Research issue in focus
Data governance
Data governance refers to technical, organisational and regulatory mechanisms for responsible data sharing and use. These components are deeply connected to broader societal concerns such as data security, privacy, autonomy and political engagement. These include infrastructures, artificial intelligence (AI) integration and issues around data ownership and commodification. In our research, we explore the development of resilient data governance frameworks, tools and best practices. These guide the responsible use of data in the public interest across organisational and national boundaries.
The economic and societal potential of data is huge: they enable new technological innovation and scientific insights, and help us address societal challenges. As such, they are an important resource for various sectors of society, including industry, public service, and healthcare. In the latter, for example, treatment data from care can be used to develop AI models for predicting patient falls, to better protect them from falls in everyday life.
However, the innovative potential of data is not yet fully leveraged in our society, as the conditions for data sharing and use amongst different parties are often not regulated in a safe and controllable way. This is evident, for example, in the analysis of extensive datasets in the medical context. There, the data paths of individual patients can be traced through the entire healthcare system and linked together. This creates a coherent picture of their medical and nursing treatment courses, which can serve as a basis for future treatment strategies and new research approaches. However, such data analysis of personal, possibly even sensitive information about individuals also raises complex questions and concerns. How can the privacy of patients be protected, and who is responsible for complying with data protection regulations?
This underscores the importance of data governance models that negotiate the components and terms of data processing and use on an equal footing. They include different types of data, from personal information to government and synthetic data. Data governance thus designs processes that balance the interests of the parties and stakeholders involved in the data.
Good Data Governance Policy
A good data governance policy is like a guide for the digital world and pursues two main objectives. Firstly, it aims to make sure the desired effects of data processing are achieved. This includes generating new insights, driving innovations, and connecting people. Secondly, it aims to prevent or minimise negative effects such as surveillance, censorship, or discrimination. A good data governance strategy is therefore not simply about data or information technology systems, but about the social, economic, legal and technical relationships and principles represented by the stakeholders involved in the data.
However, good data governance faces many challenges in reality. The risks addressed by data governance arise primarily in its processing and use. These in turn depend on the different actors involved, each with their own ideas, interests, objectives, and methods.
The question of who "owns" or should own the data is therefore too simplistic, as it is a constant negotiation between different parties with different assumptions, expectations, and goals.
Even the language we use to talk about data management can be misleading. For example, the word "share" sounds very positive and selfless, but it may not always be. After all, while there are technical mechanisms to protect data and people and their rights, they are not widely used in practice or are not understood by decision-makers.
Robust Data Governance Frameworks & Models
At HIIG, we develop robust data governance models to find solutions that can be practically implemented. We develop participatory co-design practices and tools that cater to all stakeholders and involved parties in terms of knowledge, skills, and interests: government, business, and civil society, processing companies, and representatives, experts, and laypeople.
To facilitate this participatory approach, we also develop evaluation processes. These check whether the proposed Data Governance frameworks and processing systems are actually safe and controllable and protect the interests of all stakeholders and the entire society.
Meet the HIIGsters
Max von Grafenstein: Data Governance
Does more data automatically bring more innovation? Under what conditions? And how do we deal with the associated risks?
Digital Salon
Keeping up with the Gatekeepers
How innovative are EU rules when combined with other control mechanisms such as data protection law or copyright?
The Long Night of the Sciences
What Should We Get for Our Data?
In this talk, Tuukka Lehtiniemi presents some examples of initiatives that recognize the benefits of data but seek to change who has access.
Feature with Maximilian von Grafenstein on data policy for air quality management.
Op-Ed with Maximilian von Grafenstein on the topic of mobility change.
Feature with Maximilian von Grafenstein on the Data & Smart City Governance project.
Mobility transition in the neighbourhood: Simulating citizen participation in Berlin’s digital administration
How can data and digital solutions drive urban development? In the living lab, we tested citizen participation within Berlin's digital administration.
Participation in smart cities
This blog article examines citizen participation in data-driven processes and the challenges that must be overcome for successful participation.
Integrating gender and inclusivity in digital cultural policies: insights from Berlin and Barcelona
Could Berlin and Barcelona's integrative approach to digitalisation serve as a blueprint for a new European cultural policy in the digital age?
Navigating the Urban Maze: GIS technology and the blurring boundaries between digital and physical infrastructure
The progression of GIS technology and Geodata questions if digital maps should be regarded as physical public infrastructure.
Data breaches: Does the GDPR help?
What are the strengths and weaknesses of the data breach notification obligation in the GDPR given its objectives?
The Consent Fallacy
Are European data protection laws compatible with our rational capacity or lack thereof? Should the protection of fundamental rights rely on individual consent?