Legal and technical models for trustworthy data exchange

European Commission: Mapping the #landscape of #data #intermediaries The report provides a landscape analysis of key emerging types of data intermediaries. It reviews and syntheses current academic and policy literature, with the goal of identifying shared elements and definitions. An overall objective is to contribute to establishing a common vocabulary among EU policy makers, experts, and practitioners. Six types are presented in detail: personal information management systems (PIMS), data cooperatives, data trusts, data unions, data marketplaces, and data sharing pools. For each one, the report provides information about how it works, its main features, key examples, and business model considerations. The report is grounded in multiple perspectives from sociological, legal, and economic disciplines. The analysis is informed by the notion of inclusive data governance, contextualised in the recent EU Data Governance Act, and problematised according to the economic literature on business models. The findings highlight the fragmentation and heterogeneity of the field. Data intermediaries range from individualistic and business-oriented types to more collective and inclusive models that support greater engagement in data governance, while certain types do aim at facilitating economic transactions between data holders and users, others mainly seek to produce collective benefits or public value. In the conclusions, it derives a series of take-aways regarding main obstacles faced by data intermediaries and identifies lines of empirical work in this field. Link: https://lnkd.in/ehseki-g

Open Licensing and Data Trusts for Personal and Non-Personal Data: a Blueprint for Commons & Privacy - New article out in IIC - International Review of Intellectual Property and Competition Law ! ✨Our contribution, co-authored with Melanie Dulong de Rosnay, proposes a novel commons-based licensing model applicable to data of all kinds (including copyrightable, personal and technical data), to tackle emerging challenges like mixed datasets and AI. The model shall be combined with data trusts or CMOs, to improve effectiveness and enforcement. The licensing model includes modular clauses (e.g. restricted to authorised users or uses), allowing individuals to define their values while fostering the commons. 💡Methodologically, this reverses the current contractual logic: rather than platforms (licensees) imposing their Terms of Services (ToS) unilaterally to the users (licensors, being the copyright owner, or data subject), licensors would set their own terms for access and use of data, by selecting standard terms 🌟The goal: to move past the limits of today’s open licenses, rebalance power in the data economy, and build true data commons. This contribution is based on one of my previous articles published in the Swiss journal RSDA 2021 https://lnkd.in/eaRj2pEC 👉 Read the full article in Open Access here https://lnkd.in/eVjXZst4 Digital Law Center - University of Geneva Centre Internet et Société du CNRS Open Knowledge Foundation #OpenDataCommons #opendata #datacommons #dataeconomy #openlicensing #datatrusts #licensing

Cross-border personal data protection raises complex questions—around interoperability, regulatory assurance, sovereignty, and trade-offs in digital market access. Digital trade agreements are increasingly embedding provisions on data transfers, creating space for negotiated alignment. In parallel, voluntary frameworks—such as certification and enforcement cooperation models—are being explored to build trust without requiring legal harmonisation. As India prepares to operationalise the Digital Personal Data Protection Act (#DPDPA), 2023, trusted cross-border personal data flows are likely to come under sharper focus — for firms and regulators engaged in international digital trade. #DigitalTrade Following a multi-stakeholder technical workshop held in Delhi in Sept. 2024—jointly hosted by nasscom and Data Security Council of India, Ministry of Electronics and Information Technology and Ministry of External Affairs, India, —our new 𝐖𝐡𝐢𝐭𝐞 𝐏𝐚𝐩𝐞𝐫 "𝘛𝘰𝘸𝘢𝘳𝘥𝘴 𝘐𝘯𝘵𝘦𝘳𝘰𝘱𝘦𝘳𝘢𝘣𝘭𝘦 𝘛𝘳𝘶𝘴𝘵 𝘔𝘦𝘤𝘩𝘢𝘯𝘪𝘴𝘮𝘴 𝘧𝘰𝘳 𝘐𝘯𝘵𝘦𝘳𝘯𝘢𝘵𝘪𝘰𝘯𝘢𝘭 𝘗𝘦𝘳𝘴𝘰𝘯𝘢𝘭 𝘋𝘢𝘵𝘢 𝘗𝘳𝘰𝘤𝘦𝘴𝘴𝘪𝘯𝘨" offers an analysis of a certification and enforcement cooperation–led approach to enabling interoperability and trust —namely, the Global #CBPR, #PRP, and #CAPE frameworks. The paper is intended to help evaluate: – Whether #CAPE can serve as a practical tool for international cooperation between India’s Data Protection Board and foreign regulators. – If #PRP certification can benefit SME processors in India aiming to grow globally. – Whether #CBPR/#PRP certifications can reduce compliance friction for Indian IT-BPM and SaaS exporters. – If certification could help build trust around outward data flows for foreign MNEs operating in India. The paper presents an evidence-based analysis and questions that different stakeholders—Indian firms, foreign MNEs, regulators—may wish to consider. 📘 Link to blog: https://lnkd.in/gmpQwbWf #CrossBorderDataFlows #DataGovernance #PrivacyFrameworks #RegulatoryCooperation #Interoperability #DataProtection #DigitalEconomy #TechPolicy #SMEs #GlobalPrivacy

The Future of Data Partnerships: Why Proof-Based Collaboration is the Best Path Forward Robert Silver’s article underscores an undeniable truth: data partnerships are the future of connected media. As commerce, media, and CRM converge, second-party data is becoming an essential tool for enriching customer experiences. But as the industry moves away from third-party cookies and toward privacy-first strategies, we need to ask: How do we ensure that data partnerships remain trustworthy, compliant, and actually deliver value? At Precise.ai we believe the answer is proof-based collaboration—a model that shifts the focus from simple data sharing to secure, validated, and privacy-preserving activation. Beyond Data Sharing—Why Proof-Based Collaboration Wins: Traditional second-party data partnerships rely on direct data exchanges, which introduce risks: trust gaps, compliance concerns, and inefficiencies in how insights are leveraged. A proof-based approach solves these challenges by ensuring: ✅ Data Integrity Without Exposure – Instead of exchanging raw data, partners can validate insights securely using privacy-preserving AI and federated learning. This ensures brands work with real, high-fidelity insights without risking data leakage. ✅ Regulatory & Consumer Trust Compliance – The future of data collaboration isn’t just about access—it’s about controlled, transparent activation. Proof-based systems ensure zero-trust data handling, where brands can verify impact without overstepping privacy boundaries. ✅ Performance-Driven Partnerships – Rather than static data handoffs, continuous, real-time validation ensures that each partnership delivers measurable ROI—whether in audience enrichment, predictive modeling, or campaign performance. The Shift from Data Ownership to Data Utility: The real opportunity in second-party data isn’t who owns it, but how it’s used. A proof-based approach allows brands to activate insights dynamically, respecting both regulatory constraints and consumer trust. The days of open-ended data exchanges are over. The future is privacy-first, performance-driven, and built on proof. Let’s move beyond data partnerships. It’s time for proof-based collaboration. #DataPrivacy #AI #DataPartnerships #ConnectedMedia #ProofBasedCollaboration #PreciseAI https://lnkd.in/eAg6JPQx

Digital Trust Standards: An Overview Digital trust standards are crucial for ensuring secure and reliable online interactions. Here's a breakdown of some key organizations and their standards: 1. International Organization for Standardization (ISO) Focus: Develops and publishes International Standards across various industries. Key Standards: ISO 18013-5:2021: Standardizes aspects of Mobile Driver's Licenses (mDLs). ISO 18013-7:2024: Addresses online presentation of mDLs. ISO 23220 (Parts 3 & 4): Generalizes the mDL standard to other Mobile Documents (mDocs). 2. OpenID Foundation (OIDF) Focus: Develops standards for online identity and authentication. Key Standards: OpenID Connect: Enables interoperable authentication. OpenID4VCI: Supports the issuance of verifiable credentials. OpenID4VP: Allows verifiers to request and holders to present verifiable credentials. 3. Internet Engineering Task Force (IETF) Focus: Develops and promotes internet standards. Key Standards: JWE (JSON Web Encryption): Encrypts data. JWK (JSON Web Key): Represents cryptographic keys. JWS (JSON Web Signature): Digitally signs data. JWT (JSON Web Token): Represents claims securely between two parties. HTTP Signatures: Enables secure exchange of HTTP messages. OAuth 2.0: A protocol for authorization. 4. World Wide Web Consortium (W3C) Focus: Develops web standards, including those for accessibility, internationalization, privacy, and security. Key Standards: Digital Credentials API: Enables applications to request, access, and present digital credentials. Decentralized Identifiers (DIDs): Specifies the structure and usage of DIDs. Verifiable Credentials Data Model: Defines a standard format for verifiable credentials. JSON-LD: A method for encoding Linked Data using JSON. 5. Decentralized Identity Foundation (DIF) Focus: Develops foundational elements for an open and interoperable decentralized identity ecosystem. Key Standards: Presentation Exchange: Defines how verifiers request and verify verifiable presentations. DIDComm Messaging: A secure messaging protocol built on DIDs. Well-Known DID Configuration: Establishes a standard for associating a DID with a web domain. Why are these standards important? These standards promote interoperability, security, and trust in digital interactions. They help ensure that different systems and organizations can work together seamlessly, while also protecting user privacy and data integrity. #digitaltrust #standards #interoperability #security #privacy #identity #ISO #OIDF #IETF #W3C #DIF