Enhancing Data Governance in Data Trustees Through ODRL-Based End-of-Life Policies

While data sharing drives innovation, ensuring compliance with legal, regulatory, and trust requirements presents significant challenges. Research identifies data trustees as intermediaries between providers and consumers, facilitating compliant and trusted data sharing. However, an underserved aspect is managing the end-of-life (EoL) of shared data, where standardized, machine-interpretable mechanisms for detailed EoL policies are lacking. To address this gap, we propose an extension of the Open Digital Rights Language (ODRL) to incorporate semantically rich EoL policies. This enables the specification of data deletion requirements, supporting legal and regulatory obligations. Data trustees can use these enhanced policies to coordinate EoL actions among all parties. The explicit semantics within these policies facilitate clearer accountability and support the creation of auditable logs by making EoL obligations machine-interpretable and unambiguous. Our ODRL extension has been evaluated by ODRL and data governance experts, ensuring its robustness and relevance for practical implementation. This work contributes to the standardization of EoL data management by analyzing and articulating the detailed requirements for EoL policies in the context of data trustees, and by proposing a specific ODRL extension to meet these requirements. For practitioners using ODRL, our extension provides enhanced, machine-interpretable EoL capabilities, improving compliance and trust.