Built on GDPR · Data Act · AI Act · eIDAS 2.0

Turn your EU data rights into
one-click personal control.

MyData Passport helps you see who holds your personal data, exercise your GDPR, Data Act and AI-era rights at scale, and stay in control – powered by eIDAS-grade digital identity and a federated EU-cloud architecture.

For citizens. No legal background needed.

For Europe. Designed for cross-border use from day one.

Live rights orchestration · Concept

A living dashboard for your legal data rights.

This is what a single MyData Passport session could summarise about your rights across the services you use every day.

Data sources mapped

87 organisations

Open GDPR / Data Act requests

24 in progress

Confirmed deletions

31 accounts & profiles

AI-training opt-outs

5 high-risk systems

GDPR Art. 15–21 EU Data Act EU AI Act eIDAS 2.0 / EUDI Wallet

HOW IT WORKS

From abstract rights to four simple steps.

MyData Passport orchestrates GDPR, Data Act and AI-Act-related rights into a simple flow. Under the hood: eIDAS-verified identity, standardised requests, secure EU cloud-edge services.

Verify who you are (eIDAS / national eID)

Sign in using a high-assurance digital identity – today via national eID and eIDAS brokers, tomorrow via the European Digital Identity Wallet. We derive a pseudonymous ID and only keep what is strictly necessary.

Map your digital footprint

Select known services and optionally let the platform suggest additional organisations that likely hold your data (with your explicit consent and control).

Create one-click rights requests

For each organisation, generate access, erasure, portability or AI-related requests. Each request is backed by your eIDAS-linked mandate and sent via secure channels.

Track responses, evidence and deadlines

Every request and response is logged in an encrypted evidence store. You see clear statuses, upcoming deadlines, and can download or destroy exports at any time.

Rights orchestration

Federated EU cloud

Audit & evidence

A machine-readable view on human-readable rights.

Under the UI, each request is modelled as an object with a legal basis, a controller, identity proof and a deadline. That makes rights programmable, interoperable and auditable.

Right Access (Art. 15 GDPR)

Controller SocialCloud EU Ltd.

Identity assurance eIDAS high · NL eID

Channel Registered letter + API callback

Deadline 2026-02-15 · 30 days

Evidence Signed request + response hash

FOUNDATIONS

Grounded in EU law, implemented with EU-grade architecture.

Not “just another privacy app”, but an EU-conform data rights intermediary, aligned with GDPR, the Data Act, the AI Act, eIDAS 2.0 and federated cloud reference architectures.

REGULATORY

GDPR & fundamental rights

Operationalises Arts. 12–22 GDPR in guided flows.
Supports access, erasure, portability and objection at scale.
Evidence logs for accountability and DPA oversight.

DATA ECONOMY

Data Act & data spaces

Unlocks access to IoT and service-generated data.
Prepares for sectoral EU data spaces and APIs.
Acts as a neutral, user-centric rights broker.

AI & TRUST

AI Act & profiling control

Request information about AI-based decisions.
Support opt-outs from certain AI training where possible.
Helps surface which data feeds which AI systems.

IDENTITY

eIDAS 2.0 & EUDI Wallet

Uses high-assurance eID for identity proof and mandates.
Ready for verifiable credentials and wallet-based consent.
Cross-border recognition of persons and mandates.

FOR WHOM

Four entrances. One shared infrastructure.

Very different stakeholders – citizens, DPOs, architects and policymakers – can all recognise their needs in a single consistent service.

Citizen / Consumer

“Give me one place to see and fix my data.”

Guided flows, plain language, no legal jargon.
Visual overview of where data lives and what was cleaned up.
Optionally store exports in a secure personal vault – or not at all.

Lawyer / Data Protection Officer

“Clear, authenticated, standardised requests.”

Requests with verified identity & mandate references.
Standard formats ready for DSAR tooling and workflows.
Supports internal logs and DPA communication.

Technical Architect / Developer

“A reference implementation of privacy-by-design.”

Microservice-based orchestration with clear trust boundaries.
APIs & connectors for machine-to-machine rights handling.
Key management, audit logging and federation hooks.

Policymaker / Regulator

“A practical lever to make rights real.”

Turns legislative rights into measurable adoption metrics.
Respects Data Governance Act duties for intermediaries.
Offers anonymised insight into compliance bottlenecks.

Be part of the first European data rights pilots.

We are assembling a diverse cohort of early adopters: citizens, privacy teams, public sector bodies and EU-cloud providers. Leave your details to receive the whitepaper and hear when pilots in your country open.

We will use your details solely to contact you about MyData Passport pilots and related research. No ads, no resale, no hidden analytics.

Full name

Work or personal email

I mainly identify as