Skip to content

Research issue in focus

Data governance

Data governance refers to technical, organisational and regulatory mechanisms for responsible data sharing and use. These components are deeply connected to broader societal concerns such as data security, privacy, autonomy and political engagement. These include infrastructures, artificial intelligence (AI) integration and issues around data ownership and commodification. In our research, we explore the development of resilient data governance frameworks, tools and best practices. These guide the responsible use of data in the public interest across organisational and national boundaries.


The economic and societal potential of data is huge: they enable new technological innovation and scientific insights, and help us address societal challenges. As such, they are an important resource for various sectors of society, including industry, public service, and healthcare. In the latter, for example, treatment data from care can be used to develop AI models for predicting patient falls, to better protect them from falls in everyday life.

However, the innovative potential of data is not yet fully leveraged in our society, as the conditions for data sharing and use amongst different parties are often not regulated in a safe and controllable way. This is evident, for example, in the analysis of extensive datasets in the medical context. There, the data paths of individual patients can be traced through the entire healthcare system and linked together. This creates a coherent picture of their medical and nursing treatment courses, which can serve as a basis for future treatment strategies and new research approaches. However, such data analysis of personal, possibly even sensitive information about individuals also raises complex questions and concerns. How can the privacy of patients be protected, and who is responsible for complying with data protection regulations?

This underscores the importance of data governance models that negotiate the components and terms of data processing and use on an equal footing. They include different types of data, from personal information to government and synthetic data. Data governance thus designs processes that balance the interests of the parties and stakeholders involved in the data.

Good Data Governance Policy

A good data governance policy is like a guide for the digital world and pursues two main objectives. Firstly, it aims to make sure the desired effects of data processing are achieved. This includes generating new insights, driving innovations, and connecting people. Secondly, it aims to prevent or minimise negative effects such as surveillance, censorship, or discrimination. A good data governance strategy is therefore not simply about data or information technology systems, but about the social, economic, legal and technical relationships and principles represented by the stakeholders involved in the data.

However, good data governance faces many challenges in reality. The risks addressed by data governance arise primarily in its processing and use. These in turn depend on the different actors involved, each with their own ideas, interests, objectives, and methods.

The question of who "owns" or should own the data is therefore too simplistic, as it is a constant negotiation between different parties with different assumptions, expectations, and goals.

Even the language we use to talk about data management can be misleading. For example, the word "share" sounds very positive and selfless, but it may not always be. After all, while there are technical mechanisms to protect data and people and their rights, they are not widely used in practice or are not understood by decision-makers.

Robust Data Governance Frameworks & Models

At HIIG, we develop robust data governance models to find solutions that can be practically implemented. We develop participatory co-design practices and tools that cater to all stakeholders and involved parties in terms of knowledge, skills, and interests: government, business, and civil society, processing companies, and representatives, experts, and laypeople.

To facilitate this participatory approach, we also develop evaluation processes. These check whether the proposed Data Governance frameworks and processing systems are actually safe and controllable and protect the interests of all stakeholders and the entire society.

From the HIIG Channel

Meet the HIIGsters

Max von Grafenstein: Data Governance

Does more data automatically bring more innovation? Under what conditions? And how do we deal with the associated risks?

Digital Salon

Keeping up with the Gatekeepers

How innovative are EU rules when combined with other control mechanisms such as data protection law or copyright?

The Long Night of the Sciences

What Should We Get for Our Data?

In this talk, Tuukka Lehtiniemi presents some examples of initiatives that recognize the benefits of data but seek to change who has access.

From the Press

Feature with Maximilian von Grafenstein on data policy for air quality management.

Op-Ed with Maximilian von Grafenstein on the topic of mobility change.

Feature with Maximilian von Grafenstein on the Data & Smart City Governance project.

From the HIIG BLOG

The photo shows a hand holding a digital map on a smartphone, symbolising GIS technology and Geodata.

Navigating the Urban Maze: GIS technology and the blurring boundaries between digital and physical infrastructure

The progression of GIS technology and Geodata questions if digital maps should be regarded as physical public infrastructure.

Data breaches: Does the GDPR help?

What are the strengths and weaknesses of the data breach notification obligation in the GDPR given its objectives?

The Consent Fallacy

The Consent Fallacy

Are European data protection laws compatible with our rational capacity or lack thereof? Should the protection of fundamental rights rely on individual consent?

Wie verwaltet man Daten im Gesundheitswesen- und Pflegesektor?

Human-centered data governance in health and care sectors

Personal data is particularly sensitive and worthy of protection in the health and care sector. What could good data governance look like here?

Accepting cookies

Caring about privacy but accepting cookies? Questioning the privacy paradox.

Why do we agree to privacy agreements like Cookies way faster and consider them less online than offline? Let's explore the Privacy Paradox!

Banner Blogpost: Reclaim Digital Autonomy

Reclaiming Digital Autonomy

We depend on large companies to mean well with us and our data. Jan Götte and Björn Scheuermann developed Inertial Hardware Security Modules, enabeling small-time users and sysadmins to regain...