FOODITY dataU
A GDPR-compliant consent management platform
What is dataU?
The vision behind the platform
dataU is a decentralised, GDPR-compliant data-sharing platform that empowers individuals and organisations to securely manage and share personal data.
Unlike traditional data-sharing systems that rely on centralised storage and oversight, dataU operates as a peer-to-peer (P2P) network, ensuring that data sovereignty, privacy, and security remain in the hands of the data subject (the citizen or entity that owns the data).
The core vision of dataU is to redefine data ownership by ensuring that individuals retain full control over their personal data while allowing organisations to access and use it transparently, ethically, and with consent.
The platform is built to support the principles of data minimisation and sovereignty, meaning that:
- No personal data is stored or controlled by dataU itself—data remains with the processors who collect it.
- Consent is explicit, dynamic, and revocable, ensuring compliance with GDPR and the EU’s ethical standards for data usage.
- All data permissions-related actions are recorded on a blockchain, creating an immutable, verifiable audit trail.
To make all of this work in a decentralised and user-centric way, the platform relies on four core components:
dashboardU
This is the user interface for data subjects (citizens or organisations) where they can view and manage consent they’ve given to different services; see exactly which data they’ve shared, with whom, and for what purpose; revoke consent at any time.
proxyU
This secure connector lives on the data processor’s premises (e.g. an app or web service). It handles encrypted peer-to-peer data transfers; authenticates with nodeU to verify consent before any data exchange; and establishes a secure tunnel with another proxyU to deliver the data.
nodeU
This is the backbone of the decentralised network. Each nodeU registers consent from users; validates permissions between data subjects and processors; ensures these permissions are stored immutably on the blockchain; and is deployed by participants in the network, making it fully distributed.
Integration Layers (SDK & APIs)
Developers can use the dataU SDK to design data request forms; connect their apps to the network through proxyU; and integrate GDPR-compliant consent flows directly into their user experience.
This architecture ensures that the user remains in charge, and that data processors — whether they’re startups, public institutions, or research projects — operate with transparency and accountability from the very first connection.
Who is it for?
The data subjects
dataU is designed with the people in mind. The everyday citizens who generate data simply by living their lives — whether they’re logging their meals in a health app, scanning loyalty cards at the supermarket, or using digital services that touch on food, health, and lifestyle.
In the dataU ecosystem, these individuals are known as data subjects and are the legal owners of their personal data. dataU’s role is to empower them to make informed decisions about what data they’d like to share, as well as provide them with an easy-to-access overview of all the apps that currently have access to their data, to minimise any risks of unauthorised companies still receiving personal information long after the users have stopped interacting with their service.
The platform can serve a wide range of stakeholders across the public, private, and government sectors, each playing a distinct role in the data-sharing chain.
Who benefits from dataU and how?
These are the primary data owners. The platform ensures they retain complete control over their personal information. Whether it’s identity data, dietary habits, lifestyle preferences, etc, citizens can decide who accesses their data, when, why, and for how long. And crucially, they can revoke that access at any time, in line with GDPR’s strict requirements.
In the FOODITY context, this means a citizen might use a nutrition or shopping app and choose to share select data points with services that help them eat better, live healthier, or contribute to more sustainable food systems — but only if they choose to do so.
In dataU, companies can be both data subjects and data processors, depending on the use case:
- As data subjects, businesses can own sensitive operational data — such as supply chain details, proprietary recipes, or customer insights. When they choose to share this kind of information (for instance, with a partner in a joint project), dataU allows them to do so securely and with full traceability, under a formal agreement such as an NDA (Non-Disclosure Agreement).
- As data processors, companies may also be service providers or application developers who collect, use, and process data — either from citizens or other companies. In this role, they must ensure they handle data ethically, securely, and transparently. dataU helps them do that by automating GDPR-compliant consent collection and offering a secure channel for peer-to-peer data sharing.
dataU was initially conceptualised in a government context during the POSEIDON project, where the Italian Ministry of Finance explored ways to allow citizens to share personal data with public services without compromising privacy.
That work laid the groundwork for dataU’s B2G (Business-to-Government) capabilities. In this context, public authorities – such as ministries, regulatory bodies, or local governments – serve as data processors. They can request access to citizen data (say, for policy development or public health monitoring), but only with informed and revocable consent.
This model opens the door to powerful citizen-centred public services that are also ethically sound and legally compliant.
How to use it?
As the data subject
As a data subject, you would be using the user-facing dashboard dataU puts you in complete control of your personal data. Here’s how to register and start managing your data-sharing permissions in just a few steps.
This ensures you’re always in control and that consent is specific, informed, and revocable, in compliance with GDPR.
Want more details on how dataU works and how to make the most of it?
Get started with our dataU Guide.
How to connect to it?
As developers and data processors
If you’re developing a digital service that collects, uses, or shares personal or sensitive data, you can refer to this section as your technical onboarding point.
In the following schematic, we have illustrated how the system components interact. It outlines how data processors connect via proxyU, how data subjects provide consent through dashboardU, the interactions among the decentralised nodes (nodeU, topicNode, mainNode), and how P2P data flow is triggered securely based on blockchain-recorded permissions.
By using the SDK, you don’t need to build your own consent system or reinvent GDPR compliance. dataU handles immutable consent logging via blockchain, revocation logic, data minimisation, time-limited access, encryption, and identity validation.
Once verified, your app can go live with full blockchain-backed traceability and GDPR compliance.
Want more details on how dataU works and how to make the most of it? Get started with our dataU Guide.
Examples of use
Use cases from the 12 FOODITY Innovators
As part of the FOODITY project, 12 projects were selected through two open calls to develop digital solutions that make food systems healthier, more sustainable, and more citizen-centric.
dataU was used in both B2C (Business-to-Consumer/Citizen) and B2B (Business-to-Business) contexts, handling consent across use cases such as food and nutrition recommendation apps that suggest recipes or provide ratings of grocery products, for instance, to optimise impact for consumers and the planet alike. Several apps were also developed to support cancer patients in their ongoing battles, where access to doctors and recommendations is pivotal, and the data shared is highly sensitive.
In the B2B space, the FOODITY innovators also developed solutions to optimise supply chains, digitise traceability across international logistics from farm to retailer, and reduce food waste in public canteens. Technological advancements were also made in spoilage detection, both at home and during food transportation, using smart sensors and AI-driven tools.
This demonstrates the platform’s flexibility in handling diverse scenarios and ensuring the secure transport of personal and corporate data.
Explore the FOODITY innovator's solutions
How to contact the dataU team?
For any additional details and further interest
Whether you’re a developer, a policy-maker, a researcher, or just curious about ethical data-sharing, the dataU team is available to answer questions, provide guidance, and explore how dataU can support your project or organisation’s needs. Contact us at info@jibecompany.com
dataU is developed by our partner Jibe Company, a software company specialised in secure, decentralised data technologies, actively involved in EU-funded projects that promote citizen data sovereignty.