Apidays London 2024 - The Hidden Power Brokers in the EU Data Act Enforcement by David Vazquez Cortizo, apinity.pdf
APIdays_official
173 views
15 slides
Oct 12, 2024
Slide 1 of 15
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
About This Presentation
APIs: The Hidden Power Brokers in the EU Data Act Enforcement
Dr. David Vazquez Cortizo, Managing Director & CTO - apinity
apidays London 2024 - APIs for Smarter Platforms and Business Processes
September 18 & 19, 2024
------
Check out our conferences at https://www.apidays.global/
Do yo...
Slide Content
APIs - The hidden power brokers in
the EU Data Act enforcement
David Vazquez Cortizo
Managing Director @apinity.io
the EU Data Act enforcement
David Vazquez Cortizo
Managing Director @apinity.io
Agenda
●Intro to EU Data Access regulation
●Implications for the impacted actors
●Technical readiness journey
●Summary
●Intro to EU Data Access regulation
●Implications for the impacted actors
●Technical readiness journey
●Summary
3
EU Broader context of data access regulation
EU Broader context of data access regulation
4
EU Data Act due in Sep 2025
The EU Data Act is a regulation on harmonised
rules on fair access to and use of data. Designed
to enhance the EU’s data economy and foster a
competitive data market (in particular for the IoT
industry), it clarifies who can use what data and
under which conditions.
The Data Act gives users of connected products
(businesses or individuals that own, lease or rent
such a product) greater control over the data they
generate, while maintaining incentives for those
who invest in data technologies. It also lays down
general conditions for situations where a business
has a legal obligation to share data with another
business.
EU Data Act due in Sep 2025
The EU Data Act is a regulation on harmonised
rules on fair access to and use of data. Designed
to enhance the EU’s data economy and foster a
competitive data market (in particular for the IoT
industry), it clarifies who can use what data and
under which conditions.
The Data Act gives users of connected products
(businesses or individuals that own, lease or rent
such a product) greater control over the data they
generate, while maintaining incentives for those
who invest in data technologies. It also lays down
general conditions for situations where a business
has a legal obligation to share data with another
business.
5
EU Data Act due in Sep 2025
Chapter II on business-to-business and business-to-consumer data sharing in the context of IoT:
users of IoT objects can access, use and port data that they co-generate through their use of a
connected product.
Chapter III on business-to-business data sharing: this clarifies the data-sharing conditions
wherever a business is obliged by law, including through the Data Act, to share data with another
business.
Chapter V on business-to-government data sharing: public sector bodies will be able to make
more evidence-based decisions in certain situations of exceptional need through measures to
access certain data held by the private sector.
https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained
EU Data Act due in Sep 2025
Chapter II on business-to-business and business-to-consumer data sharing in the context of IoT:
users of IoT objects can access, use and port data that they co-generate through their use of a
connected product.
Chapter III on business-to-business data sharing: this clarifies the data-sharing conditions
wherever a business is obliged by law, including through the Data Act, to share data with another
business.
Chapter V on business-to-government data sharing: public sector bodies will be able to make
more evidence-based decisions in certain situations of exceptional need through measures to
access certain data held by the private sector.
https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained
6
Implications on the affected industries and players
Data holders (e.g. your connected car company) is
obliged to grant users access to generated data
-> includes non personal data
Users are entitled to share their data with third
parties for predefined purposes
-> direct competition purposes excluded
Data holders are obliged to make data accessible to
third parties under “reasonable terms”
-> Reasonable compensation must be agreed upon
Data holders must provide “necessary data” access
to public authorities
-> Free of charge in case of public emergencies
Implications on the affected industries and players
Data holders (e.g. your connected car company) is
obliged to grant users access to generated data
-> includes non personal data
Users are entitled to share their data with third
parties for predefined purposes
-> direct competition purposes excluded
Data holders are obliged to make data accessible to
third parties under “reasonable terms”
-> Reasonable compensation must be agreed upon
Data holders must provide “necessary data” access
to public authorities
-> Free of charge in case of public emergencies
7
Implementing EU Data Act / FIDA technical readiness
Only mandated in FIDA
Not spoken of in the EU Data Act
Implementing EU Data Act / FIDA technical readiness
Only mandated in FIDA
Not spoken of in the EU Data Act
1.Prepare Your Systems & Data
Identify which core product data needs to be exposed & prepare core system
2.Expose APIs to the outside - securely at scale
APIs must be exposed securely - Authorization is controlled by user consent
Large and very dynamic number of consumers supported
3.Build Customer Dashboards
Expand data model to support customer consent dashboards
Implement customer consent dashboard application(s)
4.Verify and upgrade your IAM
Verify capabilities of your Identity and Access Management (IAM) - OIDC
5.Integrate & Validate
Integration and validation of end2end use cases
Monetize your APIs
API Monetization readiness
EU Data Act / FIDA Readiness in a nutshell
1
5
2
3
4
6
Identify which core product data needs to be exposed & prepare core system
2.Expose APIs to the outside - securely at scale
APIs must be exposed securely - Authorization is controlled by user consent
Large and very dynamic number of consumers supported
3.Build Customer Dashboards
Expand data model to support customer consent dashboards
Implement customer consent dashboard application(s)
4.Verify and upgrade your IAM
Verify capabilities of your Identity and Access Management (IAM) - OIDC
5.Integrate & Validate
Integration and validation of end2end use cases
Monetize your APIs
API Monetization readiness
EU Data Act / FIDA Readiness in a nutshell
1
5
2
3
4
6
9
Technical readiness for EU Data Act / FIDA as Data Holder
/Identify product data that has to be exposed
#There will be a certain amount of uncertainty that has to be managed
#Amount of uncertainty should not be used as an excuse for inaction
/Evaluate readiness of software architecture to expose data through
secure APIs, including data mapping capabilities
#Your IAM must support OAuth2
#Your APIs must be access controlled using OAuth2
Technical readiness for EU Data Act / FIDA as Data Holder
/Identify product data that has to be exposed
#There will be a certain amount of uncertainty that has to be managed
#Amount of uncertainty should not be used as an excuse for inaction
/Evaluate readiness of software architecture to expose data through
secure APIs, including data mapping capabilities
#Your IAM must support OAuth2
#Your APIs must be access controlled using OAuth2
10
Technical readiness for EU Data Act / FIDA as Data Holder
/Redesign/expand the data model of your core system
#To be able to link product, user identifiers and list of Data Users
#(FIDA required) Customer dashboards will be based on this extended data model
/Implement customer dashboard as consent interface
#Explicitly mandated for FIDA only, arguably needed for the EU Data Act case anyway
#For easy management (e.g. revoke access capability) of given consents by users
/Implement new business logic (application, module, microservice)
#To manage new consents
#To revoke consent requests
Technical readiness for EU Data Act / FIDA as Data Holder
/Redesign/expand the data model of your core system
#To be able to link product, user identifiers and list of Data Users
#(FIDA required) Customer dashboards will be based on this extended data model
/Implement customer dashboard as consent interface
#Explicitly mandated for FIDA only, arguably needed for the EU Data Act case anyway
#For easy management (e.g. revoke access capability) of given consents by users
/Implement new business logic (application, module, microservice)
#To manage new consents
#To revoke consent requests
11
/Ensure your Identity and Access Management (IAM) system
#supports OAuth2 and OIDC (OpenID Connect) -> 3 legged tokens
#serves web pages/iframes so that users can grant access to Data Users (third parties)
#supports fine grained access control -> using OAuth2 scopes / claims in the JWT token
#can generate an audit log to resolve potential litigation issues
(e.g. customer claiming that his data was accessed without his/her consent)
/Identify and support End2end integration scenarios
#User consent management flows
#Data access from third parties (Data Users)
Technical readiness for EU Data Act / FIDA as Data Holder
/Ensure your Identity and Access Management (IAM) system
#supports OAuth2 and OIDC (OpenID Connect) -> 3 legged tokens
#serves web pages/iframes so that users can grant access to Data Users (third parties)
#supports fine grained access control -> using OAuth2 scopes / claims in the JWT token
#can generate an audit log to resolve potential litigation issues
(e.g. customer claiming that his data was accessed without his/her consent)
/Identify and support End2end integration scenarios
#User consent management flows
#Data access from third parties (Data Users)
Technical readiness for EU Data Act / FIDA as Data Holder
12
/Address API Monetization
#Externalize the capability by onboarding your APIs on an API Marketplace
#Choose vendor providing API Management solution with metering & billing capabilities
#Develop internally
Technical readiness for EU Data Act / FIDA as Data Holder
/Address API Monetization
#Externalize the capability by onboarding your APIs on an API Marketplace
#Choose vendor providing API Management solution with metering & billing capabilities
#Develop internally
Technical readiness for EU Data Act / FIDA as Data Holder
13
/Breaking down silos: EU Data Act promotes data sharing across industries
/New business models enabled by cross-sector data access
/Opportunities for SMEs - Fair access to data
/Increased transparency and competition in the market
The EU Data Act as a catalyst for cross-sector innovation:
/Breaking down silos: EU Data Act promotes data sharing across industries
/New business models enabled by cross-sector data access
/Opportunities for SMEs - Fair access to data
/Increased transparency and competition in the market
The EU Data Act as a catalyst for cross-sector innovation:
14
/The EU is using regulation to drive open data markets
#EU Data Act is a transversal law with specific focus on the IoT industry
#FIDA is specific for the financial industry (including P&C insurance)
/Product and User data will be exposed through APIs
/Technical readiness includes
#Identify and expose relevant product data via secure APIs
#Extend data models to support user consent management
#Specific requirements for the Identity and Access Management system
#API Monetization - Consider use of API Marketplaces (public or SaaS)
Summary
/The EU is using regulation to drive open data markets
#EU Data Act is a transversal law with specific focus on the IoT industry
#FIDA is specific for the financial industry (including P&C insurance)
/Product and User data will be exposed through APIs
/Technical readiness includes
#Identify and expose relevant product data via secure APIs
#Extend data models to support user consent management
#Specific requirements for the Identity and Access Management system
#API Monetization - Consider use of API Marketplaces (public or SaaS)
Summary
The API marketplace company
E-Commerce Journey | Gateway agnostic | Regulated Industries
Meet us for a Chat
Thank you
E-Commerce Journey | Gateway agnostic | Regulated Industries
Meet us for a Chat
Thank you
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 173
- Slides 15
- Age 420 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
33 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
36 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
33 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views