ACROSS data governance framework focuses on permission management, providing a way for people to define the specific data that can be shared (or disclosed) between parties, for which purposes, and for how long. Furthermore, it will go beyond basic permission management including the possibility to define data usage policies for more fine-grained usage control. In general, the overall goal is to enforce usage restrictions for data after access has been granted.
A data usage policy could be used to constraint the location in which data is used, to enforce the deletion of the personal data after a specific period or to modify the personal during the data transfer process. The complete data usage policy enforcement functionality is performed by a specific software (the IDS connectors) and some of the rules can only be applied by the consumer connector, so it can be used only if the services (both public and private services) deploy the IDS connectors technology for data transfer. However, the ACROSS personal data government framework strategy is to minimize the service providers adaptation needed to use the framework and it will assume the responsibility of performing data usage policies management and enforcement. Therefore, not real “data usage control” can be applied, only a restricted set of data usage policies providing data access rules. Each service is associated with a data usage policy that can be composed by one or several policy rules.
End users workflow:
Three types of users are envisaged: Administrator, End User (Citizen) and Service provider.
1. Administrator: Users management. Register and manage new users including end users and services providers. This functionality is provided by the external security package.
2. Service provider: Service description and registration. Each service provider has to register the services using the CSPV-AP extended model.
3. End User: The ACROSS Personal data framework facilitates the individual to perform the end-to end process of consent management. In order to use all the functionalities, a workflow has been designed and consists of the following steps:
- a. Select services: Select the services the user is going to use.
- b. Consent Management: Define the personal data to be used by each selected service.
- c. Data Usage policies management: Define the data usage policies applicable the data to be used by each service. This is an optional step.
- d. Monitor the data usage for each service
- e. Monitor the services using a specific personal data category