Amsterdam Privacy Conference and Where UvA Stores Your Data

My name is Dino Wildi, I used to live near Zurich in Switzerland, I am in the first semester of a one-year Master’s programme in European Politics, I was born in May 1996 and I am male. All of this information, together with my phone number, address, and my parents’ bank account, is stored on the servers of the University of Amsterdam. According to UvA’s privacy statement, this data may be used for many different things. A lot of those data uses are necessary for the functioning of the university, such as the possibility to check whether students fulfil the requirements to attend classes or to register to the university in the first place.

However, there are also uses of data that may be more contentious. UvA can use personal information for research, or for “newsletters, invitations to participate in student surveys.” While such applications may still be completely legitimate, they are not nearly as obvious and expected as the use for educational purposes necessary to run a university, and may not be considered by students who are conscious of their privacy. Those applications may require consent from students, but the privacy statement of UvA cites legitimate interest as a basis for the procession of personal data by the university. Personal data may also leave the hands of the university. “Satisfaction survey organizers, insurers, accountants, debt collection agencies and investigatory agencies” may all be trusted with student data by UvA.

While there is little reason to assume that this data is used by the university to do harm, it is something that many students are not aware of. This was one of the topics discussed at the opening event of the Amsterdam Privacy Conference from October 5 to 8. For four days, international experts on privacy assembled at the University of Amsterdam to discuss the challenges of privacy in today’s world, and to provide different angles on the topic to the general public. While a large part of the debate in the public, politics, and academia focuses on how we can regulate an increasingly data-based economy, it is important to remember that public institutions also collect high amounts of potentially sensitive data.

The great question raised by the development of the increasingly extensive storage of data, is whether it is bad if data is used to the benefit of the individual, and how to ensure that this is how data is used, Geert ten Dam, President of the UvA Executive Board, said in her opening speech at the conference. In her keynote speech, Marleen Stikker from the public research institute Waag pointed out the growing trouble with retaining sovereignty over our personal data. As the hidden collection of data increases and as we are often not aware of how data is collected, keeping control can become even harder. Sometimes it can be impossible to avoid data collection, as in the case of the student data that is required to run a university.

However, the extent of this data collection is often unknown and may be unnecessary. Even just within the university, sensitive information such as health data is collected for the purpose of “educational logistics processes”. Even though UvA commits itself to keep the collection of data to a minimum, the list is long. As another researcher at the Amsterdam Privacy Conference, anthropologist Khiara M. Bridges, points out; government institutions are often not necessarily good at keeping privacy in mind and are rarely held accountable because of their seemingly good intentions in data collections. This accountability is key to ensuring that the data stored by UvA and other public institutions is done responsibly and used for appropriate purposes. Only this can ensure a fair dialogue between the public and data-collecting institutions, that will ensure the informed consent of the people involved and a fair protection of their privacy.