Transparency and self-determination in data handling
The exchange of data between business partners and their processing have increased tremendously over the last few years. In digital value creation, companies repeatedly face the challenge of how to protect their sensitive and business-critical data. Additional requirements such as data protection apply, specified for example by lawmakers. Data sovereignty is essential for trusted digital value creation in compliance with the rules. Comprehensive data sovereignty requires methods and technologies to ensure transparency and informational self-determination in data handling. This essentially encompasses the formalization of usage restrictions (policies) to describe the conditions and requirements for data handling, their organizational and technical enforcement (usage control), and the traceability of data usage (provenance tracking). Usage control extends the classic access control mechanisms and thereby constitutes a paradigm shift in data handling.
The usage control technology is already implemented in the Base Connector and Trusted Connector, and can be used directly. Usage control can be easily integrated by other connectors. The self-descriptions of connectors (including metadata, usage restrictions) are automatically indexed by the broker. A policy editor (Policy Administration Point, PAP) can be used to specify the usage restrictions. Usage restrictions are created based on ODRL (Open Digital Rights Language), and are understood by any usage control technology.
Aside from the technologies to enforce usage restrictions, there are technologies for the traceability of data usage (provenance tracking). They enable the monitoring and transparent representation of data usage.