6.3.1. Data Space Governance Authority (DSGA) #
As explained in the DSSC Glossary (draft; Aug 22, 2023; version 1.5)) [DataSpaceGlossary]:
A major task of a data space initiative is to develop the governance framework that contains the rules and practices for the data space’s governance, management, and operations. We use the term governance authority to refer to the role that a partner of the data space initiative performs as it bears the responsibility for creating and maintaining the governance framework. Some of the parties contribute to or act as part of the governance authority, with or without the intention to become a data space participant.
Data space governance authority (role) definition: The data space participant that is accountable for creating, developing, maintaining and enforcing a governance framework for a particular data space, without replacing the role of public enforcement authorities.
6.3.1.1 Skills DSGA obligations #
- Be neutral towards all data space participants. It should not prevent any interested parties to take part and contribute as long as they commit to dataspace rules.
- It selects and recommends open standards, protocols and building blocks.
- It produces and recommends recommendations in compliance with DSSC.
- It complies with legislation.
- It makes the rules and the components of the governance framework publicly available in machine readable format.
- It includes human centricity point of view in each activity and defines minimum requirements to comply with privacy. At the same time, it keeps the right balance between privacy protection and upport for innovation and business growth.
- Ensures transparency and trust.
- It is responsible for collaboration with the DSSC, European Data Innovation Board (EDIB) and with other relevant dataspaces. The collaboration is needed to follow and apply requirements from policy bodies responsible for data spaces (EDIB) and ensure interoperability and exchange with other data spaces.
- It defines business models / value sharing options and restrictions.
- It ensures internal coherence and coordination between different organisational activities and stakeholders.
- To propose reference and compliant implementations of building blocks.
- To propose audits and certifications to ensure compliance with the set recommendations.
- To promote policies that encourage cooperation and reciprocity to avoid vendor lock-in.
6.3.1.2. Ensuring trust in the Data Space #
- Creates commonly accepted governance, business and technical rules for data sharing in the data space.
- Proposes open-source building blocks to implement such rules.
- Certifies trusted infrastructure providers (data intermediaries) that operate such building blocks.
6.3.1.3. Skills DSGA composition #
- Human centricity role, looking solely from this perspective (individual end user).
- Data/service providers.
- End user organisational role (universities, educational authority).
- Personal Data Intermediaries as defined in the following section
- It should also include other relevant stakeholders, depending on the data space purpose (use cases): Umbrella associations from a particular sector, National employment services/offices and other job intermediaries, public authorities, and policy makers (ministries, agencies), Employers, Unions or workers’ associations, Training providers, Students, Job seekers, Employees and their organisations, Life-long learners and R&I centres.
6.3.1.4. Skills DSGA Decision making #
6.3.1.5. Skills DSGA Financing #
6.3.2. Orchestrator #
Definition #
- Defines the services and data needed.
- Defines precise governance rules and business model for the data space use case.
- Defines the value of the ecosystem.
- Ensures the rules defined at data space level are applied in the data space use case.
- Proposes the ecosystem portal / marketplace.
- Does the branding, commercial efforts.
EXAMPLES:
Responsibilities & obligations #
- MUST define the precise governance rules.
- MUST define the:
- Code of conduct,
- Accession rules,
- Incentive mechanisms.
- MUST define how other participants can be involved in code of conduct / accession rules definition (democratic or centralised governance).
- MUST ensure the respect of rules set by the Data Space Governance Authority.
- MUST make the rules and values of the data space use case publicly available in machine readable format.
6.3.3. End users #
6.3.3.1. Organisational end user #
Definition #
- help people find a job / training,
- help design training,
- take decisions on hiring,
- find people to train,
- research and analytics.
Responsibilities #
- MUST define clear data usage policies.
- MUST participate in the value exchange.
6.3.3.2. Individual end user #
- find a job,
- find a training,
- get career advice,
Responsibilities #
- MUST participate in the value exchange.
- CAN exercise their rights on their data across the ecosystem through their Personal Data Intermediary.
EXAMPLES:
6.3.4. Service providers #
6.3.4.1. Service Providers for Organisations #
Definition #
- skills analytics,
- skills matching,
- training offers,
- job offers,
- skills ontologies,
- skills analytics.
6.3.4.2. Service Providers for Individuals #
Definition #
- skills analytics,
- skills matching,
- career coaching,
- learning app,
- job matching / training matching.
Responsibilities #
- MUST describe their organisations and service offerings in a machine-readable format and human readable.
- MUST define clear data policies stating what data is used, for which purposes, the security measures, the third parties it is shared with, if there is an advertisement model in a human and machine-readable way.
- MUST use the data only for stated purposes.
- MUST define pricing / value sharing on use of services.
- MUST accept and comply with requests from the person on data sharing, consent and GDPR rights:
- MUST accept Personal Data Intermediaries as valid representation of people.
- MUST inform the way data is processed, e.g., ruleset, algorithm, AI and do the system learn from data or collect the data for further improvements.
- MUST inform on the attributes and data sets used to create the AI product model.
- MUST respect data set terms & conditions.
- MUST describe risks and safeguards related to data processing, e.g., conversions, storing the data, AI, possible security checks and other data processing activities.
EXAMPLES:
6.3.5. Data providers #
6.3.5.1. Data Providers of Organisational Data #
Definition #
- training offers,
- job offers,
- skills ontologies,
- skills analytics,
- employers,
- training organisations,
- universities.
6.3.5.2. Data Providers of Personal Data #
Definition #
- skills profile,
- experiences,
- personality,
- job preferences,
- education,
- etc.
Responsibilities #
- MUST describe their organisations and data offerings in a machine readable and human readable format.
- MUST define clear data set terms of use.
- MUST accept and comply with requests from the person on data sharing, consent and GDPR rights.
- MUST accept Personal Data Intermediary as valid representation of people.
- MUST define pricing and value sharing on the use of the data.
EXAMPLES:
6.3.6. Data Intermediaries #
6.3.6.1. Organisational Data Intermediaries #
Definition #
- catalogue,
- contract management,
- interop management,
- data exchange services,
- monitoring, etc.
Responsibilities #
- ODI MUST be a data intermediary compliant with Data Governance Act.
- ODI MUST Verify the validity of agreements between data providers and data users.
- MUST describe their organisations and service offerings in a machine-readable format and human readable.
- MUST implement the rules and building blocks defined by the Alliance Structure and the Orchestrator.
- MUST publish its endpoints.
6.3.6.2. Personal Data Intermediaries #
Responsibilities #
- PDI CAN NOT be service or data provider or end user.
- PDI MUST transparently inform on relations, connections and interests to other roles
- PDI MUST be a data intermediary compliant with Data Governance Act.
- PDI MUST:
- Ensure traceability and record, revocation, verification of consent and data rights exertion.
- Verify the validity of agreements between data providers and data users.
- Inform the person of the value and risks of sharing their data.
- Implement the standards and protocols defined by the DSGA.
EXAMPLES: