Data sovereignty (data management)

For national data rights, see Data sovereignty.

Data sovereignty is the ability of a legal person or an organisation to control the conditions that data is shared under, and how that shared data is used, as if it were an economic asset.^[1][2] It can apply to both primary data and secondary data derived from data, or metadata.^[3] In order to use restricted data, data consumers must accept the conditions that it is provided under.^[4] In turn, the legal persons sharing data must trust other entities with it. Trust can be supported through the use of a suitable secure information system (such as a data space) which identifies, authenticates, and certifies users.^[5]

Law and regulation

The data sovereignty of individual legal persons can conflict with national data sovereignty.^[6] Currently, a natural person does not have a statutory right to exclusively control how their data is shared and used. However, they can make it part of a contract, and offer it as payment.^[7] The most common method for a legal person to impose its data sovereignty is through contract law.^[8] Such a contract includes the terms of use, access and control policies, commercial conditions and jurisdiction.^[3]

The European Commission's Data Governance Act seeks to increase trust in data sharing. It defines how one legal entity can access data belonging to another while respecting its data sovereignty.^[1][9] It aims to promote data sharing by allowing European citizens to choose to make their data available for the good of society.

Projects

Between December 2016 and 2019, the city of Barcelona, Spain, undertook a European Commission funded research project called Decentralised Citizens Owned Data Ecosystem (DECODE). This project applied data sovereignty principles to public procurement contracts and municipal internet of things sensors.^[10][11] Citizens operated noise and air quality sensors and were allowed to control what data they shared, for what purpose, and what data they kept private.^[12][13][14]

In 2019 the Gaia-X European data infrastructure project began. This project is developing solutions for the exchange of sovereign data, and working on a reference implementation.^[15][16] The Gaia-X architecture uses digital services that establish identity and trust based on European data protection legislation. Trusted data consumers in a certified data space can receive data, but only use it according to the agreed terms, and the data provider retains control of the data.^[17]

See also

• Data portability
• Digital commons (economics)
• Knowledge commons
• Self-sovereign identity

References

1. Farrell, E.; Minghini, M.; Kotsev, A.; Soler Garrido, J.; Tapsall, B.; Micheli, M.; Posada Sanchez, M.; Signorelli, S.; Tartaro, A.; Bernal Cereceda, J.; Vespe, M.; Di Leo, M.; Carballa Smichowski, B.; Smith, R.; Schade, S.; Pogorzelska, K.; Gabrielli, L.; De Marchi, D. (2023). European Data Spaces - Scientific Insights into Data Sharing and Utilisation at Scale (Report). Publications Office of the European Union. p. 25. doi:10.2760/301609. ISBN 9789268031667.
2. Mertens, C.; Alonso, J.; Lázaro, O.; Palansuriya, C.; Böge, G.; Nizamis, A.; Rousopoulou, V.; Ioannidis, D.; Tzovaras, D.; Touma, R.; Tarzán, M. (2022). "A Framework for Big Data Sovereignty: The European Industrial Data Space (EIDS)" (PDF). Data Spaces: Design, Deployment and Future Directions. Springer International Publishing. pp. 201–226. doi:10.1007/978-3-030-98636-0_10. ISBN 978-3-030-98635-3.
3. Dalmolen, S.; Bastiaansen, H.J.M.; Somers, E.J.J.; Djafari, S.; Kollenstart, M.; Punter, M. (2019). Maintaining control over sensitive data in the Physical Internet. 6th International Physical Internet Conference (IPIC). p. 4.
4. Pettenpohl, H.; Spiekermann, M.; Both, J.R. (2022). "International data spaces in a nutshell" (PDF). Designing Data Spaces. Springer: 30.
5. Bastiaansen, H.; Dalmolen, S.; Kollenstart, M.; van Engers, T.M. (2020). User-centric network-model for data control with interoperable legal data sharing artefacts (PDF). Pacific Asia Conference on Information Systems.
6. Hummel, P.; Braun, M.; Tretter, M.; Dabrock, P. (2021). "Data sovereignty: A review". Big Data & Society. 8 (1). doi:10.1177/2053951720982012. S2CID 234271644.
7. Geminn, C.L.; Johannes, P.C.; Müller, J.K.M.; Nebel, M. (2023). Data Governance in Germany–An Introduction (PDF) (Report). Kassel University Press. pp. 13–23.
8. Bader, S.R.; Maleshkova, M.; García-Castro, R.; Davies, J.; Antoniou, G.; Fortuna, C. (2020). "Towards Integrated Data Control for Digital Twins in Industry 4.0" (PDF). International Workshop on Semantic Digital Twins. RWTH Aachen University: 3.
9. Franke, J.; Gailhofer, P. (2021). "Data Governance and Regulation for Sustainable Smart Cities". Frontiers in Sustainable Cities. 3: 8. doi:10.3389/frsc.2021.763788.
10. Fischli, R. (2022). "Data-owning democracy: Citizen empowerment through data ownership". European Journal of Political Theory. 23 (2). Sage: 9–10. doi:10.1177/14748851221110316. S2CID 250938641.
11. Donovan Vincent (2 June 2019). "What Toronto can learn from Barcelona on data and smart city projects". Toronto Star. Retrieved 11 July 2023.
12. Thomas Graham (18 May 2018). "Barcelona is leading the fightback against smart city surveillance". Wired. Retrieved 11 July 2023.
13. Francesca Bria (5 April 2018). "Our data is valuable. Here's how we can take that value back". The Guardian. Retrieved 11 July 2023.
14. Monge, F.; Barns, S.; Kattel, R.; Bria, F. (2022). A new data deal: the case of Barcelona (PDF) (Report). University College London. ISSN 2635-0122.
15. Richard Speed (23 September 2021). "Eclipse Data Connector arrives for GAIA-X, Europe's plan to protect its cloud data from foreign tech firms". The Register. Retrieved 11 July 2023.
16. Firdausy, D.R.; Silva, P.D.A.; Van Sinderen, M.; Iacob, M.E. (2022). "Towards a Reference Enterprise Architecture to enforce Digital Sovereignty in International Data Spaces" (PDF). 2022 IEEE 24th Conference on Business Informatics (CBI). Vol. 1. IEEE. pp. 117–125. doi:10.1109/CBI54897.2022.00020. ISBN 978-1-6654-6016-3. S2CID 253556464.
17. Seidel, A.; Wenzel, K.; Hänel, A.; Teicher, U.; Weiß, A.; Schäfer, U.; Ihlenfeldt, S.; Eisenmann, H.; Ernst, H. (2023). "Towards a seamless data cycle for space components: considerations from the growing European future digital ecosystem Gaia-X". CEAS Space Journal. 16 (3). Springer: 351–365. Bibcode:2024CEAS...16..351S. doi:10.1007/s12567-023-00500-4. S2CID 258751486.