In recent years, Personal Data Stores (PDS) and dataspaces have emerged as approaches to enhance data sovereignty and user control over personal data. One prominent PDS technology is Solid, introduced by Sir Tim Berners-Lee, the inventor of the Web. Solid promotes data interoperability and reuse by decoupling applications from data storage, enabling users to maintain control over their data while allowing applications to interact with it through standardised protocols. To regulate access to stored resources, Solid environments rely on access control policies that specify which actors are allowed to perform particular actions on specific resources. However, traditional access control mechanisms primarily focus on granting or denying access at a specific point in time. They do not account for how the data is used after access has been granted, nor whether such use complies with regulatory requirements, such as those imposed by the General Data Protection Regulation (GDPR). Addressing these limitations requires mechanisms that support usage control, enabling policies that regulate not only access to data but also the conditions under which data may be processed and reused. Furthermore, these mechanisms must support alignment with data protection regulations, ensuring that configured policies reflect legal requirements such as purpose limitation, consent, and restrictions on further processing. The Community Solid Server (CSS), an implementation of the Solid protocol, has recently been extended to support the User-Managed Access (UMA) protocol. This architecture separates responsibilities between a resource server, responsible for hosting and serving data resources, and an authorisation server, responsible for deciding whether access requests should be granted. This thesis focuses on extending the authorisation server with capabilities that support alignment between usage control policies and European data protection requirements.