
One of the basic tenets of the Digital Transformation is that data, from an economic standpoint, are nonrival.
If you eat a bread loaf that bread loaf is no longer available to anybody else. There is competition on that resources and the governance policy has to decide how that resource shall be allocated (given to a specific person, split in half and each half given to a person, set aside for future consumption, …). On the contrary, data can be used simultaneously, as well as at different times by any number of users. The use of data does not limit their use by others. Hence, the governance of data is not finalised to the best allocation of resources since these are, in practice, unlimited and can be used by any quantity of users.
The European Commission has already issued (and is working on) several documents that set the stage for data policies, from the basic General Data Protection Regulation (GDPR) specifically looking at Personal Data, to the Data Governance Act (DGA), to the definition of European Data Spaces (Gaia-X) and the European Digital Identity Wallets (eIDAS 2.0).
The EU is now starting to work on Personal Digital Twins governance as a way to protect the individual (privacy) and the whole society in accordance with western values of societal wellbeing.
Governance on the PDTs implies setting an acceptable framework for their creation and exploitation, thus involving PDT operators (these should be/become trusted parties, like your doctor), the sources feeding data to the PDT, the services provided by the PDT and those that are using PDTs. Also, attention shall be given to the way people may be using their PDTs (and who is responsible for what).
One of the points under discussion is how such a governance shall take place. Should it be an indirect governance in the form of laws and standards or shall it be a direct governance through the provision of services and technologies (in other words, should the PDT be like a passport that is “issued” by the EU?).
These are not easy questions and in part the answers will depend to what is happening (will happen) outside of Europe. Will there be international standards for PDTs? Will companies provide services based on PDT and/or will PDTs actually resulting from services provided (you are subscribing to a service and this results in the creation of your PDT that you will be able to use and integrate with other PDTs tied to your person?
I do not have the crystal ball, but if I have to venture an opinion I feel that the evolution will be bottom up, rather than top down. It is unlikely that an institution (like the EU) will dictate and steer the evolution of PDTs, much more likely that several companies will be offering services resulting in the creation/adoption of PDTs by people. Other companies will provide tools to integrate those fragmented PDTs into a single one that can be compliant with a general framework (this one could well be the result of work at international standardisation level) that can have some characteristics regulated by a body like the EU.