Custodial control by design

Data providers retain ownership and control at all times. They are responsible for:

• Ensuring they have the right to supply the data
• Accurately describing quality and limitations
• Defining permitted uses through licence conditions
• Maintaining data over time

Data may include raw datasets, processed datasets, models, or algorithms.

Each dataset is governed by agreement defining:

• Who may use it
• For what purpose
• For how long
• Under what conditions

Data remains a sovereign asset of the custodian.

SEAF distinguishes clearly between access and sharing.

Data access means:

• Authorised users analyse data within a controlled environment
• Data is not copied or transferred out
• Technical safeguards, licence conditions, and audit apply

Most collaboration is based on access, not transfer.

Data sharing involves release or transfer to another party. It:

• Requires explicit agreement
• Creates ongoing obligations
• Is difficult to reverse

For this reason, sharing is treated as an exception rather than the default.

An access-first approach:

• Keeps data under licence
• Constrains use to defined purposes
• Enforces compliance through agreements and technical controls
• Maintains traceability of who accessed what, and when

Access-first collaboration enables scale while preserving data sovereignty and accountability.

Collaboration requires visibility, even when data cannot be accessed.

Every dataset includes metadata describing:

• Source
• Quality
• Licensing
• Limitations
• Access rules

Metadata enables discovery without implying access. It creates a controlled information market rather than a hidden one.

Licence stacking

Environmental analysis often combines multiple licensed datasets, and licence obligations accumulate.

This means:

• Original licence conditions continue to apply
• Attribution requirements flow to derived outputs
• Restrictions on reuse or disclosure are preserved
• Combining data does not remove original conditions

Custodians’ rights persist throughout the analytical lifecycle.

Sensitive data requires heightened protection. This includes:

• Personal information
• Commercially sensitive data
• Regulated datasets
• Indigenous knowledge

Operational safeguards include:

• Data classification and zoning
• Restricted access and purpose limitation
• Explicit contractual obligations
• Controlled outputs and disclosure review

For Indigenous data, special care is taken to protect cultural authority, prevent inappropriate reuse, and align access with agreed conditions.

A governed model allows sensitive information to inform decision-making without uncontrolled distribution.