Servitly DPS provides all the functionalities you need to be compliant with the EU Data Act and deal with its technical implications.
Prepare for Raw Data sharing:
Raw Data Definition: Define the Raw Data involved in data sharing.
Metadata Documentation: Document Raw Data.
Share Raw Data with users:
Data Export: Let your users export Raw Data.
Deal with third parties (Data Recipients) and allow customers to share Raw Data with them:
Data Recipient Registration: Let third-party service providers self-register in the DPS, and, as Data Recipients chosen by users, allow them to access customer data.
Data Sharing: Allow customers to share Raw Data with Data Recipients.
Data API Access: Allow Data Recipient clients to access customers’ data through API.
Manage compensation collection:
Data Access Subscriptions: Manage subscriptions and collect a compensation fee from Data Recipients accessing customer data.
Raw Data Definition
The first step to allow Raw Data export and sharing through APIs is defining which data is involved.
Within the Console, you can leverage the concept of Metric Set, which is used to group similar metrics (e.g., by topic, by usage) and define permissions for accessing data sets.
In the DPS, a Raw Data metric set is used when users want to export data or make API calls.
The predefined Metric Set Raw Data is used to define which metrics are to be considered Raw according to the Raw Data definition by the Data Act.
In most cases, Servitly's concept of Raw Data matches the Data Act definition, but in some cases, Raw Data metrics may also be used to publish data that is the result of a processing function (e.g., edge computing). For this reason, by default, all the Raw Data metrics are included in the predefined Metric Set called Raw Data. It is up to the Console user to define whether some metrics must be excluded from this metric set.
Metadata Documentation
To fulfill the obligation to document Raw data, in the Console for each metric, you can:
define a technical name and a friendly label;
define the short description of the metric;
specify the unit of measurement to which the values refer;
define the technical description of the metric, for instance, data format, sampling frequency, and publishing policy.
The DPS users access the page Data Documentation, where to find the details of each metric they can read.
Data Export
In the DPS, from the Data Management page, users can easily download the Raw Data generated by the connected products they are authorized to see.
By default, when a new Data Export is created, all the Raw Data metrics are exported, but optionally, the user can select other Metric Sets (if defined) or other metrics according to the user's permission to access such metrics.
When created, the Data Export is scheduled and executed. When ready, the status becomes COMPLETED, and the download link appears.
In the alternative, Raw Data can be accessed via API, but this requires the Raw Data API Access feature to be subscribed.
Optionally, the data export directly from the DPS can be disabled for Data Recipients. It is enough to remove the EXPORT_DATA user permission from the Data Recipient UserType.
Data Recipient Registration
To fulfill the obligation to share Raw data with third parties, firstly, you need to manage third parties in the DPS.
In the DPS, a third party can be managed by using the concept of Data Recipient.
A Data Recipient can be manually registered by the organization's back office, or if enabled, they can use self-registration.
By enabling self-registration, you allow Data Recipients to register themselves in the DPS.
Here are the main steps of the self-registration process:
A Data Recipient wishes to access customer data and provide additional services to the DPS customers.
From the DPS login page, a Data Recipient manager can initiate a self-registration process.
During the user registration, the user must provide details such as company name, company size (SME or LE), contact information, and any other relevant information.
To complete registration, the user must also accept the application's agreements, which include the general terms of service, privacy policy, and any additional agreements required by the organization.Once the process is completed, a new Partner entity is created in DPS along with the manager user.
However, access to the DPS remains pending until the organization’s back office approves it.The back-office team receives an email notification related to the new Data Recipient registration request.
By following the link in the email, they can review the submitted information and approve the Data Recipient to access the DPS.The Data Recipient manager receives a confirmation email and gains access to DPS.
They may also create additional users under the same entity (e.g., colleagues).
At this point, the Data Recipient can access the DPS, but until a customer decides to share data with them, there will be nothing to see.
Data Sharing
To fulfill the obligation to share Raw data with third parties upon request by the user, you can leverage the Raw Data Authorization.
In the DPS, Customer users can manage the authorizations of registered Data Recipients to access Raw Data.
The Raw Data Authorization flow is composed of the following steps:
A customer wants to share Raw Data with a third-party service provider, the Data Recipient.
The customer enters the Data Management page, and within the Data Sharing section, can generate new Data Sharing Tokens.
The Customer sends the Data Sharing Token to the Data Recipient (via email, sms or any other preferred channel).
The Data Recipient manager user receives a Data Sharing Token, and from the Data Management page, they can register the token to gain access to customers’ shared data.
By confirming, the Data Recipient will be able to access the Customer’s Raw data via API or Data Export directly from the DPS.
Note that, when the Data Recipient register the Data Sharing Token, Partner-to-Thing Authorizations are update, and the Data Recipient gains access to view the customer’s things associated to that token.
Moreover, in case a Digital Plan has been configured for Partners, also the related Subscription is updated.
When the Data Recipient accepts a first Data Sharing Token, an API Key is automatically generated and made available in the Account / API Key page.
Data API Access
The Data Recipient can use their API Key to access data via API as described in the article How to make API requests.
The API Key is automatically generated when the Data Recipient accepts the first Data Sharing Token.
These are the API endpoints a Data Recipient can use:
Get all things: It retrieves the list of all things that have been authorized by Customers to the Partner.
Get thing metric values: It retrieves the metric values, giving a thing ID, a metric name, and other parameters (start/end timestamp, aggregation, etc.).
Get thing metrics last value: It retrieves the last value of multiple metrics, giving a thing ID and a set of metric names.
Data Recipients can only access data:
Related to metrics included in the Metric Set Raw Data.
Related to customers, who have authorized them to access.
Authorizations are automatically updated when the Data Recipient accepts the Data Sharing Token.
In the Data Access Guide for Data Recipients article, you will find a complete guide you can share with Data Recipients to help them access data.
Data Access Subscriptions
To exploit the right to request a compensation fee from third parties (Data Recipients), you can leverage the Digital Services feature.
In the Console, when you define Digital Plans or Add-ons for Data Recipients, you can enable access to Raw Data via API by using the predefined feature Raw Data API Access, which can be included in a paid Digital Plan or Add-on.
For instance, below we can see that Data Recipients can subscribe to the RAW Data Access plan at a cost of 12 €/thing/year.
In this way, when a Data Recipient accepts a Data Sharing Token, the Subscription is updated with the new things of the Customer, and thus also the subscription fee is updated accordingly.
A Data Recipient can access customer data via API only if the Subscription has been paid.
The Organization back-office can view and manage subscriptions of Data Recipients from a dedicated Subscriptions page.
