This section describes from a governance point of the roles that have been initially described in Chapter 3 and precise for each their responsibilities  .

6.3.1. Data Space Governance Authority (DSGA) #

As explained in the DSSC Glossary (draft; Aug 22, 2023; version 1.5)) [DataSpaceGlossary]:

A major task of a data space initiative is to develop the governance framework that contains the rules and practices for the data space’s governance, management, and operations. We use the term governance authority to refer to the role that a partner of the data space initiative performs as it bears the responsibility for creating and maintaining the governance framework. Some of the parties contribute to or act as part of the governance authority, with or without the intention to become a data space participant.

Data space governance authority (role) definition: The data space participant that is accountable for creating, developing, maintaining and enforcing a governance framework for a particular data space, without replacing the role of public enforcement authorities.

6.3.1.1 Skills DSGA obligations #

The Skills DSGA oversees the organisational, operational, and business agreements. It defines and maintains across the data space and data space use case the following: governance framework (constitutive agreement, general terms and conditions, code of conduct, etc.), standards, building blocks inventory and certifications.
Each Skills DSGA must commit to a list of obligations stemming from recommendation by the DSSC, as well as consider Skills Data Space specific requirements. A Skills DSGA commits to the following principles and obligations:
  • Be neutral towards all data space participants. It should not prevent any interested parties to take part and contribute as long as they commit to dataspace rules.
  • It selects and recommends open standards, protocols and building blocks.
  • It produces and recommends recommendations in compliance with DSSC.
  • It complies with legislation.
  • It makes the rules and the components of the governance framework publicly available in machine readable format.
  • It includes human centricity point of view in each activity and defines minimum requirements to comply with privacy. At the same time, it keeps the right balance between privacy protection and upport for innovation and business growth.
  • Ensures transparency and trust.
  • It is responsible for collaboration with the DSSC, European Data Innovation Board (EDIB) and with other relevant dataspaces. The collaboration is needed to follow and apply requirements from policy bodies responsible for data spaces (EDIB) and ensure interoperability and exchange with other data spaces.
  • It defines business models / value sharing options and restrictions.
  • It ensures internal coherence and coordination between different organisational activities and stakeholders.
There are some other, optional, obligations that a Skills DSGA may commit to:
  • To propose reference and compliant implementations of building blocks.
  • To propose audits and certifications to ensure compliance with the set recommendations.
  • To promote policies that encourage cooperation and reciprocity to avoid vendor lock-in.

6.3.1.2. Ensuring trust in the Data Space #

The DSGA’s main function is to ensure trust in the data space so that more organisations connect to it. It does that by providing a democratic decision-making process about the rules of the data space and ensures every participant maintains control over its data.
To provide such trust the DSGA:
  • Creates commonly accepted governance, business and technical rules for data sharing in the data space.
  • Proposes open-source building blocks to implement such rules.
  • Certifies trusted infrastructure providers (data intermediaries) that operate such building blocks.
This ensures the data space follows rules accepted by stakeholders and that concrete means to ensure the data sharing are provided, in compliance with such rules.
Here’s a high-level representation of such a mechanism:
Figure 12: High level data space governance model
Figure 12: High level data space governance model

6.3.1.3. Skills DSGA composition #

A governance body is uniting different types of members who govern the infrastructure of a Data space together and decide on its development. Governance authority can be comprised of Public and institutional members, Associative members or foundations and corporate members. Such structure means a collaboration between private and public stakeholders. Good governance is about balancing the interest, input, and energy of private and public actors to ensure innovation and continuity.
Skills DSGA needs to include following stakeholders, from both public and private sector:
  • Human centricity role, looking solely from this perspective (individual end user).
  • Data/service providers.
  • End user organisational role (universities, educational authority).
  • Personal Data Intermediaries as defined in the following section
  • It should also include other relevant stakeholders, depending on the data space purpose (use cases): Umbrella associations from a particular sector, National employment services/offices and other job intermediaries, public authorities, and policy makers (ministries, agencies), Employers, Unions or workers’ associations, Training providers, Students, Job seekers, Employees and their organisations, Life-long learners and R&I centres.

6.3.1.4. Skills DSGA Decision making #

Skills data spaces may have different decision making/operational processes. They may decide to setup legal entities for governance (mostly associations), project-like structures or other types of legally binding contracts among participants. In any case, documents establishing a Skills DSGA must bind the DSGA to adherence to the obligations defined in the previous chapter. Furthermore, the decision-making process must be transparent, well-defined and documented. For example, if decisions are taken by an assembly: who convenes the assembly, how are members informed, what is the quorum, which type of majority is needed and are there any veto rights?
The Skills DSGA must ensure good communication between the different levels of data space decision making (data space level ßà data space use case ßà participant). It must keep a well-documented record of all relevant document and decisions as well as appoint responsible persons to properly communicate with data space use cases. It should also implement mechanisms to allow data space use cases to feed to the DSGA relevant materials, frameworks, tools that can be relevant for the data space level and that come from the data space use cases. It would be advisable that data space use case representatives are members of the Skills DSGA.
In addition to all inter-dataspace collaborations and collaborations with other entities (like DSSC) mentioned under the Obligations chapter, the work with the European Data Innovation Board is perhaps the most important aspect of data space governance decision making related to external entities.
The Data Governance Act also defines the European Data Innovation Board (EDIB) – a formal expert group to advise and assist the European Commission on data sharing in the Union.  Its tasks include proposing guidelines for common European data spaces. The guidelines shall address, among other things: (i)  cross-sectoral standards for data sharing, (ii) counter barriers to market entry and avoiding lock-in effects and ensuring fair competition and interoperability, (iii) protection for lawful data transfers to third countries, (iv) non-discriminatory representation of relevant stakeholders in the governance of common European data spaces and (v) adherence to cybersecurity requirements. The Skills DSGA would have to adhere to these rules and guidelines set by the EDIB. Furthermore, the EDIB will operate through at least three sub-groups: a sub-group consisting of representatives of Member State competent authorities, a sub-group for stakeholder involvement and a sub-group for technical discussions on standardisation, portability and interoperability. Skills DSGA could contribute to the latter subgroup with recommendations of standards and contribute to discussions on portability and interoperability relevant for the skills data space.

6.3.1.5. Skills DSGA Financing #

At the beginning, a critical mass of users must be reached, and soft infrastructure set up in order to make the Data Space up and running. Therefore, it is crucial that sufficient funding is guaranteed for this initial phase of the newly emerging Data Space. A public and private partnership comes of a great importance when guaranteeing the sufficient funds for the functioning of the Data Space. After the Data Space is set up and being used by different stakeholders, the DSGA can use different business models to sustain itself (for example memberships, open-source implementations of building blocks – usage fees).
An in-depth analysis of two DSGAs: Prometheus-X and Catena-X, their structure and financing model, can be found in the annexes.

6.3.2. Orchestrator #

This section details the definition and responsibilities of the Orchestrator role.

Definition #

The orchestrator is the organisation that is operationally responsible for the data space use case and ensures its diffusion and commercialisation.
  • Defines the services and data needed.
  • Defines precise governance rules and business model for the data space use case.
  • Defines the value of the ecosystem.
  • Ensures the rules defined at data space level are applied in the data space use case.
  • Proposes the ecosystem portal / marketplace.
  • Does the branding, commercial efforts.

EXAMPLES:

In the EU-Dune use case, SkillsFast is the orchestrator.

Responsibilities & obligations #

  • MUST define the precise governance rules.
  • MUST define the:
    • Code of conduct,
    • Accession rules,
    • Incentive mechanisms.
  • MUST define how other participants can be involved in code of conduct / accession rules definition (democratic or centralised governance).
  • MUST ensure the respect of rules set by the Data Space Governance Authority.
  • MUST make the rules and values of the data space use case publicly available in machine readable format.

6.3.3. End users #

This section details the definition and responsibilities of the End Users roles. DS4Skills differentiates between two types of end users: organisational and individual.

6.3.3.1. Organisational end user #

Definition #

End users and customers of the data space use case, make use of the functionalities and the result in their day-to-day activities, for instance:
  • help people find a job / training,
  • help design training,
  • take decisions on hiring,
  • find people to train,
  • research and analytics.

Responsibilities #

  • MUST define clear data usage policies.
  • MUST participate in the value exchange.

6.3.3.2. Individual end user #

Person using the system for their career and learning:
  • find a job,
  • find a training,
  • get career advice,

Responsibilities #

  • MUST participate in the value exchange.
  • CAN exercise their rights on their data across the ecosystem through their Personal Data Intermediary.

EXAMPLES:

In the EU-Dune use case, Matilda is an individual end user. DigiFutUX and IntelliAITraining and organisational end users.

6.3.4. Service providers #

This section details the definition and responsibilities of the Service Provider roles. DS4Skills differentiates between two types of end users: for organisations and for individuals.

6.3.4.1. Service Providers for Organisations #

Definition #

Organisations that provide innovative services for organisations (B2B / B2G):
  • skills analytics,
  • skills matching,
  • training offers,
  • job offers,
  • skills ontologies,
  • skills analytics.

6.3.4.2. Service Providers for Individuals #

Definition #

Organisations that provide innovative services for individuals (B2C):
  • skills analytics,
  • skills matching,
  • career coaching,
  • learning app,
  • job matching / training matching.

Responsibilities #

  • MUST describe their organisations and service offerings in a machine-readable format and human readable.
  • MUST define clear data policies stating what data is used, for which purposes, the security measures, the third parties it is shared with, if there is an advertisement model in a human and machine-readable way.
  • MUST use the data only for stated purposes.
  • MUST define pricing / value sharing on use of services.
  • MUST accept and comply with requests from the person on data sharing, consent and GDPR rights:
  • MUST accept Personal Data Intermediaries as valid representation of people.
  • MUST inform the way data is processed, e.g., ruleset, algorithm, AI and do the system learn from data or collect the data for further improvements.
  • MUST inform on the attributes and data sets used to create the AI product model.
  • MUST respect data set terms & conditions.
  • MUST describe risks and safeguards related to data processing, e.g., conversions, storing the data, AI, possible security checks and other data processing activities.

EXAMPLES:

In the EU-Dune use case, SkillProfiX and SDAI are service providers for individuals. EU-Dune is a service provider for organisations.

6.3.5. Data providers #

This section details the definition and responsibilities of the Data Providers roles. DS4Skills differentiates between two types of data providers: of organisational data and of personal data.

6.3.5.1. Data Providers of Organisational Data #

Definition #

Organisations that provide data about:
  • training offers,
  • job offers,
  • skills ontologies,
  • skills analytics,
  • employers,
  • training organisations,
  • universities.

6.3.5.2. Data Providers of Personal Data #

Definition #

Organisations that provide data about people:
  • skills profile,
  • experiences,
  • personality,
  • job preferences,
  • education,
  • etc.

Responsibilities #

  • MUST describe their organisations and data offerings in a machine readable and human readable format.
  • MUST define clear data set terms of use.
  • MUST accept and comply with requests from the person on data sharing, consent and GDPR rights.
  • MUST accept Personal Data Intermediary as valid representation of people.
  • MUST define pricing and value sharing on the use of the data.

EXAMPLES:

In the EU-Dune use case, SkillProfiX, DigiFutUX, UXlife, UXschool are personal data providers. JobRightNow, Jobijob and Jobo, FindTraining, YourTraining are organisational data providers.

6.3.6. Data Intermediaries #

This section details the definition and responsibilities of the Data Intermediary roles. DS4Skills differentiates between two types of data intermediaries: organisational and individual.

6.3.6.1. Organisational Data Intermediaries #

Definition #

Organisations that provide tools and processes for data and service providers to connect to the data space use case, such as:
  • catalogue,
  • contract management,
  • interop management,
  • data exchange services,
  • monitoring, etc.

Responsibilities #

  • ODI MUST be a data intermediary compliant with Data Governance Act.
  • ODI MUST Verify the validity of agreements between data providers and data users.
  • MUST describe their organisations and service offerings in a machine-readable format and human readable.
  • MUST implement the rules and building blocks defined by the Alliance Structure and the Orchestrator.
  • MUST publish its endpoints.

6.3.6.2. Personal Data Intermediaries #

Organisations that provide tools and processes for the person to navigate the data space use case, exercise their rights, manage consent and data sharing, discover the apps and use them, be informed on risks etc. PDIs act as trusted third parties that facilitate the exchange of personal data between individuals and organizations while ensuring data protection and privacy. PDIs can follow different technical architectures (centralised, decentralised, federated).

Responsibilities #

  • PDI CAN NOT be service or data provider or end user.
  • PDI MUST transparently inform on relations, connections and interests to other roles
  • PDI MUST be a data intermediary compliant with Data Governance Act.
  • PDI MUST:
    • Ensure traceability and record, revocation, verification of consent and data rights exertion.
    • Verify the validity of agreements between data providers and data users.
    • Inform the person of the value and risks of sharing their data.
    • Implement the standards and protocols defined by the DSGA.

EXAMPLES:

In the EU-Dune use case, InfraTrust is a Personal Data Intermediary.

Powered by BetterDocs