Data Licenses
Last updated
Last updated
Data licenses describe the terms and conditions for using data. BDI recognises a layered licensing structure. Licenses are used in authorisations for data transactions and are defined in this building block of the BDI framework.
The purpose of the data licenses building block is to allow Data Owners to control what Data Consumers are allowed to do with their data by providing instructions on how a service may be consumed or under which conditions data may be exchanged.
The following concepts (from the BDI Glossary) are particularly relevant in this building block:
Concept | Meaning |
---|---|
When not selecting the correct license, the Data Consumer might not be sufficiently legally bound to the right terms and conditions for using their data, which could result in data abuse and thereby in financial or reputational damage to the Data Owner, or (indirectly) the Data Service Provider.
However well the licenses are implemented, there is no technical guarantee that the data is used in conformance with the applicable licenses. The legal context of the framework mitigates this risk, but a residual risk remains.
BDI encourages participants (particularly Data Consumers) to implement proper data management and or data governance to ensure proper handling of data.
This building block is closely tied to Authorization, since a license may be part of an authorisation. The authorisation defines:
Which party
Is allowed to access which data attributes
(Optionally) at which Data Service Provider
(Optionally) with which terms and conditions for using the data (licenses)
Licenses are defined in framework documentation (see below). In Authorisations, licenses are applied. As defined in Authorization, and particularly in the iSHARE data model for authorisations, one or more licenses ("stacking") can be applied to an Authorisation. Data Owners must make sure that when more then one license is used, the licenses must not be contradictory.
Example of acceptable stacking of licenses
0004 Licensee may enrich received data with own data before re-sharing
XXXX Licensee may use received data in the region Europe
Licenses are defined on three layers:
iSHARE layer. The available licenses are defined in the iSHARE Trust Framework.
BDI layer. The available licenses are defined in this building block.
Association layer. The available licenses are defined in the framework agreements of a BDI Association (when these exist).
There are currently no specific BDI licenses defined.
Future topics that are of interest to this building block are:
Research how Incoterms can be applied in the context of licenses.
Research which technical controls are available to enforce adherence to licenses.
Align with other data spaces initiatives on the topic of policy enforcement.
Contribute to iSHARE's licenses framework through the iSHARE's Change Management process, particularly through RFC037 (including improved specification on the usage of ODRL).
This building block has been drafted using the following sources, that provide opportunity for further reading:
iSHARE Framework documentation, specifically on the topic of licenses
Data licenses
Descriptions of the terms and conditions for using data
Either in free form text or in ODRL
Data Owner
Has control over data and access to data,
Controls decisions on Data Sovereignty and Trust Sovereignty
Controls authorisation policies, representation rules, professional qualification verification of staff and contractors
Controls subscription to the Event Pub/Sub Service and publishing of events to subscribers
Controls discovery and endpoints
Controls roles assumed by entity
Data Consumer
Requests access to data and/or Representation Register and/or Professional Qualification Register of the data owner
Controls discovery and endpoints
Requests subscription to data owner’s Event Pub/Sub Service, receives and evaluates events
0000
No limitations
0001
Re-sharing with Adhering Parties only
0002
Internal use only
0003
Non-commercial use only: licensee may not use the data to generate revenue
0004
Licensee may enrich received data with own data before re-sharing
0005
Licensee may enrich received data with data of others before re-sharing
0006
Licensee may enrich received data with own data before re-sharing on a non-commercial basis
0007
Licensee may enrich received data with data of others before re-sharing on a non-commercial basis
9999
As determined between Parties