ratings to end users, thus bringing more trust in the ecosystem.