In the context of the conference “Dati e Potere” (Data and Power) organized by Open Data Sicilia, a civic initiative that aims to raise awareness and disseminate the culture of open government and open data practices, Vincenzo Savarino of Engineering Ingegneria Informatica S.p.A, partner of ACROSS project, has put in evidence how key aspects like user centricity, transparency, consent management and interoperability are important to complement the GDPR compliancy aspects of personal data management.
In the scenario of data sharing and related governance we have generally a consumer party and a provider party exchanging data according to an agreement (for example a contract). This agreement authorizes provider party to data provision to consumer party and authorizes the latter to process that data. Also, this agreement can refer to a Data Usage Policy describing processing restriction obligations and duties. In the case that the data spectrum includes personal data, the scenario is more complex, we have not only data provider and consumer, but also the data subject, and usage rules are user centric and consent based, so they can vary dynamically according to the privacy preferences modification performed by the data subject.
Therefore, the presence of personal data suggests following a user-centric approach of data sharing, which also involves aspects of compliancy, from a legislative point of view, and other aspects about technological and semantic interoperability and the use of standards.
The European Data Strategy[1] are driving towards the introduction of data intermediaries as enablers of a trustworthy organization of data sharing. These enablers should be supported by technological tools and services for automated compliance in data processing and user-centered data protection and transparency. These enablers should extend existing solution in order to complement existing data spaces to support data sharing and sovereignty. In particular data intermediary has the goals to support the entire ecosystem of entities involved in data sharing, by including in particular the individual in the loop.
“User centricity”, “Compliancy” and “Interoperability” aspects are addressed by the Data Governance Layer of ACROSS by adopting and leveraging open source solution to support a user centric personal data management during the the provision of cross border user journey services.
[1] https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/european-data-strategy_en