In this fast paced data sharing world we often encounter unclear and inconsistent use of specific terminology. Find below our definitions and usages.


Having accountability means that someone can be described as being liable or answerable for the completion of a certain task. Responsibility can be delegated, but accountability cannot.


An organisation or an individual performing one or more roles.


A uniform set of agreements or scheme that enables organisations and individuals to give each other access to their data.

Application Programming Interface (API)

A technical interface consisting of a set of protocols and data structuring (API specifications) which enables computer systems to directly communicate with each other. Data or services can be directly requested from a server by adhering to the protocols.


Any distinctive feature, characteristic or property of a data object that can be identified or isolated quantitatively or qualitatively by either human or automated means.


A process that is used to confirm that a claimed attribute of an entity is actually correct.


In the context of information security, authenticity refers to the truthfulness of information and whether it has been transmitted or created by an authentic sender. Authenticity can be achieved, e.g. by digitally signing a message with the sender’s private key. The recipient can verify the digital signature with the matching public key.


The process of giving someone or something permission to do something, for example to gain access to services, data or other functionalities.

Authorisation Registry (AR)

An authorisation registry manages Records of Authorisation (and, if relevant, Records of Delegation) so that Participants in the Collaborative Solution can verify whether a Data Consumer is authorised to access a specific Data Asset.

Bilateral Agreement

Covers agreements between two data-sharing actors, ranging from legal obligations to non-binding agreements of principle allowing them to share data.

Certificate Authority

A trusted third-party entity issuing digital certificates (e.g. X509-certificates) or host services to validate certificates issued.

Collaborative Solution

A solution in which multiple stakeholders work together to facilitate many-to-many data sharing. The solution can make use of multiple models (i.e. platform and scheme).


In the context of information security, confidentiality refers to the protection of information from disclosure to unauthorised parties.


Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


In the context of information security, credentials are used to control access of someone or something to something, for example to services, data or other functionalities. The right credentials validate (i.e. Authentication) the identity claimed during Identification.


CRUD (acronym for Create, Read, Update, Delete) are considered to be basic functions regarding stored data. In computer programming, possible actions are often mapped to these standard CRUD functions in order to clarify the actions. For example, standard HTTP(S) actions GET and POST refer to Read and Create functions regarding stored data.

Data Asset

A data resource, controlled by an organisation to generate revenue, e.g.: a system, application output file, document, database, web page.

Data Consumers

An individual, group, or application that receives data in the form of a collection. The data is used for query, analysis, and reporting.

Data Governance

A system that employs interoperability components (standards and poli- cies) to ensure the acceptable use and high quality of data within a specific ecosystem. Manages the availability, usability, consistency, integrity, and security of the data used.

Data Portability

The ability of data to be easily moved across interoperable applications and domains. The legal right to data portability, granted in some jurisdictions to individuals, can be delivered through a range of technical mechanisms and varies in scope according to the jurisdiction. Our principle of data portability encompasses the ease of both access to and reuse of data.

Data Model

Description of how data can be stored, processed and accessed.

Data Pollution

The abundance of data in the digital environment and the damage this can cause to citizens and businesses. It arises from the fact that people and organisations have been giving away massive amounts of data for decades.

Data Providers

Any person or organisation that makes data available.

Data Self-determination

The capacity of an individual or organisation to control who has access to their (personal) data and under what conditions (see also: Data Sovereignty).

Data Source

A source of data assets that is being exposed to data consumers by data providers. The role responsible for collecting, storing, and controlling personal data which persons, operators, and data using services may wish to access and use.

Data Sovereignty

The capability of an individual or organisation to be entirely self-determining with regard to their data (see also: Data Self-determination).

Data Using Service

The role responsible for processing personal data from one or more data sources to deliver a service.


The act of designating someone or something to act for another or to represent others. In a data sharing scheme, this means that one party designates another party to share or consume data or to issue authorisations on their behalf.


The overall system created by the activities and connections of a set of actors and infrastructure interacting according to a common set of rules. Multiple ecosystems can exist, overlap, and collaborate.


An EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. This regulation covers important aspects related to electronic transactions, such as qualified electronic certificates. eIDAS provides a safe way for users to conduct business online.


Encryption is the process of converting data from plaintext to ciphertext. Plaintext (also called cleartext) represents data in its original (readable) format, whereas ciphertext (also called cryptogram) represents data in encrypted (unreadable) format. Decryption is the process of converting data from ciphertext to plaintext. The algorithm represents the mathematical or non-mathematical function used in the encryption and decryption process. A cryptographic key represents the input that controls the operation of the cryptographic algorithm. With symmetric encryption the same key is use for encryption and decryption, whereas with asymmetric encryption two different, but mathematically related keys are used for either encryption or decryption, a so-called public key and a private key.


A system of rules, practices, and processes used to direct and manage an ecosystem. The four pillars of good governance are transparency, fairness, accountability, and security.

Identity Provider

An intermediary party offering services to create, maintain, manage and validate identity information for parties that share data within a collaborative solution (See also: Collaborative Solution).


A natural, living human being.


The ability of different systems to work in conjunction with each other and for devices, applications or products to connect and communicate in a coordinated way, without effort from the person.

Levels of Assurance

Within online authentication, depending on the authentication protocol used, different levels of assurance give the server different degrees of certainty about the client's identity. Depending on parameters such as the quality of the registration process, quality of credentials, use of biometrics or multiple authentication factors and information security, an authentication protocol can provide a server with high or low confidence in the claimed identity of the client. For low-interest products, a low level of assurance might be sufficient, while for sensitive data it is essential that a server is confident that the client’s claimed identity is valid.


Information about data that helps describe, structure or administer that data.


In the context of information security, non-repudiation refers to the fact that the sending (or transmission) and receipt of the message cannot be denied by either of the involved parties (sender and recipient).


The role responsible for operating infrastructure and providing tools for the person in a human-centric system of personal data exchange. Opera- tors enable people securely to access, manage, and use personal data about themselves as well as to control the flow of personal data within and between data sources and data using services.

Operator Network

A group of operators with some degree of mutual interoperability.


The role of data subject as represented digitally in the ecosystem. Persons manage the use of personal data about themselves, for their own purposes, and maintain relationships with other roles.

Proto operator

A product, service, or organisation that is in one way or another performing the role of an operator in personal data ecosystems or offers related tools, services, or technologies.

Persistent Identifier

A sequence of characters that identifies an entity, usually in the context of digital objects that are accessible over the internet. Typically, such an identifier is not only persistent but also actionable, i.e. it is a Uniform Resource Identifier (URI)​, ​usually of the https type, ​that you can paste into a web browser to be taken directly to the identified source.


A platform facilitates the exchange of value between two or more parties, with the multiple parties interacting through the platform.


Data origin.


A function or set of responsibilities for a particular purpose.


A common set of multilateral agreements that facilitates standardised and decentralised data sharing directly amongst participants.

Self-sovereign Identity (SSI)

A model for managing digital identities in which an individual or organisation has sole ownership over the ability to control their accounts and personal data without the need for intervening administrative authorities. SSI allows people to interact in the digital world with the same freedom and capacity for trust as they do in the offline world.

Separation of Concerns (SoC)

A principle by which a modular approach to the development of a system is adopted. This approach entails each section addressing a different aspect (concern) of the overarching system. In the context of SoC in the personal data ecosystem, processing, storing, aggregating, displaying, governing data are concerns that need to be managed in a modular, transparent manner. SoC enables more opportunities for module upgrade, reuse, and independent development.

Structured Data Assets

Data that adheres to a predefined data model which is primarily useful for interpretation by machines.

Trust Framework

A structure that lets people and organisations do business securely and reliably online.

Unstructured Data Assets

Data that does not have a pre-defined data model or is not organised in a pre-defined way, making it primarily interpretable by humans.

Let's get in touch

Ready to do business with the experts at INNOPAY?