Periodic Reporting for period 1 - DUCA (Data Usage Control for empowering digital sovereignty for All citizens)
Période du rapport: 2023-01-01 au 2024-12-31
The project has four concrete objectives being developed in the project’s work plan:
O1. To value and consolidate a community of skilled staff on the wide area of data sovereignty, by means of proper secondments and training.
O2. To build a flexible and easy to use distributed framework for managing trustworthy data sharing agreements, which will enable data sovereignty of users.
O3. To develop and integrate several security and Privacy Enhancing Technologies (PETs) and to tailor these to the specific needs of the DUCA platform and use cases.
O4. To deploy and validate the overall distributed data usage control framework in several use cases.
O1. To value and consolidate a community of skilled staff on the wide area of data sovereignty, by means of proper secondments and training.
O2. To build a flexible and easy to use distributed framework for managing trustworthy data sharing agreements, which will enable data sovereignty of users.
O3. To develop and integrate several security and Privacy Enhancing Technologies (PETs) and to tailor these to the specific needs of the DUCA platform and use cases.
O4. To deploy and validate the overall distributed data usage control framework in several use cases.
The results of the work undertaken during the reporting period has been:
• Definition of the functional and non-functional requirements for the DUCA platform.
• Definition of the initial high-level architecture for the DUCA platform.
• D2.1 Initial results of requirements, architecture and integration test bed, submitted on schedule.
• Definition of the first version of the Data Sharing Agreement (DSA) formats.
• Defined a preliminary architecture of the software infrastructure devoted to DSA management.
• Defined a first architecture of the DUCA DSA Enforcement Infrastructure.
• D3.1 Initial results of Data Sharing Agreement Management and Enforcement Infrastructures, submitted on schedule.
• Investigated core functionalities to be developed and implemented for PIA and accountability techniques and tools.
• Initial work on defining models and required parameters for possible threats, impact criteria.
• Investigated a variety of privacy-preserving techniques and identified homomorphic encryption as a promising approach.
• Carried out an initial assessment of the requirements of each related component, and in relation to the needs for pseudonymization and data encryption within the nominated use cases.
• An intensive study of the role of the DLT technology and its implication for DUCA scenarios, as well as the identification, selection and specification of the blockchain technology for the access control management in DUCA. This action has also made it possible to specify the Audit Manager (AM) service in charge of managing the blockchain network for access control and its corresponding traceability.
• D4.1 Initial results of security and privacy enhancing technologies, submitted on schedule.
• Held several meetings with the use case owners to understand involved DUCA scenarios.
• Definition and selection of potential stakeholders relevant to the project and use-cases and analysis of EU projects (e.g. CONNECT, CASTOR) and use-cases relevant to DUCA to enhance and extend all the scenarios and obtain relevant requirements.
• Focus on use cases related to big data and AI, the energy sector and mobility, as well as their relationships to the DUCA’s architecture and its real deployment in the future.
• D5.1 Initial results of Design, implementation and evaluation of use cases, submitted on schedule.
• Definition of the functional and non-functional requirements for the DUCA platform.
• Definition of the initial high-level architecture for the DUCA platform.
• D2.1 Initial results of requirements, architecture and integration test bed, submitted on schedule.
• Definition of the first version of the Data Sharing Agreement (DSA) formats.
• Defined a preliminary architecture of the software infrastructure devoted to DSA management.
• Defined a first architecture of the DUCA DSA Enforcement Infrastructure.
• D3.1 Initial results of Data Sharing Agreement Management and Enforcement Infrastructures, submitted on schedule.
• Investigated core functionalities to be developed and implemented for PIA and accountability techniques and tools.
• Initial work on defining models and required parameters for possible threats, impact criteria.
• Investigated a variety of privacy-preserving techniques and identified homomorphic encryption as a promising approach.
• Carried out an initial assessment of the requirements of each related component, and in relation to the needs for pseudonymization and data encryption within the nominated use cases.
• An intensive study of the role of the DLT technology and its implication for DUCA scenarios, as well as the identification, selection and specification of the blockchain technology for the access control management in DUCA. This action has also made it possible to specify the Audit Manager (AM) service in charge of managing the blockchain network for access control and its corresponding traceability.
• D4.1 Initial results of security and privacy enhancing technologies, submitted on schedule.
• Held several meetings with the use case owners to understand involved DUCA scenarios.
• Definition and selection of potential stakeholders relevant to the project and use-cases and analysis of EU projects (e.g. CONNECT, CASTOR) and use-cases relevant to DUCA to enhance and extend all the scenarios and obtain relevant requirements.
• Focus on use cases related to big data and AI, the energy sector and mobility, as well as their relationships to the DUCA’s architecture and its real deployment in the future.
• D5.1 Initial results of Design, implementation and evaluation of use cases, submitted on schedule.
The DUCA framework will allow data-sharing entities to ensure that their data is used as specified. In other words, the data provider’s requirements will be respected even if other entities control the data. Thus, the framework will help ensure the privacy of exchanged data. Moreover, it will enhance data providers' trust in collaboration and foster greater incentives for data sharing. More shared data means a broader range of applicable analyses, more accurate future predictions, and higher service quality.
The focus on cross-border data sharing for training AI models in the DUCA also has far-reaching social and economic effects. Economically, the establishment of robust data spaces and access controls reduces compliance risk and legal ambiguity, enabling firms to conduct business in several jurisdictions without compromising intellectual property security. This renders the market more competitive and fairer, where businesses can leverage data-driven insights without jeopardizing regulatory war. Socially, DUCA facilitates trust in self-driving cars by ensuring data openness and user anonymity, leading to higher acceptance levels and safer mobility solutions that benefit people and communities through reduced traffic accidents, enhanced transportation efficiency, and a greener and more connected future.
We believe that SMEs, in particular, should benefit from the DUCA framework. Large organizations are more likely to have access to vast amounts of data, which makes competition with them difficult for SMEs. Moreover, large organisations are better known among potential data providers and are often trusted by default. On the other hand, SMEs may be perceived as less trustworthy by potential data providers, who are generally more hesitant to share data with them.
The DUCA framework is designed to enforce data-sharing requirements through technology that increases trust in SMEs, thereby encouraging data sharing with them. As a result, this will lead to greater availability of data, improved service quality, enhanced SME competitiveness, and a stronger market position.
The focus on cross-border data sharing for training AI models in the DUCA also has far-reaching social and economic effects. Economically, the establishment of robust data spaces and access controls reduces compliance risk and legal ambiguity, enabling firms to conduct business in several jurisdictions without compromising intellectual property security. This renders the market more competitive and fairer, where businesses can leverage data-driven insights without jeopardizing regulatory war. Socially, DUCA facilitates trust in self-driving cars by ensuring data openness and user anonymity, leading to higher acceptance levels and safer mobility solutions that benefit people and communities through reduced traffic accidents, enhanced transportation efficiency, and a greener and more connected future.
We believe that SMEs, in particular, should benefit from the DUCA framework. Large organizations are more likely to have access to vast amounts of data, which makes competition with them difficult for SMEs. Moreover, large organisations are better known among potential data providers and are often trusted by default. On the other hand, SMEs may be perceived as less trustworthy by potential data providers, who are generally more hesitant to share data with them.
The DUCA framework is designed to enforce data-sharing requirements through technology that increases trust in SMEs, thereby encouraging data sharing with them. As a result, this will lead to greater availability of data, improved service quality, enhanced SME competitiveness, and a stronger market position.