Advances in sovereign data sharing: identification and assessment of the main features of distributed usage control solutions and improvements in the policy quality

Author: Gonzalo Gil Inchaurza Thesis director Mariví Higuero, UPV/EHU/ y Aitor Arnaiz, Tekniker Date2023

In recent years, organizations are investing on the digitization of their processes to improve the performance of their activities. The Internet of Things, which aims to monitor and acquire data from different processes, as well as data-driven technologies such as Artificial Intelligence that seek to generate added value from the data acquired, are positioned as the technologies in which organizations are making the largest investments. Despite the exponential growth of data generated and captured around the world, to maintain the competitiveness of data-driven technologies, more and more data is required, especially from other organizations. This has made data and its sharing among organizations a key resource for economic growth, competitiveness, and innovation. Nevertheless, a critical issue that is preventing data sharing worldwide is the reluctance that organizations have to share their data if their self-determination about the usage of their data is not granted. This is referred to as the data sovereignty concern.

At the present time, current initiatives among which the International Data Spaces Association (IDSA) stand out, work in the definition, and design of a distributed, open, interoperable, and sovereign infrastructure of services in which different organizations can collaborate and benefit from data sharing. To grant data sovereignty, the IDSA proposes Distributed Usage Control (DUC) a particularization of Usage Control (UC) for data sharing scenarios that extends Access Control (AC) to control what must happen to data through its life cycle.

This thesis seeks to strengthen data sharing through advances in data sovereignty providing new tools to increase the widespread adoption of DUC solutions. In particular, this thesis provides a novel approach on the identification and assessment of the features that DUC solutions must support to ensure data sovereignty. In turn, this thesis provides improvements in the quality of the policies defined to restrict the usage of the data in DUC solutions.