Data Sovereignty in Personal Data Mobility Ecosystems: A Business Model Perspective

The shift to Personal Data Ecosystems (PDEs) calls for sustainable business models that strike a balance between data sovereignty for individuals and data providers. In PDEs, data subjects gain by retaining control over their data. However, data providers relinquish some control when they grant this data subject control, as sharing data may risk exposing commercially sensitive details to competitors. This is especially relevant in mobility ecosystems where the lack of data control and privacy hinders data sharing. This research applies a business model perspective to data sovereignty and PDE research, offering a comprehensive framework for understanding the strategic decisions data providers make regarding data access control in PDEs. Concretely, we investigate the business dimensions that influence data providers' willingness to grant data access control to data subjects via a two-staged methodology. In a first step, 25 interviews identified key business dimensions, representing a trade-off between value proposition (user- and ecosystem value), value network (collaboration and competition), value finance (value capturing and privacy risk) and value architecture (coreness of data and level of processing of data). In a second stage, a use case analysis of a mobility PDE was performed, utilizing an Analytic Hierarchy Process (AHP) to quantify the preferences of data providers within a mobility ecosystem involving 21 mobility and data experts. The findings show value proposition and value finance are the most salient dimensions in this mobility ecosystem. However, they also reveal critical sector-specific (MaaS Vs. C-ITS) trade-offs between the business model dimensions. The findings reveal sector-specific variations in granting data access control, particularly in MaaS and C-ITS. Key differences shaping business models include data processing levels, privacy risks, and differences in user versus ecosystem orientation.  Our results enable deeper understanding of drivers for willingness to grant data access control from the data provider perspective, providing valuable insights into the economic viability and strategic considerations of PDEs, contributing to the broader discourse on data sovereignty and business models