To find out more about this, and why in general we don't speak of ‘owning’ data to start with, read the recent LCRDM report “Data sovereignty, data governance and digital sovereignty”. Leiden-specific guidelines are currently being developed.

Data sovereignty relates to the control an organisation has over data, while data governance refers to the organizational structure, oversight and processes involved in data management (LCRDM report p. 7).

When we at the Centre for Digital Scholarship give our data management courses, we notice that it is a common misconception for people to think that the data they produce are also ‘owned’ by them. However, it is often the case that when you produce the data as part of your employment, your employer (i.e. the university) ‘owns’, or rather has the responsibility for, the data. While in practice universities tend to delegate this responsibility to the research institute and the researcher, this is nonetheless important to keep in mind. What will happen, for example, if you move to another university? Will you be able to take ‘your’ data with you or do you need to get permission to do this? And who decides? As the LCRDM report highlights, the interpretation of responsibility related to data varies among universities and it is therefore important for each institution to clarify where the responsibilities lie and what the possibilities are. Centre for Digital Scholarship copyright expert Erna Sattler is currently involved in defining what this means here at Leiden University.

The LCRDM report also (briefly) goes into digital sovereignty. This relates to the “right and ability of an organisation to independently control its own digital data and supporting systems and infrastructure” (LCRDM report p. 7). This is a broad topic with issues also relating to knowledge and cyber security that need to be addressed at a European, national, and institutional level. Nonetheless, as an individual working at a university, it helps to be aware of the issues — for example, if you put research data in a personal account in a cloud owned by a US-based company, US governmental institutions could request access. In other words, you and/or the university would lose sovereignty over the data. This is especially relevant if the dataset includes personal or otherwise sensitive data. At Leiden University there are guidelines as to which platforms to use for storing and sharing data during the research phase, and you can ask your data steward for advice on where to publish or archive the data for the long term (we also have a video on this topic). In a trusted repository you will not (be forced to) transfer the ‘sovereignty’ of the data.

Read more

LCRDM. (2024). Data sovereignty, data governance and digital sovereignty. Zenodo. https://doi.org/10.5281/zenodo.10837008