---
title: "Data Governance and Self Sovereign Identity"
description: Individuals will gain the ability to own servers where their data is stored – and with it control their online identities.
excerpt: >
  We should absolutely all be taking care of the data that belongs to us, our data that we create, that we have a right to be able to control and share exactly as we choose. But we should also bear in mind the power of that data to help each of us, every day, benefit from the good that can come when it is shared and used to create a better world for us all.
layout: single
toc: true
toc_sticky: false
permalink: /self-sovereign-identity/data-governance/
canonical_url: 'https://decentralized-id.com/self-sovereign-identity/data-governance/'
categories: ["About"]
tags: ["Data Governance"]
last_modified_at: 2023-06-29
---

## Explainer
* [Video] [Data Sovereignty International Forum 2021(English)](https://www.youtube.com/watch?v=2Q2DL0ojauA) 2021-09-08 경기도청
  > My personal data has value?!\
  > We need to be aware of data sovereignty to recognize and protect value of our personal data.\
  > Make the Fair Data World Together!
* [Everybody has our data ... except us](https://reb00ted.org/personaldata/20210620-who-has-my-personal-data/) 2021-06-20 reb00ted
  > - Google has all my e-mail. (And I don’t. They merely let me access it with a browser.)
  > - Facebook has the list of all of my friends and what I said to them. (And I don’t.)
  > - LinkedIn has all of my business contacts. (Repeat after me: and I don’t.)
  > - Instagram has all my photos. Well, the Instagram department of Facebook does. (Chorus now: and I don’t.)
  > - Amazon has the list of all my purchases, and knows what products I was interested in but didn’t buy after all. (AND I DON’T.)
* [Video] [Data as competitive advantage & control mechanism in platform economy](https://www.youtube.com/watch?v=nlf5juCc6CA) 2021-06-19
  > Presenters: Sangeet Paul Choudary, Molly Schwartz Session host: Riikka Kämppi Molly Schwartz chats with Sangeet Paul Choudary - best-selling author of Platform Revolution and Platform Scale and founder of Platformation Labs - unpacks the ethics and economics of data.
* [Data for good: powering our way to a better world](https://blog.digi.me/2021/04/29/data-for-good-powering-our-way-to-a-better-world/) 2021-04-29 DigiMe
  > We should absolutely all be taking care of the data that belongs to us, our data that we create, that we have a right to be able to control and share exactly as we choose. But we should also bear in mind the power of that data to help each of us, every day, benefit from the good that can come when it is shared and used to create a better world for us all.
* [The Authentic Data Economy. Universal Digital Trust at Global Scale](https://dwhuseby.medium.com/the-authentic-data-economy-9802da67e1fa) 2021-02-27 David Huseby
  > It leverages data collection and networking and personal computing advances. It makes our data ours and authentic. It builds on all of the previous work done by countless engineers and inventors and dreamers. However, by being the last big problem it represents the final piece that brings together everything that came before it. The scope of the authentic data economy is literally everything in the human sphere. There is nothing that this won’t change. Trust will go everywhere and into everything. But most importantly, so will privacy.
* [Personal data servers will help take back digital ID from big tech](https://www.wired.co.uk/article/personal-data-servers) 2021-01-22 Wired
  > In 2021, individuals will gain the ability to own servers where their data is stored – and with it control their online identities.
  > 
  > [...] because data from their healthcare provider acquired into the server can be used to authenticate and assert that fact without the need to give any identity information. By using PDAs, apps that rely on sensitive data will be able to access this and stay “identity blind”.
* [Katryna Dow - Data minimisation: value, trust and obligation](https://www.ubisecure.com/podcast/data-minimisation-meeco-katryna-dow/) 2020-10-14 UbiSecure
  > Katryna talks to Oscar about her career (including inspiration from Minority Report), Meeco’s personal data & distributed ledger platform, the importance of data minimisation to inspire trust in organisations, and cultural differences in attitudes towards digital identity.
* [You are not your Data but Your Data is still You](https://deepdives.in/you-are-not-your-data-but-your-data-is-still-you-b41d2478ece2) 2020-08-07 DeepDives
  > In the digital age, individual privacy in the broadest sense is about control over protecting one’s personally identifiable information (PII), such as information about health, credit, shopping, or communication. But the types of information deemed ‘personally identifiable’ and the amount of control one has over them varies around the world.
* [Local-first software: You own your data, in spite of the cloud](https://www.inkandswitch.com/local-first.html) 2019-04 Ink and Switch
  > a set of principles for software that enables both collaboration and ownership for users. Local-first ideals include the ability to work offline and collaborate across multiple devices, while also improving the security, privacy, long-term preservation, and user control of data.

## Self Sovereign Identity (SSI)
* [Design Principles for the Personal Data Economy](https://medium.com/mydex/design-principles-for-the-personal-data-economy-f63ffa93e382) 2022-06-22 MyDex ([whitepaper](https://mydex.org/resources/papers/)
  > A key part of this is continuity and longevity: a personal data store is for life, so the institutions providing personal data stores should be designed for decades (centuries, even). Whatever particular corporate form they take, legal safeguards relating to continuity and longevity of purpose need to be built into how they operate.
* [Self-sovereign identity: the future of personal data ownership?](https://www.weforum.org/agenda/2021/08/self-sovereign-identity-future-personal-data-ownership) 2021-08 WEForum
  > Self-sovereign identity is a promising technology to allow you to control your own data. However, to provide the true value of the technology, it is essential to establish governance framework for its operation.
* [The Anatomy Of Personal Data Sovereignty](https://www.forbes.com/sites/forbesbusinesscouncil/2021/05/04/the-anatomy-of-personal-data-sovereignty/?sh=69dbea5761e1) 2021-05-04 Forbes 
  > The data privacy/control issue isn’t new, but the attitude shift is. People care more, demand more, and the scale of change that has occurred due to the Covid-19 pandemic is major. As we live through times exposing such injustice and inequality, it's becoming evident that this personal data ecosystem needs to undergo a major revamp.
* [Self Sovereign Identity Systems](https://yathartharora.substack.com/p/self-sovereign-identity-systems) 2021-04-09 The Passion Pad
  > We should have the right to manage our identity, free of any country or the place where we live. By giving this right to the government or any central authority, we give them much more power. Separating data rights from the actual data is important. User should have the right to decide who should have the access to his/her data.
* [Part 4: Getting on the Right Data Diet with Verifiable Credentials](https://www.evernym.com/blog/right-data-diet-verifiable-credentials/) 2021-03-08 Evernym
  > But there’s a difficult truth here. Much of the data is just plain wrong, wasteful, or at worst not compliant. We know this because businesses are spending boatloads of cash on fixing poor quality data and data compliance. And what’s the remedy? More data! More data sources, more attributes and profiles, more money. All fed by a new and increasingly sophisticated set of data APIs that are driving that growth. 
* [Video] [Radical Exchange Talk: Data Agency. Individual or Shared?](https://identitywoman.net/radical-exchange-talk-data-agency-individual-or-shared/) 2021-03-05 IdentityWoman
  > Digital networks have centralized power over identities and information, creating problems for both markets and democracy. Does the solution require more shared agency over data?  What might that look like?  This panel discussion is structured around thought experiments to find solutions to this issue.
* [Self-Sovereign Identity – A Possibility for More Data Control for Users](https://dataethics.eu/self-sovereign-identity-a-possibility-for-more-data-control-for-users/) 2020-06-18 DataEthics.eu
  > But also, the general populations’ computer skills must be taken into account when designing the solution, along with legal considerations of whether individuals should be allowed to sell sensitive data, such as health data to third parties. If it is legal to monetize personal data, users can be tempted to share personal data in a way that might harm them later e.g. sharing health data and later being denied an insurance. Monetization might also create a gap in the society and the world, having rich people prioritize protecting their privacy while less fortunate citizens might feel like they have no other option than selling their data. Thoughts about the monetization of data need to be considered in a legal context as it has been done with the donation of blood, when creating a self-sovereign identity solution. Furthermore, safeguard measures must be made against discrimination like only providing identity for a selected few, and to ensure that everyone have equal access to creating a trustworthy digital identity.

## Development
* [International Semantic Infrastructure: Requirements for a distributed data economy](https://iiw.idcommons.net/21L/_International_Semantic_Infrastructure:_Requirements_for_a_distributed_data_economy) 2021-05-06 Paul Knowles
  > Linking data together is about machine readability. Involved humans… need to understand. Do it through language. Humans like OCA because can understand data in different languages, makes sense for people. Human element. In that capture space. Want to refine OCA, take out some of the rules parts, masking overlay, conditional overlays, and get it away from OCA as architecture - it convolutes things. OCA only meant for making theings human-readable.
  - [Decentralized Semantics 101](https://docs.google.com/document/d/1Cn-IiEewkFW9K9pneBWFP6xELzd2frfmIvQAoKH2OcY/edit)
  - [Overlays Capture Architecture (OCA)](https://docs.google.com/document/d/1IDXJ8QAq-jO87DQt500Rj2SXL0BMUo1_hEK1VDVZ8Ho/edit) 
* [Hidden in Plain Sight — the Transformational Potential of Personal Data](https://medium.com/mydex/hidden-in-plain-sight-the-transformational-potential-of-personal-data-da47f666713e) 2021-04-12 MyDex
  > Personal data stores apply the same economic logic to transform the costs of producing data driven services. [Verified attributes](https://medium.com/mydex/unleashing-the-potential-of-verified-attributes-fe001e01b091) are the digital equivalents of Henry Ford’s standardised parts. By enabling one organisation to instantly re-use data verified by another organisation they eliminate the need for vast amounts of duplicated effort and rework (re-creating each data point from scratch or checking its details, provenance etc).
* [Credential Marketplaces](https://iiw.idcommons.net/12K/_Credential_Marketplaces) 2021-05-06 Martin Riedel, Stepan Gershuni [Presentation](https://docs.google.com/presentation/d/1WOXgHhgAwG0Im45pZkTAhsadpd8xbck0xjlnsuVGGhI/edit?ts=60803bc8#slide=id.gd369c9df06_0_17)
  > Credential Marketplace is quite high up the SSI stack but we want to start this discussion.
  > 1. What is Credential Marketplace?
  > 2. We have a Trust Triangle of Issuer-Holder-Verifier. This does not need any centralized entity except schema hosting.
  > 3. However, we want to solve the problem of discovery of Issuers and Verifiers.
  > 4. Example: I’m traveling to a new country. I need to get what healthcare VCs are needed to go there, in an automated way.
  > 5. How can we solve this without relaying on a centralized registry of Verifier requirements and Issuer capabilities?
  > 6. How it works
  > 7. In order to discover issuers / vc types, there should be a registration step where issuers/verifiers actively OR passively provide metadata about their capabilities.
  > 8. Credential Data — can contain some filters or constraints on the data from within the VC. E.g. As a Verifier, I only accept passport VC from only certain governments: only German nationals.
  > 9. VC Metadata
  > 10. Issuer Metadata
  > 11. Reputation mechanism for credential issuers
  > 12. Marketplace can also implement value transfer: paying for issuance by the verifier, for example. Even if they are part of different SSI ecosystems. This is optional but can help incentivize different participants.

## Caution
* [Why Location Data Brokers Put All Communities At Risk](https://me2ba.org/why-location-data-brokers-put-all-communities-at-risk/) 2022-06-06 Zach Edwards M2BA
  > New work that may leverage decentralized ID from the supply chain side of things…but not sure (lots of links inside on data brokers harm)
* [What Does It Actually Mean When a Company Says, “We Do Not Sell Your Data?”](https://john.philpin.com/2021/09/03/what-does-it.html) 2021-09-03 John Philipin 
  > Probably because the alternatives produce even more income.
* [Data Mob Rule](https://www.moxytongue.com/2021/08/data-mob-rule.html) 2021-08 MoxyTongue
  > Individual Rights are hard to come by historically. Strong people make them possible. First requirement of their existence is thus, strong people.
* [If your strategic plan is based on data, have you considered the consequences?](https://www.mydigitalfootprint.com/2021/04/if-your-strategic-plan-is-based-on-data.html) 2021-04 MyDigitalFootprint
  > How do you know your data set has the views of everyone who is critical to your business today and in the future? How do you know the tools you use provide equal weight to everyone to make our business thrive?  How do you know if the recommendation was written before the analysis? How do your incentives create a new bias?
* [Envy Counting The Cost of Data Collection, And A New Paradigm Of ‘Identity Holder Present’](https://www.evernym.com/blog/identity-holder-present/) 2021-03-12 Evernym
  > It all feels like data envy to me. Aristotle described envy as the pain at the sight of another’s good fortune, stirred by “those who have what we ought to have.” Precisely.
* [Why framing “data” as an asset or liability is dangerous](https://www.mydigitalfootprint.com/2021/03/why-framing-data-as-asset-or-liability.html) 2021-03 MyDigital Footprint
  > If there is one thing that can change finance’s power and dominance as a decision-making tool, it is the rest of the [data](https://opengovernance.net/data-is-data-90ba0b803178). According to Google (2020), 3% of company data is finance data when considered part of an entire company’s data lake. McKinsey [reports](https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/how-companies-make-good-decisions-mckinsey-global-survey-results) that 90% of company decisions are based on finance data alone, the same 3% of data.
* [Dangerous Data: the role of data collection in genocides](https://www.theengineroom.org/dangerous-data-the-role-of-data-collection-in-genocides/) 2016-11-21 The Engine Room
  > Last week, the UK Government passed what has been described by Jim Killock, director of the Open Rights Group, as the “most extreme mass surveillance law ever passed in a democracy”. The law, known officially as the Investigatory Powers Act, forces UK internet providers to store browsing histories — including domains visited — for one year, in case of police investigations. Unofficially, and in reference to its invasive powers, it has been nicknamed the Snooper’s Charter.

## Literature
* [INNOPAY paper on data sharing published in CEUR Workshop Proceedings](https://www.innopay.com/en/publications/innopay-paper-data-sharing-published-ceur-workshop-proceedings) 2022-09-15 Innopay
  > This week, CEUR-WS.org has published the paper titled ‘[Harmonization Profiles for Trusted Data Sharing Between Data Spaces: Striking the Balance between Functionality and Complexity](http://ceur-ws.org/Vol-3214/WS6Paper2.pdf)’ in the CEUR Workshop Proceedings.
* [BIS Annual Report - section III. The future monetary system](https://www.bis.org/publ/arpdf/ar2022e3.pdf) 2022-06-16 BIS page 41 in the chart
  > Point 5. User control over data—data governance arrangements should ensure users’ privacy and control over data:
  > 
  > - Today: Users trust intermediaries to keep data safe, but they do not have sufficient control over their data
  > - Crypto: Transactions are public on the blockchain—which will not work with “real names”
  > - Tomorrow: New data architectures can give users privacy and control over their data
* [Case Studies] [Exploring principles for data stewardship](https://www.adalovelaceinstitute.org/project/exploring-principles-for-data-stewardship/) 2021-11 Ada Lovelace Institute
  > What data practices enable the use of data for public or social good? To help answer this question, the Ada Lovelace Institute has developed a set of case studies. Based on Elinor Ostrom’s principles for governing the commons, these case studies can help us to understand what responsible data stewardship might look like.
* [What the Heck is a Data Mesh?!](https://cnr.sh/essays/what-the-heck-data-mesh) 2021-06-08 Chris Riccomini
  > I re-read [Zhamak Dehghani](https://twitter.com/zhamakd) ’s [original](https://martinfowler.com/articles/data-monolith-to-mesh.html) and [follow-on](https://martinfowler.com/articles/data-mesh-principles.html) posts. Zhamak is the creator of the data mesh. In her second post she identifies [four data mesh principles](https://martinfowler.com/articles/data-mesh-principles.html#CorePrinciplesAndLogicalArchitectureOfDataMesh):
  > 
  > 1. Domain-oriented decentralized data ownership and architecture
  > 2. Data as a product
  > 3. Self-serve data infrastructure as a platform
  > 4. Federated computational governance
* [Self-Sovereign Identity Personal Data Usage Licensing (SSI-PDUL) Model](https://hyperonomy.com/2021/01/27/self-sovereign-identity-personal-data-usage-licensing-ssi-pdul-model-solution-concept/) 2021-01-27 Michael Herman [Whitepaper](https://hyperonomy.files.wordpress.com/2019/11/hyperonomy-ssi-personal-data-usage-licensing-model-ssi-pdul-model-2021-0.27rd.pdf) 
  > The scope of the Self-Sovereign Identity Personal Data Usage Licensing (SSI-PDUL) Model is personal digital identifiers and any associated identity data presented by Alice to the App. It does not include the permissioning of data internal to the App (although the natural extension of the solution to internal data is an obvious one)
* [Tweet Thread] [discussing different approaches to data stewardship and potential principles](https://twitter.com/AdaLovelaceInst/status/1336954825356046339) 2020-12-10 Ada Lovelace Institute
  > 1. We start by asking: what does doing good with data mean to you?
  * [Doing good with data: what does good look like when it comes to data stewardship?](https://www.adalovelaceinstitute.org/blog/what-does-good-look-like-data-stewardship/) 2020-09-03 Ada Lovelace Institute
* [Towards Workers' Data Collectives](https://www.thewhynotlab.com/post/towards-worker-data-collectives) 2020-11-07 The Why Not Lab
  > I roll out my vision for the establishment of workers' collective data rights and ultimately for workers' data collectives. A means through which to empower workers and balance out the power asymmetry so prevalent in today's digital capitalism. I caution that fixing data and privacy rights is not an end in itself. We will need to draw a new map for the digital economy and society. 

## Data Ecosystems
* [What’s in Your Data Ecosystem?](https://stateofidentity.libsyn.com/whats-in-your-data-ecosystem) 2021-12-09 State of Identity
  > Indicio's CEO, Heather Dahl, and CTO, Ken Ebert, identity wallets, verified credentials, the role of the Sovrin Foundation, and new momentum around interoperability across decentralized identity.
* [Trusted Data Ecosystems: The Indicio Way](https://indicio.tech/trusted-data-ecosystems-the-indicio-way) 2021-09-16 Indicio
  > This multidimensional value—authenticity, compliance, integrity, and resilience—coupled with being easy to integrate is what separates the Indicio approach from the rest. Our growth in 16 months—with global enterprise customers and a global decentralized blockchain network supported by 23 companies on five continents is a sign that fundamental change is coming in the way we share information.
* [How to unleash the full potential of data?](https://medium.com/mydex/how-to-unleash-the-full-potential-of-data-3676db8d7c03) 2021-05-02 Alan Mitchell
  > The main reason why vital information is not getting where it needs to be is that our data economy has evolved to be an organisation-centric ‘One User One Use’ (OUOU) system — whereas, thanks to the inner logic of data itself, it needs to operate as a ‘Many Users, Many Uses’ (MUMU) data ecosystem.
* [6: Breaking Down Silos with Open Ecosystems and True Data Portability](https://www.evernym.com/blog/open-ecosystems-data-portability/) 2021-03-11 Evernym
  > Every company providing a new digital identity solution believes that all the other digital identity options are not good enough, not secure enough, not fast enough. They believe they can do better.
  > 
  > Yet collaboration will be critical to making digital identity work properly at scale.

## Data Institutions
* [The need for new Data Institutions](https://medium.com/mydex/the-need-for-new-data-institutions-e6b06cd0cbb8) 2022-05-30 Alan Mitchell
  > we were presenting at the Open Data Institute’s event on Data Sharing and the [Rise of Data Institutions](https://theodi.org/article/what-are-data-institutions-and-why-are-they-important/) — a crucially important subject for the years ahead. (You can see the slides of our presentation [here](https://www.slideshare.net/davidejalexander/mydex-cic-odi-radical-data-institutions-20220330-alan-mitchellpdf).)
* [Helping Data Trusts Manage Personal Data](https://medium.com/mydex/helping-data-trusts-manage-personal-data-4215faaee5f2) 2022-05-03 Mydex
  > Mydex CIC has just published a blog for Cambridge University’s Data Trust Initiative on ‘Helping Data Trusts Manage Personal Data’. In it, we address the challenges that arise as the Data Trust movement begins to scale.

## Organizations
* [Data Trusts Initiative](https://datatrusts.uk/) 
  > interdisciplinary programme that pursues research at the interface of technology, policy and the law to better understand the role data trusts can play
* [Data Futures Lab](https://foundation.mozilla.org/en/data-futures-lab/) Mozilla Foundation
  > The Data Futures Lab is an experimental space for instigating new approaches to data stewardship challenges. It provides funding, scaffolding for collaboration, convening around emerging ideas, and a place to workshop approaches to data stewardship which give greater control and agency to people.
* [The Data Economy Lab](https://thedataeconomylab.com/)
  > The Data Economy Lab is a dynamic space to think through legal, policy, governance, and technological issues on Data Stewardship
* [Japan-based Dixon Siu to join the Board of aNewGovernance AISBL](https://www.anewgovernance.org/2021/09/15/japan-based-dixon-siu-to-join-the-board-of-anewgovernance-aisbl/) 2021-09-15
  > Given his breadth of experience and alignment with a number of strategic sectors where aNewGovernance is currently developing ecosystems, I am sure, he will bring incredible contribution.

## Companies
* [Europe’s top Data Portability Projects](https://dapsi.ngi.eu/meet-europes-top-data-portability-projects/) 2021-03-30 NGI
  - [ALIAS](https://dapsi.ngi.eu/hall-of-fame/alias/) – automating GDPR portability for applications developers.
  - [Checkpipe Charlie](https://dapsi.ngi.eu/hall-of-fame/checkpipe-charlie/) – tool for describing and validating data.
  - [DIP](https://dapsi.ngi.eu/hall-of-fame/dip/) – Vaccination & Immunization Management using Verifiable Credentials.
  - [Domi](https://dapsi.ngi.eu/hall-of-fame/domi/) – SSI-based digital passport to facilitate data portability in the housing rental sector.
  - [DPella](https://dapsi.ngi.eu/hall-of-fame/dpella/) – Data analyses with privacy in mind.
  - [IDADEV-P2P](https://dapsi.ngi.eu/hall-of-fame/idadev-p2p/) – Blockchain Based Data Portability System
  - [OpenPKG](https://dapsi.ngi.eu/hall-of-fame/openpkg/) – decentralised data provenance system for improved governance and portability of personal data.
  - [OpenXPort](https://dapsi.ngi.eu/hall-of-fame/openxport/) – Open export of data across different systems and providers.
  - [ORATORIO](https://dapsi.ngi.eu/hall-of-fame/oratorio/) – Energy data exchange platform.
  - [Prov4ITData](https://dapsi.ngi.eu/hall-of-fame/prov4itdata/) – Provenance-aware querying and generation for interoperable and transparent data transfer.
  - [UI-Transfer](https://dapsi.ngi.eu/hall-of-fame/ui-transfer/) – complete solution for “user initiated inter-controller and continuous data transfer”
* [PSA Today with Julian Ranger, founder of Digi.me](https://anchor.fm/psatoday/episodes/PSA-Today-37-Kaliya-and-Seth-talk-with-Julian-Ranger--Chairman--Founder-of-Digi-me-about-personal-data-governance-in-a-world-of-surveillance-capitalism-etpk24) 2021-03-29 PSA Today, Digi.Me
  > Personal data governance (in a world of surveillance capitalism)
  > Check out https://digi.me/ for more about Julian and his company and how they are going to market.