Data spaces are not repositories: they are rules of the game

The value of a data space lies not in storing information in a central location, but in defining how different organisations can share, use or provide services based on data, in accordance with principles of trust, interoperability and control.

Data spaces · Interoperability · Governance · SSI · Sensitive data · Digital trust · Digital product

The data space as a framework of trust

A data space should not be understood as a shared cloud or a centralised repository, but rather as a framework of rules that enables organisations, data and services to be connected under clear conditions of trust.

For a long time, much of the discussion around data has centred on accumulating, centralising or integrating information. The more data, the better. The more accessible it is, the greater its value. But in sectors involving multiple organisations, disconnected systems, sensitive data and legal responsibilities, the problem is not usually just where to store the information, but how to enable it to be used without losing control.

That is where data spaces begin to make sense. Not as a platform where everything is copied, but as an environment where access rules, terms of use, permissions, standards, traceability and trust mechanisms are defined amongst parties who do not necessarily share infrastructure or have a pre-existing relationship.

This idea significantly changes the approach to the product. It is no longer simply a matter of designing a database, an API or an exchange portal, but rather of designing an ecosystem in which each participant can provide, consume or process data in a controlled manner, whilst maintaining sovereignty, security and real utility.

From data sharing to conditional data sharing

Having worked on projects relating to interoperability, verifiable credentials, health data and services linked to data spaces, it is becoming increasingly clear to me that the challenge lies not merely in moving information from one system to another. The challenge lies in ensuring that this exchange is meaningful, well-governed and sustainable within real-world processes.

Sharing data seems like a simple idea until the important questions arise. Who can access it? For what purpose? For how long? With what consent? Under what standard? With what safeguards? What happens if the data is sensitive? Which parts are used on a temporary basis? Which organisation retains responsibility? Which system verifies that the rules are being followed?

That is why a data space cannot be reduced to a technical integration. It may include connectors, catalogues, services, APIs or identity mechanisms, but its value lies in the governance that enables all of this to function. Without clear rules, data exchange becomes just another transfer. With well-designed rules, it can become a collaborative infrastructure.

Having worked on projects relating to interoperability, verifiable credentials, health data and services connected to data spaces, it is becoming increasingly clear to me that the challenge lies not merely in moving information from one system to another. The challenge lies in ensuring that this exchange is meaningful, well-governed and capable of being sustained within real-world processes.

Sharing data seems like a simple idea until the questions arise. This is particularly important in sectors such as healthcare, public administration, industry, energy and mobility, where information can be highly valuable but also subject to numerous restrictions. In these contexts, data cannot circulate without context. It requires standards, traceability, permissions, access controls and an experience that helps users understand what is being shared and for what purpose.

The opportunity lies in shifting from a mindset of data ownership to one of trustworthy use. It is not always necessary to move the entire dataset, duplicate it or hand it over permanently. Sometimes the value lies in enabling a query, a transformation, a validation or a temporary service based on data that remains under the control of the provider.

fotografía abstracta que representa la idea de círculo o gobernanza en un espacio de datos

El reto está en hacerlo operable

The concept of a data space may sound abstract unless it is applied to specific use cases. For it to work, it is not enough simply to define a technical framework or a reference architecture. These rules must be translated into workflows, permissions, services, decisions and experiences that organisations can understand and use.

Governance before platform

A data space requires technology, but it does not start with technology. It begins by defining who is involved, what they can contribute, what they can access, under what conditions, and what their responsibilities are. Without such governance, any platform runs the risk of becoming just another repository, lacking the trust necessary for organisations to share valuable information.

True interoperability

Data exchange only adds value if systems can understand one another. This involves working with standards, common models, structured formats and mechanisms that enable heterogeneous information to be transformed into useful data. In healthcare, for example, it is not enough simply to have clinical reports: they need to be structured so that they can be integrated, accessed or reused securely.

Identity and trust

For a data space to function, it is not enough simply to know what data is being shared; one must also know who is providing it, who is using it, and on what legal basis. Digital identity, verifiable credentials and authorisation mechanisms can play an important role here, particularly when organisations, professionals, patients, public authorities or third parties with different levels of access are involved.

Controlled use of data

The key is not always to hand over data, but to allow specific uses under specific rules. A data space can enable temporary queries, transformation services, analytics, validation or training under defined conditions. This approach allows value to be explored without turning the exchange into an indiscriminate transfer of information.

SSI and standards as components of the ecosystem

Interoperability does not depend solely on data being in a common format. It also requires trust in who is involved, what attributes each participant has, and what permissions apply to each interaction.

Within a data space, SSI can provide a highly useful layer for representing identity, attributes, authorisations or consent in a verifiable manner. An organisation could demonstrate that it is authorised to access a service; a professional could verify their role; a patient could submit information under certain conditions; or one entity could verify that another meets certain requirements before permitting data access.

Verifiable credentials do not replace the data space, but they can reinforce its trust framework. They help ensure that stakeholders do not rely solely on closed integrations or manual validations, but rather on digital proofs that can be presented and verified within the workflow. This is particularly relevant when there are multiple organisations, distributed trust relationships or processes where it is important to know in what capacity each participant is acting.

Data standards fulfil another equally important function. In healthcare, for example, HL7 enables clinical information to be structured so that it can be understood by different systems. Without that layer, a scanned scan, a PDF report or a fragmented medical record may contain valuable information, but it is difficult to reuse in a care, research or decision-support process.

The combination of data spaces, standards and verifiable identity can open up some very powerful possibilities. Not because everything magically connects, but because it allows us to organise various elements that are usually separate: who I am, what data I have, what format it uses, what permissions exist, which service can process it and what use is permitted.

But precisely for that reason, the product challenge is considerable. If all these concepts are presented to the user as technical jargon, the system will not be adoptable. No one should need to understand in detail what SSI, HL7, a verifiable credential or a data space connector is in order to benefit from the workflow. The user experience must translate all of this into understandable actions: requesting, authorising, sharing, transforming, querying, verifying or revoking.

That is why designing products for data spaces requires looking beyond the architecture. It is essential to understand the use case, the stakeholders, the sensitivity of the data, the necessary standards, the access rules and the exact moment at which each person or organisation needs to make a decision.

From architecture to real value

A data space only begins to have value when its rules are transformed into useful, understandable and actionable services for those involved.

The promise of data spaces is very powerful: to enable organisations that previously operated in isolation to collaborate, share information or use services without relinquishing control over their data. But that promise cannot be realised through technology alone. It requires governance, standards, trust, a good user experience and use cases that justify the effort involved in participating.

For those of us working on digital products, the challenge lies in making sense of that complexity without oversimplifying it. A data space is not a screen, nor a dashboard, nor an API. It is an ecosystem of relationships, permissions, responsibilities and services. Designing it well involves turning abstract rules into clear workflows, and ensuring that trust is not merely a technical requirement, but an experience that is understandable to both individuals and organisations.

Entrada anterior Entrada siguiente

Let’s talk about data, trust and interoperability

I work on digital products where data, identity, interoperability and user experience need to coexist seamlessly. If you’re exploring use cases related to data spaces, verifiable credentials or trust-based services, let’s have a chat.

Macarena Torralba

Product Innovacion · UX Strategy · IA & Emerging Tech

Defining and bringing to market complex digital products at the intersection of experience, technology, and innovation.