TNO 700x490

Data management in blockchains – governance

By Wout Hofman - senior scientist TNO

In the era of data platforms, the importance of data management increases. Blockchain technology potentially replaces these data platforms and, even more, claims disintermediation. But how does application of this innovative technology relate to data management? What can we learn from data management and what can we do? Standardization is important to create a trusted, open, and neutral data sharing infrastructure.

Data management distinguishes three basic roles, namely data owner, - steward, and – custodian. Each organization will have these roles where business departments like in- and outbound logistics, marketing & sales, and operation act as data owner and the IT department as data steward and – custodian. A data steward is responsible for developing IT functionality to support business processes (software and databases), a data custodian for availability of this functionality based on agreed (non-functional) requirements of the business formulated by the data steward role.

The internal IT department of an organization gradually may have outsourced its role as data custodian to a cloud service provider with an SLA (Service Level Agreement). Additionally, COTS (Commercial Off The Shelve) software providers offered their solution as a cloud service, acting both as data steward and – custodian.

The introduction of data platforms leads to outsourcing (part of) the data steward role of those IT departments. A data platform provides a set of interfaces with its semantics and processing rules for data sharing between customers and service providers.


And now we have blockchain technology claiming disintermediation.  Any blockchain consists of so-called ‘smart contracts’ and ‘nodes’ acting as an immutable distributed database of both data and smart contracts. The network of nodes acts as data custodian. Already, cloud service providers offer such a service. The network of nodes can also be implemented by more than one cloud service provider, or more general, by as many data custodians as required by data owners.

In an open blockchain network like Ethereum, the data steward role consists of the developers of the ‘smart contracts’, i.e. the software code implementing data semantics and – processing, the majority of minors that approve adding the code to the blockchain, and the data owners being able to read and validate the working of the code. Any developer can potentially act as data steward and publish is software code on an open network, which as we can already observe leads to many blockchain applications.

The data steward role is part of the governance structure of a network that can be open or proprietary. In many proprietary blockchains, data owners and/or their representatives and a data steward role provided by a(n independent) IT service provider define the functionality and thus the software code. In such a case, the network is permissioned: there are access rules for data owners utilizing the blockchain. The IT service provider will most probably also provide the data custodian function as part of its cloud service offering.


We foresee that standardization can play an important role as data steward for constructing open, permissioned blockchains. There are many standardization bodies with open, transparent procedures, e.g. International Standardization Organization (ISO) and World Wide Web Consortium (W3C). What would be required of those bodies is to develop specifications of software code (the ‘smart contracts’) that can be implemented by any IT service provider and deployed by an open, permissioned network of data custodians.

By relating data management roles to blockchains, we are able to identify their governance structure, but potentially also identify missing elements. For instance, can we assume the SLA (Service Level Agreement) of the custodian network is based on features of blockchain like immutability, transparency, and performance of the technology or do we need to consider aspects like those that apply to cloud service providers regarding re-use of data? Do we really want full transparency for interorganizational data sharing? Can we implement data management policies for economic - and privacy sensitive data on a blockchain? In case we implement these data policies, do we allow any data custodian being part of the network to access (and potentially re-use) the data stored in the blockchain? Is there a difference between a community governed data platform versus a community governed blockchain? Can standardization really act as data steward for these types of infrastructures?


So, there are still many questions. The basic questions are: how do we want to implement the various roles (governance) and can we already start developing a blockchain? Starting with the last: start but be aware to conform the solution to become open and neutral (if required). Regarding the first, our proposed way forward to create an open blockchain based data sharing infrastructure by:

  • Data steward: standardization bodies with open and transparent procedures,
  • Development: any IT service provider developing standard compliant software code for deployment on an infrastructure of one or more technologies,
  • Data custodian: certified node providers implementing data sovereignty of data owners.
  • Data owner: anyone that can be identified by the infrastructure and connects to the software code implementing open standards.

Spark! and its partners will assist you. Contact us.