ABOUT THE PROJECT

PS-SDA: Provenance services with Smart Data Agreement 

iGrant.io is a MyData Operator platform for human-centric personal data management, enabling a transparent and regulatory compliant data exchange. Every data exchange has an associated auditable and verifiable Data Agreement (DA) that records conditions for an organization to process personal data in accordance with GDPR [1, 2]. The DA is mutually signed by the organisation and the individual and is based on open specification published via the W3C (e.g. DID:mydata).

In this proposal, the DA specification is extended with data provenance metadata and is stored in a chain and can be resolved independently. Data exchange between two organisations is facilitated by a smart contract that guarantees creation of DAs, enforcing GDPR compliance. When the data moves from a Data Source to any Data Using Service, individual sign off is ensured and the DA is updated with provenance data, adding to the history of data usage from its inception and beyond.

This proposal addresses one of the key issues of data governance by enabling data provenance and enforcing GDPR requirements via a smart contract. This allows organisations to audit and resolve DAs to attain legitimacy in processing personal data and to be transparent in their use of personal data. The key activities include:

  1. Specify and extend the existing DA protocol suite to enable data provenance to trace and record the origins of data and its movement between data processing organisations.
  2. Develop associated APIs and SDKs to perform DA CRUD operations to enable data exchange between organisations, guaranteed through a smart contract.
  3. Propagate data updates across the chain including revoking the DAs across all intermediaries in the chain.
  4. Contribute to ISO standardisation (for consents) with provenance requirements.

 

References:

[1] Automated Data Agreement Project Page

[2] Data Agreement Specification: Linquist, J., Lundin, L and Chandran, L

 

Use Case 1

Use case 2

 

 

Motivation for the project:

Trust in the use of personal data is a fundamental currency of an advanced digital economy. Adequate governance framework with data provenance is essential to build the requisite trust in a highly governed data economy, and must cater to the needs of the individual, organisations and auditors. 

Generic use case description:

Use case related to the creation of a provenance trail for personal data exchange. With this, we aim to achieve the following:
- Organisations can prove legitimate rights to the use of personal data
- Individuals are able to stay in control of their data
-  Auditors can independently verify.

Essential functionalities:

In this proposal, we extend the existing DA protocol with data provenance metadata and make it available on ONTOCHAIN. Further, we convert the DA into a smart contract to enforce GDPR compliance during a personal data exchange between companies.

How these functionalities can be integrated within the software ecosystem:

In PS-SDA, smart contracts will be used to connect on-chain data to off-chain data. When a smart contract function is executed, the blockchain oracle will execute an external API to retrieve the requested data. Smart contracts also guarantee the contracts executing exactly as per the associated DA. 

Gap being addressed:

The primary challenge addressed is the lack of an immutable provenance trail with regard to the exchanged personal data where both organisations’ and individuals’ needs with regards to regulatory compliance and monetization are met. 

Expected benefits achieved with the novel technology building blocks:

Project PS-SDA focuses on enhancing auditability and provenance of any personal data transaction to strengthen, trust and transparency in a data exchange. It helps organizations to continue leveraging data and provides individuals control on how their data is used.  

Potential demonstration scenario:

The project will demonstrate exchange of data between two organisations while ensuring the provenance trail on how the data has been exchanged, apart from being able to ensure GDPR compliance for all organisations involved.

 

 

 


TEAM

 

Lotta Lundin

Lotta Lundin (Project Lead, iGrant.io)

CoFounder iGrant.io, 22+ yrs in telecom industry, privacy professional and project manager.

 

Lal Chandran

Lal Chandran (Teach lead, iGrant.io)

CoFounder iGrant.io, 20+ years industry expertise in cloud, security, identity, data exchange, decentralised SW architecture including DLTs.

 

George Padayatti

George Padayatti (Blockchain and DevOps, iGrant.io)

DevOps, SW and Blockchain/DLT and SSI expert.

 

David Goodman

David Goodman (Product Manager, iGrant.io) 

SW and identity expert with over 30+ years industry experience. 

 

 

Jan Lindquist

Jan Lindquist (Standardisation, Linaltec Sweden)

With expertise in privacy, data engineering, SSI, blockchain and ISO standardisation.

 

Fredrik Lindén

Fredrik Lindén (MyData Sweden)

Will ensure that the solution adheres to the MyData principles, is interoperable with governance vetted with the MyData community.

 

 Andreas Hager

Andreas Hager (Legal advisor)

A lawyer, will provide guidance on necessary legal considerations..


ENTITIES

 

LCubed AB

LCubed AB

Swedish SaaS provider of iGrant.io. With iGrant.io, an organisation can address their data governance challenges through (verifiable) data exchange in a regulatory compliant and auditable manner.

https://igrant.io/

 

 

Linaltec AB

Linaltec AB

Swedish data privacy, science and engineering consultancy lead.

https://www.linaltec.com/

 

 

MyData Sweden

MyData Sweden

Non-profit organisation and watchdog for individual’s rights to self-determination with regards to how data is used.

https://mydata.org/sweden/

 

 

LCubed AB

Upstream Dream

Swedish healthtech company, empowering the patient through sustainable information sharing practices.

https://upstreamdream.com/