arXiv:2601.18761v1 Announce Type: new Abstract: Recent data protection and data governance regulations have intensified the demand for interoperable, decentralized data ecosystems that can support not only access control but also legally-aligned governance over data use. Existing Web-based data storage platforms increasingly struggle to meet these regulatory and practical requirements, as their authorization mechanisms rely on tightly coupled, document-centric access control models that lack expressiveness for legal constraints and fail to separate data management from authorization concerns. In parallel, widely adopted authorization standards remain poorly aligned with decentralized, semantically rich usage-control scenarios. To bridge this gap, this work introduces an architecture that replaces Solid’s native access control mechanisms with a UMA authorization flow, enabling the enforcement of usage control policies expressed with the W3C ODRL standard. This article details the conceptual background motivating this approach, presents the proposed UMA-based architecture, and describes a prototype implementation that integrates an ODRL-enabled Authorization Server with a Solid-compatible Resource Server. The prototype demonstrates that decoupling authorization from storage enables more flexible, interoperable, and legally expressive control over data use, while remaining compatible with existing Solid infrastructure. It also highlights practical design choices required to evaluate ODRL policies in the absence of a fully standardized evaluation semantics. Moreover, this work shows how usage control can be operationalized using existing Web standards, offering a concrete path beyond permission-based access control toward policy-aware, legally informed data governance. Future research will focus on policy management interfaces, richer claim verification mechanisms, and techniques for communicating and enforcing obligations over time.