Skip to main content

A data intermediation service provider (DISP) is a key entity under EU regulations designed to facilitate the structured sharing and accessing of data between various parties. DISPs offer platforms, databases, or other infrastructures enabling data exchanges between data holders and potential users. These services may include the creation of bilateral or multilateral data exchange environments, platforms for joint data use, and specific setups to connect data holders with users. Additionally, DISPs play a crucial role in assisting data subjects​ —​ individuals whose personal data is handled​ —​ by providing the technical means necessary to make their data available while ensuring the exercise of their rights under EU data protection laws. DISPs must notify the competent authority before offering their services, ensuring adherence to regulatory standards and conditions, which include maintaining separate operations for their data intermediation activities and upholding non-discriminatory access to their services.

What is a MyData Operator

MyData operators, as described in the MyData Global Operator whitepaper, are a specialised type of Data Intermediation Service Provider (DISP) centred on human-centric personal data management. They provide an 'infrastructure' that ensures interoperability at the technical, informational, and governance levels, thus facilitating the seamless flow of personal data across services. This approach is in alignment with the EU data strategy's emphasis on creating "data spaces," where data can be securely and efficiently shared under a framework that prioritises individual data rights and governance. As outlined in the EU Data Governance Act (Article 12), MyData operators play a pivotal role in realising the human-centric approach to data intermediation, essential for implementing the broader vision of the EU's data strategy. Their role underscores the importance of developing systems that support data exchange and enhance individuals' control over their personal information.

MyData Operator ecosystem

A MyData Operator ecosystem realised by is as illustrated below.

A typical MyData Operator ecosystem is composed of actors holding one or more of the roles described below:

  • Individual: This is the role of data subject as represented digitally in the ecosystem. In a MyData Operator model, the individual manages the use of personal data about themselves, for their own purposes, and maintain relationships with other persons, services, or organisations.

  • Data Operator: The role responsible for operating the 'infrastructure' and providing tools for individuals in a human-centric system of personal data exchange. Operators enable people securely to access, manage, and use personal data about themselves as well as to control the flow of personal data within and between data sources and data using services.

  • Data Source: The role responsible for collecting, storing, and controlling personal data which persons, operators, and data using services may wish to access and use.

  • Data Using Service: The role responsible for processing personal data from one or more data sources to deliver a service

note does not hold any data from the Data Source but provides the ability to verify the authenticity to any Data Using Service

Data sharing and data exchange

In MyData Operator, personal data flows from a Data Source to a Data Using Service based on the data agreements. The data agreements can be, for e.g., based on consent.

In an Active Data Exchange (also referred to as data sharing), the user is actively involved in the exchange of data in real-time. E.g. data exchange using the data wallet functions.

In Passive Data Exchange, the data is exchanged between the Data Source and Data Consumption Service based on a data agreement that was mutually endorsed between the Individial and the organisations involved.

Data operator value proposition

Today, a typical organisation is forced to make a choice between digitalisation and data compliance. In a MyData Operator model, such as with, an organisation can continue to digitalise whilst being compliant to respective data regulations. It creates a WIN-WIN scenario between the individuals and organisations. This is further illustrated below. key value propositions as are as summarised below:


It helps organisations, both private and public, unlock the value of personal data in a regulatory compliant manner. The key enablers include:

  • Reduces risk of non-compliance with data regulation frameworks like for example, Europe’s General Data Protection Regulation (GDPR)
  • Provides API-centric tooling that can easily be integrated to existing IT systems
  • Empowers consumers to exercise their data subject rights thereby establishing and mantaining trust
  • Get access to higher quality personal data and larger data sets
  • Monetise their personal data assets apart from being able to leverage data as part of a personal data ecosystem


For individuals, it enables them to take control over their data via easy to use interfaces to exercise their data rights. Using a data wallet function, individuals are able to carry their data and reuse them where ever needed. E.g. Identity data or health certificates etc.