Dataswift operates Personal Data Accounts (PDAs) that contains the individual’s HAT Database. PDAs can be hosted anywhere in the world. Only PDA owners can allow websites and applications to interact with the respective namespaces/folders in their PDAs and in turn, the data within. This includes systems belonging to governments and industry. Hence, no one except the PDA owner is able to see all the data in the entire HAT Database. While it enables the PDA owner to be private, decisions are required to be made on where the PDAs are hosted, the way the infrastructure is secured, and other parameters of hosting that are dependent on the cloud system the PDAs are on. This means that the operator of the platform infrastructure (ie Dataswift) has to be regulated, as it operates an infrastructure of what in essence is a “public good”.
The flow of data between the multiple technologies belonging to organisations, governments and people within the ecosystem requires foundational principles, and the implementation of these foundational principles require oversight. Also, while merchants and issuers are approved by Dataswift, these rules require standardisation, so that all in the ecosystem can benefit from its consistency and trust can be collectively built.
In addition, organisations and governments may request for different policies on the data at rest, in transit and in use. These policies would require transparency and accountability as well as responsibility in the way they are managed.
Data policies from other ecosystem members would need monitoring for effectiveness, responsiveness and efficiency as externalities from some of the policies may arise.
Dataswift sets up and executes the data contracts according to the request of its merchants and issuers. Such contracts have an impact on individuals and society, affecting equality, equitability, inclusivity, and a potential risk of harm. A regulatory governing model, incorporating representations by PDA owners and other stakeholders ensures the rules everyone operates on are fair and transparent while preserving the freedoms and data rights of individual PDA owners. This was the guidance from the original EPSRC HAT Research Project. In short, data within PDAs are not owned by Dataswift, and is considered a regulated asset.