Sharing and exchanging data with others offers organisations huge opportunities in terms of establishing new business models and developing new growth potentials. At the same time, sharing and exchanging data with others can be a risky endeavour, as data can be misused. Therefore, what is needed is to create trust between data providers and data users. In International Data Spaces (IDS), trust is established by certifying both the organisations seeking admission to a data space and the technical components developed and used to operate data spaces.
The handshake is one of the oldest forms of expressing one’s sincerity and goodwill to another person when closing a deal, while at the same time expecting that same mindset from that person in turn. What is hoped to reap from this ritual, is mutual trust. Even today, contractual agreements are often sealed with a handshake between the contractual parties. In virtual data ecosystems, however, there is no such thing as a handshake or looking deeply into each other’s eyes before closing a deal with another party. So how can mutual trust be established then?
In a data-sharing scenario, the data owner or provider wants to retain data sovereignty, which means always staying in control of how the data made available is used by the other party. For data sovereignty to be guaranteed, it is necessary that any data made available is used in accordance with unambiguously defined rules. Sharing and exchanging data has to be a deliberate decision on both sides, which presupposes transparent information. Only if both parties can be sure they stick to the same rules, they are willing to collaborate.
Certification is a transparent process
IDS Certification defines and ensures a standardised level of security with regard to technical and organisational aspects. The result is a transparent process creating mutual trust between collaborating parties: knowing the data user is a certified party, the data provider can be sure their data will be used in line with the data usage policy specified; knowing the data provider is a certified party, the data user can be sure they get access to the data agreed upon under the conditions specified. Certification thereby grants admission to the data space, which facilitates secure and trustworthy data sharing and exchange settings beneficial to all parties involved.
Data sovereignty through federated design
From a technical perspective, the data space connects all certified endpoints (i.e. IDS Connectors) for potentially exchanging data among each other. In IDS, data always remains within the information systems of the data provider, which means that no data needs to be transferred to the data space for being exchanged. This is a major element for guaranteeing data sovereignty to each data provider.
IDS certification targets two levels: The Operational Environment Certificate is granted to IDS-compliant organisations seeking access to a data space, while the Core Component Certificate is granted to technical components deployed and used in data spaces. Basic certification can be requested simply by filling in a checklist made available on IDSA’s website.
About the author
Sonia Jimenez is Senior Consultant Programme Management at the International Data Spaces Association (IDSA). As a non-profit organisation, IDSA was founded jointly by business, politics, and research with the aim of establishing both the development and the use of a reference architecture for secure data spaces and sovereign data sharing on a European and international level. The IDSA is supported by over 130 members from a wide range of companies, organisations, and research institutes in 21 countries, who together shape the future of data ecosystems.
This article was originally published by the International Data Spaces Association. Access the original here.