On the Need for Strong Sovereignty in Data Ecosystems


Data ecosystems are the foundation of emerging data-driven business models as they (i) enable an automated exchange between their participants and (ii) provide them with access to huge and heterogeneous data sources. However, the corresponding benefits come with unforeseen risks as also sensitive information is potentially exposed. Consequently, data security is of utmost importance and, thus, a central requirement for the successful implementation of these ecosystems. Current initiatives, such as IDS and GAIA-X, hence foster sovereign participation via a federated infrastructure where participants retain local control. However, these designs place significant trust in remote infrastructure by mostly implementing organizational security measures such as certification processes prior to admission of a participant. At the same time, due to the sensitive nature of involved data, participants are incentivized to bypass security measures to maximize their own benefit: In practice, this issue significantly weakens sovereignty guarantees. In this paper, we hence claim that data ecosystems must be extended with technical means to reestablish such guarantees. To underpin our position, we analyze promising building blocks and identify three core research directions toward stronger data sovereignty, namely trusted remote policy enforcement, verifiable data tracking, and integration of resource-constrained participants. We conclude that these directions are critical to securely implement data ecosystems in data-sensitive contexts.

First International Workshop on Data Ecosystems
BibTeX Citation
    author = {Lohm{\"o}ller, Johannes and Pennekamp, Jan and Matzutt, Roman and Wehrle, Klaus},
    title = {{On the Need for Strong Sovereignty in Data Ecosystems}},
    year = {2022},
    publisher = {VLDB Emdowment},
    booktitle = {Proceedings of the First International Workshop on Data Ecosystems (DEco '22)},
    DOI = {},
    state = {accepted},