FOR SHARE - JULY SNAPSHOT - 20230623 Draft Data Intermediary - snippet

Draft building block snippet: Data Intermediary

 

Overview  

 

Data intermediaries is a building block that can be defined as data space enablers that connect one or more data space members to the data space, thereby enabling them to establish relationships and execute data transactions with other members of the data space. 

 

The intermediary concept is relatively broad. For example, platform entities such as Facebook and Google are sometimes referred to as intermediaries. However, these examples are not based on digital sovereignty principles. We define and focus on the intermediary concept that is based on digital sovereignty principles and can be defined according to the current DSSC glossary in the following way: “data intermediaries provide connection to some of the data space members where the members can be organizations or humans”. We acknowledge that this definition requires further clarification and elaboration. 

 

Intermediaries that are independent from parties with a significant degree of market power, allow non-discriminatory access to the data space for various type of data space members, such as humans, and organizations of all sizes (e.g., SMEs and start-ups with limited financial, legal or administrative means). Thus, due to their role in making data exchange available also for members with limited resources, they can be seen as cornerstones in facilitating new types of data-driven services among a diverse set of data space participants and thus, fostering the operation and scaling of a data space. 

 

Further, intermediaries have an impact on the governance, business, legal and technical aspects of the dataspace, and thus, they determine the ecosystem dynamics through which data transactions are made. Due to their extensive impact on the data exchange practices in the data ecosystem, their role can be seen as cornerstones of fair, transparent, trustworthy and sustainable data spaces that ultimately lead to a fair data economy. Yet, it has to be mentioned that despite of their crucial role, it is possible to develop and operate data spaces without intermediaries. Data intermediary is a building block that has business, governance and in some cases, also legal dimensions. 

 

Key elements  

 

Intermediaries can be characterized by specifying the following key elements:

 

1. Type: If the intermediary manages personal data, then it is considered a personal data intermediary. Otherwise, it is a general data intermediary that may be further classified based on what kind of services it provides. 

2. Services: One of the most important services that the intermediary provides is the enabling role in establishing relationships among data space members and the execution data transactions.

3. Customers: The intermediary may have organizational customers, human customers or the governance authority as customer. An intermediary can have multiple different customers at the same time. 

4. Business model: Important questions concerning the business model of the intermediary are: Is the business model defined in the governance framework? Is it a common business model? 

5. Role in the governance of the data space: The characteristics of the intermediary’s role are specified in the governance framework of the data space. 

6. Legal context: The legal context consist of the laws, acts, and regulations that the intermediary operates in. A special aspect is whether the intermediary is a certified data intermediary according to the Data Governance Act.

7. Interoperability components: The intermediary’s key components (processes, frameworks, standards, etc.) ensure interoperability among the intermediaries (1) within the data space and (2) with other data spaces.

 

Key functions

 

The key function of intermediaries is specified in their definition: connecting data space members to each other, and enabling them to establish bilateral or multilateral relationships and to execute data transactions in a data space. In more details, intermediaries have type-specific (personal or organization data intermediary) and common functions that we elaborate on below.

 

Intermediaries have the following common functions:

• (technical) They manage common capabilities, such as tracking the data sharing.

• (technical) They identify and combat cybersecurity threats, thus, ensuring data security.

• (business) Their business model ensures a fair redistribution of the revenue flow among data space members.

• (governance) Their own data management and governance processes comply with the governance framework of the data space.

• (legal and regulatory compliance) Intermediaries ensure that the data transactions are carried out according to the legal and regulatory context of the data space (e.g., compliance with GDPR, national laws). Furthermore, some intermediaries comply with the legal obligations specified in the Data Governance Act.

• (interoperability) They ensure interoperability among intermediaries within the data space and with other data spaces.

• (social) They ensure ethical and fair use and exchange of the data.

• (social) They develop and maintain the data management practices among data space participants, and thus, impact data management practices and routines.

 

Personal data intermediaries typically have the following functions, in addition to common functions:

• They provide customer interfaces that are specific to a natural person who is managing their own data and identity, and ensure comprehensive control over access to and use of their data.

• They act in the best interest of humans in protecting personal data. 

• They provide a single-point, easy to use interface for humans to manage their identity and personal data.

• They ensure transparency of how, when and by whom personal data has been used.

• They may provide wallets for distributed identity and storing verified credentials. They may also provide personal data storage or pods, for self-storing and sharing data. 

 

Dependencies and relationships  
Intermediaries can be considered as business vehicles for delivering some of the technical capabilities needed to operate a data space. Intermediaries can contribute in delivering, for example, data space connectors, access and use control, or identity management either in a decentralized or centralized way, depending on the design of the intermediary role within the data space and its governance. Data intermediaries are specific business wrappers for some of the technical building blocks that significantly catalyze and transform the delivery of these capabilities, and ultimately change the business landscape of the data space. 

 

Relevance for the data space

Intermediaries are one of the key enablers of the development, operation, and scaling of the data spaces, and as such, their success is a cornerstone of a sustainable data spaces. We have seen evidence of this in certain B2B data spaces where intermediaries have significantly improved adoption of the data space. Most companies, especially small ones with limited resources, want to outsource the complexity of managing the data space connection. Further, in the personal data and human side of the data spaces, humans cannot operate practically within a data space. Thus, the personal data intermediary can function both as a steward as well as agency empowerment for individuals within the data space. Without an intermediary, it is unlikely that humans can engage efficiently and consciously in multi-party data exchange control. 

 

Responsible, ethical and interoperable intermediary services in the data ecosystem pave the yard towards the ethical and fair development and use of the data spaces, and thus, a fair data economy. Well-governed and DGA-compliant data intermediaries may significantly improve data space compliance.  

 

For these main reasons, paying special attention to the intermediaries, their capabilities and services, and their impact on the data space ecosystem dynamics is highly recommended in every lifecycle stage of a data space.