- Personal data within PDAs is a “regulated asset” in terms of its storage, exchange, usage because it does not belong to Dataswift.
- Dataswift is merely a steward of the personal data server that houses the personal data asset, owned by the PDA owner
- Dataswift has to handle the PDAs and the data assets correctly and ensure that clients of Dataswift are also compliant.
- Rules set by Foundation and Dataswift seeks to protect Dataswift and applications so that Dataswift would not be accused of (1) being biased in operating the exchange (2) illegality of accessing data it does not own (3) being unethical in data usage (4) taking actions to the detriment of its stewardship role for the purpose of its commercial interests
- These rules of stewardship are the policies that Dataswift uphold.
- These policies must be transparently, objectively and uniformly executed under the oversight of the HAT Community Foundation
- The policies also enable the regulator to have an oversight function, approving new policies, or amendments to it.
- We review all applications before they go live in production environments
- We set up the permission contracts between application owners and PDA owners for “tenancy” of namespaces, access to namespaces, or any other data requested from a PDA owner
- We report to the platform committee (where the regulator has an oversight role) when the risks of setting up the permissions are too high (based on predetermined thresholds)
- We represent Dataswift’s position whenever the platform committee escalates to the HAT Community Foundation Ethics Board due to its inability to make a decision (e.g. if there is disagreement)
- We support Dataswift sales with consultancy on best forms of architectural and conduct policies for integrating with PDAs
Dataswift governance consists of 5 parts:
(1) Permissions Request and Application rating
(3) Contract maintenance
(4) Continuing monitoring and audits