Academic Bibliography

 Search 200 years of publications by Ghent University researchers.
Advanced search
Add to list
  1. Search results
  2. A Solid use case to empower and prote...

A Solid use case to empower and protect data subjects : responsibilities under GDPR for governance of personal data stores

Michiel Fierens (UGent) , Harshvardhan J. Pandit, Aurelia Tamo-Larrieux and Kimberly Garcia
(2025) COMPUTER LAW & SECURITY REVIEW. 57.
Author
Organization
Abstract
Decentralised data governance has emerged as an alternative model in response to the challenges of managing data and privacy in conventional centralised models. ‘Personal Data Stores’ (PDS) are at the forefront of this movement and provide forms of control over storage and management of data to the individual with the goal of empowering them. In this article, we argue how PDS, while being important technological innovations, are challenging to implement in the current regulatory landscape as the interpretation of responsibilities under the GDPR is woefully inadequate for decentralised systems. This represents a challenge to the decentralisation movement and makes it difficult to empower and protect individuals under the GDPR (data subjects) using PDS. A thorough understanding of the technological and legal situation and therefore an interdisciplinary approach is essential to make policymakers aware of any efforts that still need to be made to realise the decentralisation paradigm's goal. We therefore build upon research investigating GDPR compliance in decentralised data storage and management but do so through an interdisciplinary lens applied to an emerging application, Solid, that provides technical specifications for implementing it as the leading PDS implementation. By taking an interdisciplinary approach, we consider the interaction between the legal definitions from the GDPR and the implications of established case law with Solid's technical specifications and its possible implementations. We conclude with recommendations regarding the division of responsibilities for policymakers, authorities, market participants and technical developers to simultaneously protect and empower those involved in the use of PDS, particularly through Solid. Furthermore, the role of decentralised systems such as Solid is discussed, as well as the current unclear regulatory landscape surrounding it in the context of implementing the Data Governance Act (DGA). The implications for further AI development and within data spaces are also considered.
Keywords
Decentralisation, Personal data stores, Solid, GDPR compliance, Empowerment and data protection, CONTROLLER

Citation

Please use this url to cite or link to this publication:

MLA
Fierens, Michiel, et al. “A Solid Use Case to Empower and Protect Data Subjects : Responsibilities under GDPR for Governance of Personal Data Stores.” COMPUTER LAW & SECURITY REVIEW, vol. 57, 2025, doi:10.1016/j.clsr.2025.106133.
APA
Fierens, M., Pandit, H. J., Tamo-Larrieux, A., & Garcia, K. (2025). A Solid use case to empower and protect data subjects : responsibilities under GDPR for governance of personal data stores. COMPUTER LAW & SECURITY REVIEW, 57. https://doi.org/10.1016/j.clsr.2025.106133
Chicago author-date
Fierens, Michiel, Harshvardhan J. Pandit, Aurelia Tamo-Larrieux, and Kimberly Garcia. 2025. “A Solid Use Case to Empower and Protect Data Subjects : Responsibilities under GDPR for Governance of Personal Data Stores.” COMPUTER LAW & SECURITY REVIEW 57. https://doi.org/10.1016/j.clsr.2025.106133.
Chicago author-date (all authors)
Fierens, Michiel, Harshvardhan J. Pandit, Aurelia Tamo-Larrieux, and Kimberly Garcia. 2025. “A Solid Use Case to Empower and Protect Data Subjects : Responsibilities under GDPR for Governance of Personal Data Stores.” COMPUTER LAW & SECURITY REVIEW 57. doi:10.1016/j.clsr.2025.106133.
Vancouver
1.
Fierens M, Pandit HJ, Tamo-Larrieux A, Garcia K. A Solid use case to empower and protect data subjects : responsibilities under GDPR for governance of personal data stores. COMPUTER LAW & SECURITY REVIEW. 2025;57.
IEEE
[1]
M. Fierens, H. J. Pandit, A. Tamo-Larrieux, and K. Garcia, “A Solid use case to empower and protect data subjects : responsibilities under GDPR for governance of personal data stores,” COMPUTER LAW & SECURITY REVIEW, vol. 57, 2025.
@article{01JTJD35DF4GKESRVPKHN90V44,
  abstract     = {{Decentralised data governance has emerged as an alternative model in response to the challenges of managing data and privacy in conventional centralised models. ‘Personal Data Stores’ (PDS) are at the forefront of this movement and provide forms of control over storage and management of data to the individual with the goal of empowering them. In this article, we argue how PDS, while being important technological innovations, are challenging to implement in the current regulatory landscape as the interpretation of responsibilities under the GDPR is woefully inadequate for decentralised systems. This represents a challenge to the decentralisation movement and makes it difficult to empower and protect individuals under the GDPR (data subjects) using PDS. A thorough understanding of the technological and legal situation and therefore an interdisciplinary approach is essential to make policymakers aware of any efforts that still need to be made to realise the decentralisation paradigm's goal. We therefore build upon research investigating GDPR compliance in decentralised data storage and management but do so through an interdisciplinary lens applied to an emerging application, Solid, that provides technical specifications for implementing it as the leading PDS implementation. By taking an interdisciplinary approach, we consider the interaction between the legal definitions from the GDPR and the implications of established case law with Solid's technical specifications and its possible implementations. We conclude with recommendations regarding the division of responsibilities for policymakers, authorities, market participants and technical developers to simultaneously protect and empower those involved in the use of PDS, particularly through Solid. Furthermore, the role of decentralised systems such as Solid is discussed, as well as the current unclear regulatory landscape surrounding it in the context of implementing the Data Governance Act (DGA). The implications for further AI development and within data spaces are also considered.}},
  articleno    = {{106133}},
  author       = {{Fierens, Michiel and Pandit, Harshvardhan J. and Tamo-Larrieux, Aurelia and Garcia, Kimberly}},
  issn         = {{2212-473X}},
  journal      = {{COMPUTER LAW & SECURITY REVIEW}},
  keywords     = {{Decentralisation,Personal data stores,Solid,GDPR compliance,Empowerment and data protection,CONTROLLER}},
  language     = {{eng}},
  pages        = {{16}},
  title        = {{A Solid use case to empower and protect data subjects : responsibilities under GDPR for governance of personal data stores}},
  url          = {{http://doi.org/10.1016/j.clsr.2025.106133}},
  volume       = {{57}},
  year         = {{2025}},
}
Altmetric
View in Altmetric
Web of Science
Times cited: