International-Data-Spaces-Association / IDS-RAM_4_0

Focusing on the generalization of concepts, functionality, and overall processes involved in the creation of a secure 'network of trusted data' , the IDS-RAM resides at a higher abstraction level than common architecture models of concrete software solutions do. The document provides an overview and dedicated architecture specifications.
Creative Commons Attribution 4.0 International
48 stars 26 forks source link

Add legal perspective to IDS RAM #116

Closed mokamhuber closed 2 years ago

mokamhuber commented 2 years ago

I had an interesting talk with Sebastian Pretsch today concerning legal challenges in the IDS based on discussions in the Mobility Data Space. In particular, we were discussing the legal framework for the data exchange and which parties have an official contract with each other based on IDS interactions. The people from MDS would like to see data exchange based on a legal contract between data owner and data user (even if the actual operation of connectors is done by a provider of "connector-as-a-service"). However, the fact that interaction follows the pattern "data owner <-> data provider (connector operated by SaaS provider) <-> data consumer (connector operated by SaaS provider) <-> data user" might also signify that interactions are represented in 3 different contracts between the interacting parties. We were surprised to see that this legal discussion or perspective is currently completely missing in the RAM. Is it possible to add a chapter on this (e.g. based on the work of the task force legal framework)?

mokamhuber commented 2 years ago

Hi everyone, we discussed this in the IDSA TSC today. I'll try to briefly summarize: In general, the legal perspective was purposefully left out of the RAM. It will be covered in the Rule Book, but currently discussions on the legal framework are still ongoing. The plan is to support and build on the work done in the sitra rulebook: https://www.sitra.fi/en/publications/rulebook-for-a-fair-data-economy/#download-the-rulebook to not reinvent the wheal or have parallel discussions solely within the IDS. Legal topics are currently discussed in the task force legal framework which closely collaborates with the new WG Rule Book.

Concerning the question of contracts between data owner and data user, I refer you to general discussions on providing identities to those roles such as: #21 and #24

SebastianOpriel commented 2 years ago

Hi @mohuber, my 2 cents in the role of an Connector-as-a-Service provider: even if the actual operation of connectors is done by a provider of "connector-as-a-service" This case occurs more often than we think. If we have a contract with a partner, we might also use an email provider to fulfill the contract. I have never seen before, that a customer has had to sign a contract with such an email provider. But fore sure: In last instance, usage of an SaaS provider might need an Agreement for Commissioned Data Processing (Auftragsdatenverarbeitungsvertrag) from the service's customer.

mokamhuber commented 2 years ago

HI @SebastianOpriel thanks for your thoughts on this. I think, the legal differentiation here is whether the connector-as-a-service provider is only utilized as an intermediary for fulfilling a contract that already exists between data owner and data user, or whether a legal contract is entered by a successful usage contract negotiation in the IDS. I think, the Mobility Data Space would like to use the second of those approaches.

ssteinbuss commented 2 years ago

I would propose to close this issue with #152 the IDSA Rulebook covers legal aspects and contracts beyond the technical aspects. We should reopen this issue in the context of the WG Rulebook.