Skip to content

Research issue in focus

Data governance

Data governance refers to technical, organisational and regulatory mechanisms for responsible data sharing and use. These components are deeply connected to broader societal concerns such as data security, privacy, autonomy and political engagement. These include infrastructures, artificial intelligence (AI) integration and issues around data ownership and commodification. In our research, we explore the development of resilient data governance frameworks, tools and best practices. These guide the responsible use of data in the public interest across organisational and national boundaries.


The economic and societal potential of data is huge: they enable new technological innovation and scientific insights, and help us address societal challenges. As such, they are an important resource for various sectors of society, including industry, public service, and healthcare. In the latter, for example, treatment data from care can be used to develop AI models for predicting patient falls, to better protect them from falls in everyday life.

However, the innovative potential of data is not yet fully leveraged in our society, as the conditions for data sharing and use amongst different parties are often not regulated in a safe and controllable way. This is evident, for example, in the analysis of extensive datasets in the medical context. There, the data paths of individual patients can be traced through the entire healthcare system and linked together. This creates a coherent picture of their medical and nursing treatment courses, which can serve as a basis for future treatment strategies and new research approaches. However, such data analysis of personal, possibly even sensitive information about individuals also raises complex questions and concerns. How can the privacy of patients be protected, and who is responsible for complying with data protection regulations?

This underscores the importance of data governance models that negotiate the components and terms of data processing and use on an equal footing. They include different types of data, from personal information to government and synthetic data. Data governance thus designs processes that balance the interests of the parties and stakeholders involved in the data.

Good Data Governance Policy

A good data governance policy is like a guide for the digital world and pursues two main objectives. Firstly, it aims to make sure the desired effects of data processing are achieved. This includes generating new insights, driving innovations, and connecting people. Secondly, it aims to prevent or minimise negative effects such as surveillance, censorship, or discrimination. A good data governance strategy is therefore not simply about data or information technology systems, but about the social, economic, legal and technical relationships and principles represented by the stakeholders involved in the data.

However, good data governance faces many challenges in reality. The risks addressed by data governance arise primarily in its processing and use. These in turn depend on the different actors involved, each with their own ideas, interests, objectives, and methods.

The question of who "owns" or should own the data is therefore too simplistic, as it is a constant negotiation between different parties with different assumptions, expectations, and goals.

Even the language we use to talk about data management can be misleading. For example, the word "share" sounds very positive and selfless, but it may not always be. After all, while there are technical mechanisms to protect data and people and their rights, they are not widely used in practice or are not understood by decision-makers.

Robust Data Governance Frameworks & Models

At HIIG, we develop robust data governance models to find solutions that can be practically implemented. We develop participatory co-design practices and tools that cater to all stakeholders and involved parties in terms of knowledge, skills, and interests: government, business, and civil society, processing companies, and representatives, experts, and laypeople.

To facilitate this participatory approach, we also develop evaluation processes. These check whether the proposed Data Governance frameworks and processing systems are actually safe and controllable and protect the interests of all stakeholders and the entire society.

From the HIIG Channel

Meet the HIIGsters

Max von Grafenstein: Data Governance

Does more data automatically bring more innovation? Under what conditions? And how do we deal with the associated risks?

Digital Salon

Keeping up with the Gatekeepers

How innovative are EU rules when combined with other control mechanisms such as data protection law or copyright?

The Long Night of the Sciences

What Should We Get for Our Data?

In this talk, Tuukka Lehtiniemi presents some examples of initiatives that recognize the benefits of data but seek to change who has access.

From the Press

Feature with Maximilian von Grafenstein on data policy for air quality management.

Op-Ed with Maximilian von Grafenstein on the topic of mobility change.

Feature with Maximilian von Grafenstein on the Data & Smart City Governance project.

From the HIIG BLOG

Wie verwaltet man Daten im Gesundheitswesen- und Pflegesektor?

Human-centered data governance in health and care sectors

Personal data is particularly sensitive and worthy of protection in the health and care sector. What could good data governance look like here?

Digital Democracy needs deliberation

Designing Digital Democracy

Designing rules for digital democracy is difficult. But new ideas for more democracy on platforms through deliberative elements are being piloted. How promising are they?

Banner Blogpost: Reclaim Digital Autonomy

Reclaiming Digital Autonomy

We depend on large companies to mean well with us and our data. Jan Götte and Björn Scheuermann developed Inertial Hardware Security Modules, enabeling small-time users and sysadmins to regain...

We need to talk about data – New report reframes the debate around data sovereignty

The dueling slogans: “free flow of data” and “data sovereignty” actually prevent seriously addressing the complex challenges of cross-border data flows. A report, released this week by the Internet &...

Same same but (not so) different

Anonymization is advertised as a solution for privacy concerns, while machine learning is portrayed as dangerous and evil – but those operations have more in common than widely assumed. We...