International-Data-Spaces-Association / IDSA-Rulebook

The working repository of the IDSA Rulebook Working Group
Creative Commons Attribution 4.0 International
15 stars 3 forks source link

Section on "what is not part of the data space" - e.g. Enterprise Data Management #58

Closed PeterKoen-MSFT closed 2 months ago

PeterKoen-MSFT commented 7 months ago

Trusted Data Sharing requires an end-to-end solution, managing permissions, GDPR consent, managing data as it flows through the enterprise. Those are not part of the data space functionality, but still necessary for building an end to end trusted system.

We need to create a section on where the boundary between the data space functionality and the rest of the participants data systems is.

E.g. Once a data contract gets executed and data assets are transferred usage policies need to be persisted with the data as it is being managed in the enterprise data warehouse or other systems. E.g. GDPR consent or the handling of PII data needs to be managed in the participants data management system before data is being offered to be shared in a data space. Once it is being shared appropriate policies of the contract need to indicate the need for continued GDPR consent management and PII data handling in the target system. However, the proper handling of PII data is NOT a functionality of the data space, rather of the enterprise data management systems of the individual participant.

We need to introduce a chapter in the rulebook that describes where this boundary lies and provides examples of data management that happens outside of the data space context, but is required for successful and trusted data sharing.

ssteinbuss commented 7 months ago

Should be merged with #57

PeterKoen-MSFT commented 2 months ago

will merge this/cover this topic in #57