The Sixth Interdisciplinary Summerschool on Privacy (ISP 2025)

The sixth Interdisciplinary Summerschool on Privacy will take place July 6 - 11, 2025, at hotel Erica, Berg en Dal, the Netherlands.

This year's topic: Digitalization of the Public Sector: Risks, Rights, and Resistance.

Registration is now open!

The interdisciplinary summerschool on privacy provides an intensive one week academic post-graduate programme teaching privacy from a technical, legal and social perspective. The goal of the summerschool is to provide students with a solid background in the theory of privacy construction, modelling and protection from these three different perspectives. It also aims to help them to establish a first international network with peers and senior academics across these disparate disciplines.

Digitalization of the Public Sector: Risks, Rights, and Resistance

States, and their institutions, are increasingly dependent on digital infrastructure and tools to deliver public services. The digitisation of state functions is primarily motivated by the prospect of efficiency savings. However, the resulting dependence on private IT infrastructure has consequences for the preservation of public values and the protection of fundamental rights. What seems like a "technical project" shifts power dynamics within the public sector leading to risks of centralization, corporate control, and new forms of citizen surveillance. In the absence of (technical) transparency about these public-private interactions, it is difficult to identify which entities become involved in state functions and who are the actors responsible for data protection. These profound implications for accountablility, fundamental rights and democratic control affect critical sectors such as education, healthcare, media, and public administration. This year's Interdisciplinary Summerschool on Privacy explores these challenges arising from the digitalization of the public sector. In particular, it critically evaluates the various roles data protection and privacy play in these new constellations. 

We aim to ask what are the risks to privacy and data protection that arise with the widespread outsourcing of public IT and services to dominant corporate providers? How far does this process enable providers to impose their terms of data processing on the state and to gain access to scarce and sensitive citizen data? Can this further entrench the dominance of private IT actors while deepening the state's dependency and exacerbating the vulnerability of its residents to power aysmmetries? From a citizen's perspective, essential services increasingly require smartphones, limiting accessibility and reinforcing digital exclusion. Meanwhile, examples like digital contact tracing and digital identity wallets show how the balance of power between public and private actors can be reshaped. How do these developments impact accountability of relevant actors and raise concerns, such as the expansion of public and private surveillance capacities?

Beyond these questions, privacy and data protection frameworks can also pave the way for unexpected entanglements that we plan to explore throughout the week long event. At times, tech companies promise privacy guarantees, even refraining from collecting data, in order to push their infrastructures for health, education etc. At other times, privacy technologies are utilized by public institutions to share or link databases across agencies, increasing surveillance capabilities of government authorities. And at yet other times, privacy and data protection can be useful to put constraints on wholesale migration of public services to cloud providers. 

While we will focus on privacy, the lectures will also touch on the extent to which private companies consider the interests of affected stakeholders, public values, and contextual norms when entering public sectors. Lectures will touch on examples of resistance, strategies, and concepts like critical data literacy, data disentanglement, friction, and sphere transgressions that can foster citizen awareness, agency, and emancipation. While working on case studies, we will consider how we should design data-driven systems that uphold the public interest and common good.