ENISA announced a report on engineering personal data protection in EU data spaces:

Common European data spaces (EU data spaces) are a novel concept introduced in the European strategy for data and elaborated further within the Data Governance Act (DGA). This report attempts to contextualise the main design principles regarding protection of personal data and demonstrate how to engineer personal data protection through two use cases of an envisioned EU data space in the pharmaceutical domain.

In the conclusions of the report (pdf) the term ‘data spaces’ is explained as follow:

Data Spaces is an umbrella term corresponding to any ecosystem of possible interactions between public and private sector entities alongside new governance and business processes.

On the topic of the report:

Building up on the definition of the main actors and the DGA provisions around the EU Data Spaces, the identification of building blocks and requirements represents the starting point for their successful development and deployment. Within the scope of this report, we attempted to provide such set of building blocks with regards to the accountability of the controller(s) and the processor(s). These building blocks are intended to cover applicable, revamped internal mechanisms (policies, procedures, risk-based assessments, technical and organisational controls, and other measures related to data sharing), data sharing agreements and sensible privacy management programs (PMPs).

The conclusions end with:

Despite the potential of EU data spaces, there are still considerations regarding the appropriate technical and organisational measures and how to engineer them into practise, both from a data protection but also from a cybersecurity point of view. Even if there are already a good number of privacy enhancing technologies that can support us in meeting specific data protection goals, we should not neglect the fact that we are called to address new processing operations, where roles and responsibilities are not always clearly defined.