Personal data within PDAs is a “regulated asset” in terms of its storage, exchange, and usage because it does not belong to Dataswift.
Dataswift is merely a steward of the personal data server that houses the personal data asset, owned by the PDA owner
If we handle the PDAs or the data assets correctly, we would be liable.
Rules set by the Foundation and by Dataswift seeks to protect ourselves and customer applications so that we would not be accused of (1) being biased in operating the exchange (2) illegality of accessing data it does not own (3) being unethical in data usage (4) taking actions to the detriment of its stewardship role for the purpose of its commercial interests
These rules of stewardship are the policies that Dataswift upholds.
These policies must be transparently, objectively, and uniformly executed under the oversight of the HAT Community Foundation
The policies also enable the regulator to have an oversight function, approving new policies, or amendments to it.
review all applications before they go live in production environments
set up the permission contracts between application owners and PDA owners for “tenancy” of namespaces, access to namespaces, or any other data requested from a PDA owner
report to the platform committee (where the regulator has an oversight role) when the risks of setting up the permissions are too high (based on predetermined thresholds)
represent Dataswift’s position whenever the platform committee escalates to the HAT Community Foundation Ethics Board due to its inability to make a decision (e.g. if there is disagreement)
support Dataswift sales with consultancy on best forms of architectural and conduct policies for integrating with PDAs
There are 5 parts to this process. To read more, see Application Governance.