In today's data-driven world, the exchange of personal data is becoming increasingly prevalent. As technology advances, new standards emerge, regulatory landscapes develop, and businesses increasingly rely on personal data for their operations and offerings, it is vital to ensure that individual rights and privacy are adequately safeguarded while people, communities, and societies at large reap the existing and potential value created by personal data use. Our primary purpose is to define the existing mechanisms through which International Data Spaces (IDS) handle situations involving personal data on the one hand, and to envision how they should evolve to be more human-centric: serving people as consumers, citizens, employees, service users, patients, learners, and so on.
It is imperative to empower individuals and communities not only to control and understand their personal data but also to derive personal and collective benefits from them. This manifesto, deeply inspired by the MyData Declaration, serves to align the objectives of the Personal Data and IDS Sub Working Group, in advocating for human-centric and empowering data-sharing environments, as well as promoting data sovereignty of people over their data.
We envision a digital society that fosters a level playing field, ensuring equal access to the value derived from data. In this society, individuals are at the forefront, fully aware of their positions regarding direct and indirect data resulting from their (digital) interactions. They are empowered to act autonomously, having sovereignty over their personal information. This understanding encompasses the implications and potential benefits of data sharing, enabling active participation in the advantages procured from personal data.
Our mission is to explore and understand the intersection between the IDS standard and the realm of personal data sharing. We aim to enhance the IDS's user-centric approach, identifying and addressing gaps to improve its effectiveness and inclusivity regarding personal data.
We are dedicated to deepening our understanding of how IDS integrates personal data considerations and proposing practical solutions to overcome these challenges. Ensuring interoperability is crucial in applying technologies like MyData-aligned solutions, IDS, and Solid from a personal data perspective.
Lastly, we seek to understand and promote the role of personal data intermediaries within IDS, placing individuals at the center of the data-sharing process, making it efficient, empowering, and inclusive for all.
Deep Understanding: Delve into the IDS standard's existing mechanisms for handling of personal data, identifying gaps and proposing solutions for seamless integration.
Human-Centric Autonomy: Advocate for and implement practices where individuals have control, transparency, understanding, and the ability to derive benefits from their personal data within the IDS ecosystem.
Collaborative Exploration: Work collaboratively to explore the intersection of IDS standards and personal data, proposing inclusive and practical solutions to identified challenges.
Individuals should have actionable rights over their personal data within an IDS-compliant ecosystem, with easy-to-use tools and services that allow for control, understanding, and benefit-sharing. Promote transparency, informed consent, and easy access to personal data rights.
Beyond data security, individuals should be empowered to utilize data held about them for various purposes, including making their lives easier, self-improvement, decision-making, and data sharing under their terms within the IDS framework.
Advocate for open ecosystems where data flows freely, decided by individuals, promoting balance, fairness, and competition in the digital economy. Ensure interoperability within the IDS by applying technologies like MyData, IDS, Solid from a personal data perspective, allowing for secure and efficient data sharing and utilization.
Organizations, particularly those acting as data controllers under the GDPR, bear significant and primary responsibility for the personal data they handle. They must:
- Have a legal ground to disclose personal data.
- Consider anonymizing data where appropriate to protect individuals’ privacy.
- To take care that the data subjects rights can be enforced.
- To provide the appropriate technical and organisational means/mechanisms to guarantee GDPR compliance, user privacy and personal data governance.
In addition to these responsibilities, organizations should commit to transparency and accountability in their data practices. This commitment involves providing clear and understandable privacy terms and policies, thereby allowing individuals to have control and sovereignty over the use of their data. Through these practices, organizations not only comply with legal standards but also build trust with individuals whose data they handle.