TrustDS: A Policy‑First, Privacy‑Preserving Framework for Interoperable Data Exchange with Real‑World Validation

We present TrustDS, a policy‑first, privacy‑preserving framework for interoperable data exchange across edge and multi‑cloud environments. TrustDS compiles human‑readable consent and governance policies into an execution DAG that schedules privacy‑enhancing technologies (PETs) like differential privacy (DP), secure multi‑party computation (SMPC), and trusted execution environments (TEEs) - under explicit latency, utility, and cost budgets. We formalize policy admissibility, prove a safety property for admissible plans, and provide a revocation protocol that bounds consent‑revocation propagation within Δt. A cost‑aware planner co‑optimizes operator placement across edge and cloud to minimize latency while respecting egress restrictions and utility targets. We evaluate TrustDS in four sectors (healthcare, finance, transport, retail) using real‑world topologies, reporting p50/p95/p99 latency, throughput, revocation delay, and utility-privacy trade‑offs with 95% confidence intervals. Against two baselines: centralized transfer and a clean‑room exchange - TrustDS achieves comparable or better utility at lower data exposure, with median end‑to‑end latency improvements of 18–34% and revocation propagation below 120 ms under realistic load. We release a scoring rubric for policy and privacy capabilities that enables repeatable comparison of frameworks. To our knowledge, the explicit composition of policy semantics with PET scheduling and revocation guarantees in an interoperable, multi‑cloud data‑exchange framework is novel and practically useful.