3.6 Data space actor agreement

Where project data is to be shared or accessed via a Federated Data Space (FDS), the terms for contributing to the FDS and the terms under which parties may access data should be clarified in an agreement.

Data agreements and their management require the definition and identification of user roles under a data sharing framework, such as the European Gaia-X federated secure data infrastructure. Participants in Gaia-X are categorized as:

  • Provider: operates resources in Gaia-X and offers them as services, defining the service offering including terms and conditions and technical policies.
  • Consumer: searches service offerings and consumes service instances in Gaia-X to facilitate digital offerings for end-users.
  • Federator: in charge of the federation services and the federation itself. Federators enable the interaction between providers and consumers.

In addition, the Gaia-X Trust Framework establishes a minimum baseline to participate in Gaia-X ecosystems. This baseline is defined as a set of rules about common governance and interoperability across individual ecosystems while allowing users to have full control over their activities.

Nevertheless, in its current form (https://docs.gaia-x.eu/technical-committee/architecture-document/23.10/), the Gaia-X Architecture Document present a generic model for automated contracts, but the realisation of these contracts is not within its scope. Existing examples on automated contracts management are the Cloud Adoption Framework by Microsoft (https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/architectures/data-contracts).

The topics which may be covered within a data space actor agreement are similar to those outlined above in other types of project agreements. However, the execution of those topics is likely to be quite different, as a FDS does not require the physical transfer of data, nor does it rely on a centralised repository. Consequently, the prerequisites for a data space actor emphasise suitable infrastructure, advanced data-sharing interfaces and authentication methods, and a high standard of security and data protection protocols.

Table 4 below outlines the considerations for a data space actor agreement.

Table 4: Data space actor agreement

TopicIssues to be considered
Purpose of data sharingIn a project as Provider: What is the purpose of sharing the dataset? In a project as Consumer: How will datasets will be used?
Scope of data sharingIn a project as Provider: Which datasets will be shared? In a project as Consumer: Who will have access?
Data OwnershipIn a project as Provider: Who is responsible for ensuring the data’s accuracy, citation guidelines? In a project as Consumer: How can a data provider be acknowledged in work, on which the datasets are based?
Intellectual Property RightsIn a project as Provider: Are there any IPR matters in the dataset and does this impose any restrictions on its use?
LiabilityIn a project as Provider or Consumer: Who is responsible in the case of a data leak or unauthorised misuse?
Data security and privacyProject as Provider or Consumer: Ensure the data is secure from misuse and that data is protected in accordance with relevant data protection laws.  Ensure adequate infrastructure is in place.
GovernanceProject as Provider or Consumer: Define which jurisdiction will govern any dispute and any regulations on data protection.