Trusted Data Sharing requires an end-to-end solution, managing permissions, GDPR consent, managing data as it flows through the enterprise. Those are not part of the data space functionality, but still necessary for building an end to end trusted system.
We need to create a section on where the boundary between the data space functionality and the rest of the participants data systems is.
E.g. Once a data contract gets executed and data assets are transferred usage policies need to be persisted with the data as it is being managed in the enterprise data warehouse or other systems.
E.g. GDPR consent or the handling of PII data needs to be managed in the participants data management system before data is being offered to be shared in a data space. Once it is being shared appropriate policies of the contract need to indicate the need for continued GDPR consent management and PII data handling in the target system. However, the proper handling of PII data is NOT a functionality of the data space, rather of the enterprise data management systems of the individual participant.
We need to introduce a chapter in the rulebook that describes where this boundary lies and provides examples of data management that happens outside of the data space context, but is required for successful and trusted data sharing.
ssteinbuss
commented
4 months ago
Trusted Data Sharing requires an end-to-end solution, managing permissions, GDPR consent, managing data as it flows through the enterprise. Those are not part of the data space functionality, but still necessary for building an end to end trusted system.
We need to create a section on where the boundary between the data space functionality and the rest of the participants data systems is.
E.g. Once a data contract gets executed and data assets are transferred usage policies need to be persisted with the data as it is being managed in the enterprise data warehouse or other systems. E.g. GDPR consent or the handling of PII data needs to be managed in the participants data management system before data is being offered to be shared in a data space. Once it is being shared appropriate policies of the contract need to indicate the need for continued GDPR consent management and PII data handling in the target system. However, the proper handling of PII data is NOT a functionality of the data space, rather of the enterprise data management systems of the individual participant.
We need to introduce a chapter in the rulebook that describes where this boundary lies and provides examples of data management that happens outside of the data space context, but is required for successful and trusted data sharing.