Skip to ContentSkip to Navigation
About us Policy and strategy A Roadmap to Data Autonomy

Data Autonomy

decorative image
What is Data Autonomy?

Data should be used in our best interest

In its simplest form, Data Autonomy can be understood as the capacity to make meaningful decisions about our data. As more of our data moves into ‘the cloud’ organisations and inidividuals lose track of where and how data is stored, analysed and shared. Data Autonomy aims to ensure our data is protected, secured, accessible, easily shareable. But it also goes beyond that, to make sure that is used in our best interest, and that we have a significant stake in determing our ‘datafied’ future.

Control about data is in the hand of powerful players for now

At the moment, it is unclear if, when, to whom, and for which purposes data, is -or could be- analysed, stored, and potentially re-shared in various forms. This is not only a question for privacy and data protection, it affects the autonomy of entire universities and higher education in general. Currently, we cannot be sure that our data is being used in our best interest. The control is in the hands of a few very powerful players, who might use our data to increase their power while undermining our personal, academic and collective autonomy.

Why is Data Autonomy important?

Dependency on data-based services and infrastructure

Without data there are no e-mails, no shared agendas, no (video) calls, no notifications, no documents, no assignments, no degree certificates, and no research contents. In other words, without data there is no University in the 21st century.

Unclear how our data is used

At the moment, it is unclear if, when, to whom, and for which purposes data that we produce, store and edit in ‘the cloud’ (e.g. using Google or Microsoft services) is being analysed, and potentially re-shared in various forms (e.g. How many academic articles does it take to train ChatGPT how to write a perfect assignment, or programme the perfect code?).

Involvement in data control

The control over cloud infrastructure is in the hands of a few powerful players, who might use our data to increase their power to the detriment of our personal and collective autonomy. We are not in the loop when it comes to the meaningful decisions regarding our data control, and this needs to change. This does not mean that data processing and storage can only happen on-site, or based on Open Source systems. But we need to know what is going on behind the scenes, and we need to be sure that data is only used according to our values as an academic community.

Initiatives to increase data autonomy

At this moment, several European initiatives have the aim to increase Data Autonomy. In parallel, legislative efforts by the European Union are underway to curb the influence of Big Tech. Nevertheless, Data Autonomy in universities and higher education is being questioned and discussed in the context of public values.

Data Autonomy matters because..

  • Students need safe (digital) spaces for learning and making mistakes, which do not haunt them for the rest of their lives (e.g. when applying for an intership or a job)
  • Researchers need to have tools that are effective and keep them in control of their research data (e.g. without having to share it for further use by big publishers or Big Tech companies to train their AI models)
  • Teachers need tools that support their work while giving them the autonomy to design courses freely (e.g. without having to comply with pre-designed patterns and limited options)
  • Universities need to be able to promote academic freedom and free expression without being factually dependent on one or two providers who can charge for their services whatever they want

By thinking about how to enhance Data Autonomy, we are protecting and promoting our institutional freedom, values such as human dignity, as well as the interests of students, employees and our partners.

Why should we act?

The UG has too little control over our data

We can not make decisions about our data on an individual and organizational level alone. Under current circumstances, the UG has only little control over data that is kept in private data centers. The companies that offer cloud storage services are not necessarily aligned with European public values and relevant laws such as the EU General Data Protection Regulation (GDPR), or other upcoming legislative frameworks such as the Digital Markets Act, or the EU AI Act

Risk of profiling of the university, faculties, research groups, students and staff in general

At the same time there is the risk that all of us are being profiled and surveilled. This does not necessarily have to happen on an individual level to have a profound impact on our everyday lives.

For instance, the metadata of students (e.g. who is in contact with whom, how frequently, at which times) and staff might be used for commercial purposes and to profile entire faculties or departments. It is concerning that the data of three-quarters of all Dutch students is stored at data centers which are controlled by private companies which are primarily interested in short-term economic goals.. We should also consider the possibility of data access being denied (e.g. for reasons of national security of countries such as the United States or China), meaning we could lose all our data.

Academic freedom in the digital age needs data infrastructure

The dependency on Big Tech companies influences teaching and research profoundly.. Academic freedom will be restricted if we do not have a significant stake as an institution and sector. The ‘value’ of our data is being ‘exploited’ by others, while we do not deserve our fair share.

Vendor lock-in

Moreover, the current tendency to store (personal) data in remote/unknown cloud storage infrastructures with little control might result in “vendor lock-in". Once there is no easy exit strategy or no viable alternative, the costs for the use of and access to this infrastructure might increase beyond expectation. There were first signs of this as Universities excited the most severe period of the COVID-19 pandemic.

What does Data Autonomy mean for the UG Community?

Respect, protect and promote academic freedom in the digital age

Before making choices, we need to understand our needs as a community, and that is what we are doing with this initiative.

Data Autonomy for the UG Community

A team of UG experts has come together to build upon the definitions established during the March event, aiming to create a comprehensive definition that encompasses the diverse groups within the UG community. After extensive deliberation, we have formulated the following working definition, serving as a foundation for further development of the concept of Data Autonomy at the University of Groningen.

Working definition Data Autonomy

Data autonomy is the effective capacity of the academic community of the University of Groningen to make meaningful decisions about access to data, data flows, the uses of data and the design of the informational environment, to the degree necessary to freely and independently pursue the university's mission, to promote knowledge dissemination and to protect the rights of its students and employees. This capacity is required to protect academic freedom and the independence of the university.

Context of the working definition of Data Autonomy

This working definition fully acknowledges the different and diverse contexts of the activities at the UG. Concepts such as ‘meaningful decisions’ have to be interpreted and applied differently, depending on the concrete circumstances. In particular, we suggest to consider the UG through different lenses which show the UG as an educational institution, a research and innovation body, and actor in the entrepreneurial landscape. Therefore, the working definition should be interpreted and applied with a view to the sensitivity of the data used.


The working definition requires further consideration and input from the stakeholder community. Themes that guide this discussion about the use of data at the UG include: privacy, ownership, transparency, creation, collection, accessibility, shareability, storage, protection, security, and autonomy related to the use of data and digital services.

Last modified:01 August 2023 08.50 a.m.
View this page in: Nederlands