Manifesto for International Data Spaces
Edit

Role models

Roles in this Rulebook describe functions, and no status. The model definition of roles should provide clarity about tasks and capabilities and support the understanding of architectures and interfaces. Roles may not always exist in their pure form - mixed forms are often experienced by participants in data spaces - and new or more specific roles will emerge over time. In this section we define the most important and common roles without claiming to be exhaustive. In practice, it has proven useful to first implement the essential roles that are necessary for the data space to function. Three roles should be established first: provider, consumer, and intermediary services.

Data consumer (essential)

The term data user means a natural or legal person who has lawful access to certain personal or non-personal data and has the right, including under Regulation (EU) 2016/679 in the case of personal data, to use that data for commercial or non-commercial purposes.

Data provider (essential)

The term data holder means a legal person, including public sector bodies and international organizations, or a natural person who is not a data subject with respect to the specific data in question, who has the right to grant access to or to share certain personal data or non-personal data in accordance with applicable Union or national law.

Service Provider (intermediary, operator, value-adding services)

In a data space multiple service providers can offer optional capabilities to enable data sharing and data transactions. Some services may be considered as essential, depending on the data space governance framework. Those may be services required to operate a data space, to intermediate in data transactions, or support the value creation process in a data space. Fundamentally, all such service providers are considered to be a participant in a data space and therefore bound to the agreed policies and rules of a given data space.

Operators provide essential services to a data space like Trust Services. Such services are typically mandated by the Data Space Governance Authority and are agreed as service providers for a given data space. Nevertheless, the agreement on such operators may be derived from a certain regualation, that needs to be implemented by a data space governance scheme.

Intermediary service aims to establish commercial relationships for data sharing between a number of data holders and data users. This is done through technical, legal, and other means; it includes to exercise the rights of data subjects in relation to personal data; it excludes at least the following:

  • services that obtain data from data holders and aggregate, enrich, or transform the data to add value and then license it to data users, without establishing a commercial relationship between data holders and data users

  • services that focus on the mediation of copyright-protected content

  • services exclusively used by one data holder to enable the use of the data held by that data holder, or used by multiple legal people in a closed group, including supplier or customer relationships or contracted collaborations, in particular those who want to ensure the functionalities of objects and devices connected to the IoT (Internet of Things)

  • data sharing services offered by public sector bodies that do not establish commercial relationships.

Such intermediaries may be regulated by local governments like the DGA in the European Union. A detailed analysis can be found in the paper Reflections on the DGA and Data Intermediaries.

Value-added service providers act as a participant in the data space and do therefore stick to the agreements in a data space. Such services aim to enable the value-creation process with a broad set of basic or advanced data processing services. Such optional functionalities are described in the functional requirements section and in the DSSC Blueprint Version 1.

Additional Roles in a Data Space

The DSSC Blueprint Version 1.0 provides a sophisticated anaylsis of additional roles in data spaces, which are not subject of the IDSA Rulebook. Further information on such roles are available in the DSSC glossary. Those roles are grouped into the key analysis areas of the DSSC Blueprint, legal, organizational, business, and technical.

Roles from legal defintions

Such roles originate from regulations, like GDPR or DGA:

  • Data Rights Holders are natural or legal persons, holding rights on the data.

  • Data Recipients are legal or natural persons that act as data consumers and data users.

  • Data Users are natural or legal persons, which use the data under the given policies and regulations.

  • Data Subjects are defined in GDPR.

  • Data Intermediation services or Data Intermediaries are subject of the Data Governance Act. (see Reflections on the DGA and Data Intermediaries)

Core Roles

  • Data Transaction participant, the term Data Transaction needs further clarification to be integrated in the IDSA Rulebook.

  • Data Space Governance Authority is described in detail in the remainder of the IDSA Rulebook.

  • Data Rights Holder and their intermediaries are not covered in the IDSA Rulebook.

  • Data Provider are covered in the IDSA Rulebook above.

  • Data Recipient are covered as Data Consumers in the IDSA Rulebook above.

  • Data Space Participant are described in the IDSA Rulebook.

Services & service provider roles

  • Data space enabling Service, see section above.

  • Data space intermediary, see section above.

  • Connection-providing Intermediary is not described in the IDSA Rulebook.

  • Personal data Intermediary are not described in the IDSA Rulebook.

  • Clearing house service providers are described in the IDS RAM and subject of the obverservability capability in the functional requirements section of the IDSA Rulebook.

  • Marketplace and other value creation services are covered in the IDSA Rulebook above and in the optional capabilites section of the functional requirements.

Last updated