The practical exercise of personal data sovereignty remains limited, despite the rights established by existing data protection frameworks. Individuals often lack the ability to access and govern their personal data, particularly when it is distributed across organisational systems and used in contexts such as AI model training. This paper discusses the implementation of a data sovereignty framework designed to give individuals practical control over their distributed personal data, especially regarding AI training usage. The framework consists of two components: an Ontology-Based Data Federation (OBDF) system, which enables unified access to distributed data using Schema.org, and a Personal Data Policy Control (PDPC) service that supports detailed governance through extensions to the Open Digital Rights Language (ODRL). In addition to general policy controls, the framework introduces mechanisms to specify AI training restrictions, including prohibitions, algorithm- specific constraints, and purpose limitations expressed through privacy tiers. By combining data federation with enforceable, subject-defined policies, the implementation addresses practical gaps in personal data governance and supports more transparent and accountable data use in AI and beyond.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Extending Personal Data Sovereignty by Enabling Governance of AI Training on Personal Data

  • Vijon Baraku,
  • Iraklis Paraskakis,
  • Simeon Veloudis,
  • Poonam Yadav

摘要

The practical exercise of personal data sovereignty remains limited, despite the rights established by existing data protection frameworks. Individuals often lack the ability to access and govern their personal data, particularly when it is distributed across organisational systems and used in contexts such as AI model training. This paper discusses the implementation of a data sovereignty framework designed to give individuals practical control over their distributed personal data, especially regarding AI training usage. The framework consists of two components: an Ontology-Based Data Federation (OBDF) system, which enables unified access to distributed data using Schema.org, and a Personal Data Policy Control (PDPC) service that supports detailed governance through extensions to the Open Digital Rights Language (ODRL). In addition to general policy controls, the framework introduces mechanisms to specify AI training restrictions, including prohibitions, algorithm- specific constraints, and purpose limitations expressed through privacy tiers. By combining data federation with enforceable, subject-defined policies, the implementation addresses practical gaps in personal data governance and supports more transparent and accountable data use in AI and beyond.