Universities have played a largely reactive role shaping the governance of digital infrastructures in recent decades. So far, the digitalisation of information has primarily been utilised by the private sector, leading to both the concentration and privatisation of data infrastructures in the hands of powerful corporate entities. As a result, these private entities have become a driving force in the design of public universities without the latter having much influence over this. Today, numerous aspects of academic research, educational programmes and institutional facilities are reliant on digital providers in ways that impact universities as independent, public knowledge institutions.
To safeguard academic freedom, and the university’s important societal function more broadly, universities must ensure a sufficient level of digital sovereignty over their data and digital infrastructure, as well as find better ways to articulate the sector’s interest in policy discussions. In this context, the term “sovereignty” refers not so much to geographical sovereignty as to regulatory recognition of universities’ digital requirements and the organisational capacity to leverage these vis-a-via digital providers, shaping the institution’s data governance practices in accordance with relevant public interests at stake.
Whereas the amount of data being generated in our society by digital services is growing exponentially, it becomes increasingly hard for (academic) research to access that data and produce meaningful scientific work about the changing world around us. The concentration and privatization of control over data is generating particularly deep impacts on independent academic research. Indeed, large technology companies only rarely release data under their control for independent outside inquiry. Combined with their resources and reach, these companies have thus become de facto gatekeepers of research agendas. While there might be various reasons for refusing access, important questions remain as to their validity and desirability – especially considering technology companies’ ubiquity and societal impact. These developments put restrictions on data for research in a new light and are a driver for new provisions to guarantee access to data for research in new legislation at the EU level (e.g. the Digital Services Act and the planned Data Act) and new transparency provisions more generally.
To summarize, the digital transformation of the university confronts us with two closely related challenges. Firstly, data on social, economic, political, and cultural activities, processes, phenomena are accumulated by private, often foreign, technological intermediaries who are not willing to share data with researchers. Secondly, educational and research activities are increasingly dependent on private technology infrastructures. Though these two challenges are different, the issue that lies at their heart is the same: it is the owners of the physical data infrastructures who ultimately define the practical, technical, and epistemic terms and conditions in which that data is defined, collected, stored, contextualized, managed, analysed, shared.
In view of the above, there is an increasing urgency to the question of what characterizes digital sovereignty for universities and how best to align institutional data governance practices with the changing realities and applicable laws in this area. Notably, the University of Amsterdam has developed a five pronged-approach to tackle digital sovereignty:
- Raising awareness on the issue of digital sovereignty;
- Research into large digital companies to reduce epistemic inequality;
- Development of public digital infrastructure;
- Define procurement mechanisms to guard digital sovereignty;
- Amend (digital) legislation to protect digital sovereignty of universities.
To contribute to this initiative, the administrative staff departments of Legal Affairs, Information Management and Academic Affairs have asked the Institute for Information law (IViR) at the University of Amsterdam to conduct research into the law and policy of digital sovereignty, in relation to universities, as well as the way in which such sovereignty can be concretized in institutional practices and in relation to relevant policy developments in the data governance area.
Specifically, through this project, IViR will carry out multidisciplinary research
- to develop the concept of digital sovereignty customised to universities, based on a review of law and legal developments and infrastructural constraints within the university and scientific research context. This will involve a systematic review of the concept of digital sovereignty for public universities, breaking it down into various relevant dimensions in terms of applicable laws, public values, internal policies, and research infrastructures. It will specifically focus on the current and emerging regulatory environment impacting digital sovereignty for universities. In order to ensure a practice-oriented approach, the research will liaise with relevant stakeholders (EOSC, LERU, SURF, VSNU) and practitioners (e.g. data impact assessment specialists like Privacy Company) as well as ongoing projects (e.g. AmdEx) and best practice approaches aimed at resolving digital sovereignty constraints;
- to explore, analyse and evaluate how the law can help tackle, rather than reinforce, information asymmetries between academia and (the technology companies managing) private data infrastructures underlying society. Increased transparency and statutory data access requirements are increasingly seen as vital in ensuring independent academic research. We will map relevant legislative developments that affect access to data for research, identifying key gaps and opportunities for the research community. The research will connect to and build on practical insights gained through ongoing research, including Jef Ausloos’ VENI project and our involvement in the Digital Data Donation Infrastructure project, which is aimed at creating an independent infrastructure for Dutch universities, enabling individuals to donate their digital data to academic research in a secure, transparent, and privacy-protecting manner.
The final deliverable will consist of a scientific report (ca. 50 pages) containing a framework on digital sovereignty and access to research data with actionable recommendations. For each of the two themes, the research will involve the organization of a high-level expert workshop, bringing leading academic experts, policy makers, and practitioners together to discuss preliminary findings, gather additional perspectives for the research project, and establish links for engagement in relation to policy developments. Preliminary results, including findings on and input for ongoing legal developments (Data Governance Act, Data Act, Digital Services Act, Digital Markets Act, AI Act, text- and datamining under EU copyright law), will be regularly discussed in progress meetings with relevant UvA staff and other invited experts.
The report will provide policy recommendations on setting priorities for the sector and the University of Amsterdam in particular, including guidance that can be used for operational aspects such as contracting and public procurement. In addition, we will produce a short policy paper that can serve as a basis for engagement with relevant policy makers.
The commissioned research will contribute to the further development and implementation of the UvA Digital Agenda and UvA Open Science Program. It is also expected to benefit building expertise within the procurement capacities of ICTS and the Library, administrative departments of Legal Affairs, Information Management and Academic Affairs and our national and international university associations VSNU and LERU. The research at IViR will contribute to the realization of the Faculty of Law’s involvement in the Sectorplan for the Legal research area in the Netherlands and the University of Amsterdam’s research agenda on the Digital Transformation.
The research will start in 2022 and last for one year.