Solid could shift data control to individual ‘pods’

The Solid Project, led by Tim Berners-Lee, proposes personal data “pods” that individuals own and manage. The pods would hold financial, medical and social records and let apps request permissioned, revocable access through APIs.

Under the Solid model, apps and services request specific rights to read or write individual pieces of data. Authentication and zero-trust security patterns are expected to govern those requests. The project builds on existing web standards while adding a focus on user-controlled access.

If widely adopted, Solid would move custody of personal data from large corporate repositories to user-controlled stores. Companies that today aggregate information for targeted advertising, predictive analytics and AI training would need permission to access user data rather than relying on centralized holdings.

Proponents describe several operational effects. Ahmad Shadid, founder of AI research lab O Foundation, described pods as acting like a single login with a simple permission interface, allowing a budgeting app to “read transactions for last 90 days” or a clinic to “share vaccine status only,” with the user able to revoke rights at any time. Supporters also say pods could reduce duplicated or out-of-date records and lower storage burdens under rules such as the EU’s General Data Protection Regulation.

Industry voices expect resistance from businesses that rely on large data sets. Pedrotti argued that firms have business models built on data ownership and may seek contractual or legal methods to preserve control. Arne Möhle, CEO and co-founder at Tuta Mail, pointed to heavy lobbying by major tech firms during past regulatory debates and noted similar opposition could arise for pod-based rules.

Regulation and market incentives are likely to shape adoption. Observers compare the pattern to open banking, where rule changes and consumer expectations prompted new data-sharing systems. Bannach highlighted current trends such as GDPR enforcement, the EU Data Act, cookie deprecation and rising breach costs as factors pushing some companies toward permissioned, auditable access.

Startup developers and new entrants stand to gain immediate technical advantages if pods become common. Wright noted that new apps could access years of a user’s history from day one, speeding personalized services in health, finance and fitness. He also described network effects: as more apps add data to a pod, subsequent apps gain access to richer histories with user permission.

Legal frameworks may influence how pods operate. Joe Hughes of Manx Technology Group pointed to an Isle of Man model that uses existing foundations law to give data a legal personality, which would allow data to be assigned value, listed on balance sheets or used in transactions. Other proposals include shared group pods or pods holding certified copies of records issued by banks or government agencies.

Solid supporters see applications for enterprise AI. Scott McIntosh, president of AI consultancy Digital Treehouse, explained that pods could act as a memory and data-sharing layer for agentic AI systems, enabling software agents to share only the data needed for a task and then revoke access. He added that most users will not self-host pods or manage low-level permissions; AI interfaces would handle sharing preferences and permissions management.

Obstacles remain. Enforcement of new access rules across jurisdictions is complex. Large tech firms maintain entrenched data-driven revenue models and have previously lobbied against regulatory changes. The user experience for managing pods and granular permissions is not yet mature, which supporters say must improve before broad adoption.

The Solid Project continues as a technical and policy initiative. Its spread will depend on regulatory developments, industry responses and the creation of practical user interfaces and services that manage pod access and permissions.