SlideShare uma empresa Scribd logo

20200504_OpenAIRE Legal Policy Webinar: GDPR and Sharing Data

Transferir como PPTX, PDF
OpenAIRE
OpenAIRE

Presentation by Jacques Flores Dourojeanni (Research Data Management Consultant Utrecht University Library), as delivered during the OpenAIRE Legal Policy Webinar series on May 4th 2020. More information and recordings: https://www.openaire.eu/item/openaire-legal-policy-webinars

Ciências
1 de 26
GDPR and Sharing Data Dr. Jacques Flores Dourojeanni Research Data Management Consultant RDM Support -Utrecht University Library https://www.uu.nl/en/research/research-data-management
Legal Basis How can I legally collect personal data?
Personal data may only be processed if at least one of the following applies: o Informed Consent o Legitimate interest of the controller o Legal Obligation o Contractual o Vital interest of the data subject o Public Interest Lawfulness of Processing (Art. 6) Collecting information from social media that was meant for the public domain …The EDPB considers that the fight against COVID-19 has been recognized by the EU and most of its Member States as an important public interest which may require urgent action in the field of scientific research… (63) Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak Used to meet the Legal and Ethical obligations a researcher holds towards their participants
Informed Consent Freely given Must be a real choice and not influenced by external factors Specific Bound to several specified purposes which are sufficiently explained Informed What kind of data; How it will be used; With what purpose; Right to withdraw Unambiguous A clear affirmative statement
Data subjects must be (at the very least) provided with • The controller’s identity and contact details • DPO’s contact details (if there is one) • Purpose and legal basis for collecting their personal data • Categories of personal data • Data Subject Rights Other requirements may be in place for • Third country transfers • Multiple controllers • Automated Decision-making processes Right to Information
Purpose Limitation How can I share/reuse data compliantly?
Purpose limitation and Data Reuse The GDPR distinguishes between two types of data use: 1. Research on personal (health) data which consists in the use of data directly collected for the purpose of scientific studies (“primary use”) Initial data collection 2. Research on personal (health) data which consists of the further processing of data initially collected for another purpose (“secondary use”) Reusing Data
Data Reuse and GDPR The GDPR allows for the secondary use of data (further processing) if it is for “research purposes” only if: Appropriate technical and organizational measures are in place to ensure the privacy of the data subjects is been adequately and protected Recital 50 and Article (89)
Encryption Anonymization Pseudonymization Technical and Organizational measures Minimization Aggregation/Abstraction
Further processing for research purposes is considered to be a compatible purpose as long as appropriate safeguards are in place (Recital 50 GDPR) Purpose limitation (Art. 6) Personal Data collected for Epidemiological Research Reused for Epidemiological Research GDPR
Purpose limitation (Art. 6) Personal Data collected for Epidemological Research Reused for Cancer Immunology Research GDPR Further processing for research purposes is considered to be a compatible purpose as long as appropriate safeguards are in place (Recital 50 GDPR)
Purpose limitation (Art. 6) Personal Data collected for Hormone Research Reused for Gender Studies GDPR Further processing for research purposes is considered to be a compatible purpose as long as appropriate safeguards are in place (Recital 50 GDPR)
Just because it is Legal does not mean it is Ethical Ethical vs Legal
Right to Information still applies when reusing data! Even if re-consent is not required to further process the data, the data subjects still have a right to be informed about the new processes! This may be achieved via individual contact if possible or public announcements (websites, newsletters) In some cases the right to inform may be waived if it involves a “disproportionate effort” to comply… It falls upon the controller to prove this and show that a legitimate effort has been made to explore why it is “disproportionate” i.e.: A dataset that has • No contact information • Data has been heavily pseudonymized • Poses low risk to the individuals • No central forum/platform where information can be made available
Sharing Personal Data How should I formulate an informed consent form to facilitate data sharing?
“DO’S” of Sharing Data and Informed Consent  Provide information on the intent to share the data and the conditions for sharing Make it clear to the participant [ in the information section] that one of the goals is to share the data collected with the research community. i.e. Other researchers may request access to data in the future. Access will only be granted if they agree to preserve the confidentiality of the information as requested in this form. Their access will also require approval from the original research team.
“DO’S” of Sharing Data and Informed Consent  Be transparent about which information you will make available Be granular about which data will be deposited I give permission to deposit my impulsivity test scores, weight, age and gender data in a repository
“DO’S” of Sharing Data and Informed Consent  State the methods you will apply to reduce the risks of identification Be specific about the methods employed to improve security and privacy i.e. I give permission to deposit my pseudonymized impulsivity test scores, weight, age and gender data in a… i.e. The principal investigator will keep a link that identifies you to your coded information, but this link will be kept secure and available only to the principal investigator or selected members of the research team. Any information that can directly identify you will remain confidential. Your age and weight will be grouped into ranges (i.e. 20-30yo, 60-70kg) to reduce the risk of re-identification.
DON’TS Informed Consent: Sharing Data
“DON’TS” of Sharing Data and Informed Consent  Avoid terms such as fully anonymous Very difficult to achieve To be truly anonymous, it should not be possible to re-identify an individual by any means. Including using external databases, even if such databases are unknown to the researcher.
“DON’TS” of Sharing Data and Informed Consent  Avoid promises to destroy all the data Unless absolutely certain it will be done Have good reasons for destroying data such as • The information has been transcribed (audio files) • No longer needed for verification and re-use no longer expected Be specific about which data you plan to destroy
“DON’TS” of Sharing Data and Informed Consent  Avoid promises that all the data will only be accessed by the research team Instead describe explicitly which parts of the data will indeed only be accessed by the research teams and which will be available to others (after proper measures are taken to increase privacy).
How to Share personal data Share the metadata and place the data under restricted access • When requested for the data only share it if requesters fill out a Data transfer agreement and meet the legal requirements
Key points • The GDPR asks researchers to be transparent towards their participants as to how their data will be handled and for what purpose. • Personal data collected for research purposes holds a privileged spot within the legislation which softens restrictions so long as proper safeguard and measures are adopted.
Q1: What is the best way to deal with international research consortia? Can you govern the rules of personal data exchange in the consortium agreement and/or do you always need to setup standard contractual clauses in case the consortium contains partners outside the EEA? Q2: Does GDPR applies for European Union only or it covers other countries? Q3: When are patient data sufficiently de-identified to be able to share datasets publicly online? What should be in place? What to take into account? Q4: What do you think of the privacy conditions of online meeting applications such as Zoom?
Q5: How to manage published, but controlled access datasets for the long-term? Should participants be receiving updates about how the data are being used ? And who will be determining whether a third party gets access (since most PhDs don't stay on at the same institution)? Q6: Ideally when sharing data that falls under the GDPR purview, we want to have third parties sign a data sharing agreement: can we set up standard models for such an agreement? Q7: For data that doesn't meet the standards of what is anonymous, but would be quite difficult to re-identify, is there an option to control access solely by requiring the re-user to digitally sign a list of Terms and Conditions for re-use, e.g. as part of a license on the data? Then there isn't someone at the institution determining access, but access is somewhat controlled by a legal document. If so, can we come up with some models for these Terms and Conditions?

Recomendados

20200429_OpenAIRE Legal Policy Webinar: GDPR and Sharing Data
20200429_OpenAIRE Legal Policy Webinar: GDPR and Sharing Data20200429_OpenAIRE Legal Policy Webinar: GDPR and Sharing Data
20200429_OpenAIRE Legal Policy Webinar: GDPR and Sharing Data
OpenAIRE
 
20200429_Data, Data Ownership and Open Science
20200429_Data, Data Ownership and Open Science20200429_Data, Data Ownership and Open Science
20200429_Data, Data Ownership and Open Science
OpenAIRE
 
20200504_Data, Data Ownership and Open Science
20200504_Data, Data Ownership and Open Science20200504_Data, Data Ownership and Open Science
20200504_Data, Data Ownership and Open Science
OpenAIRE
 
20200429_Research Data & the GDPR: How Open is Open? (updated version)
20200429_Research Data & the GDPR: How Open is Open? (updated version)20200429_Research Data & the GDPR: How Open is Open? (updated version)
20200429_Research Data & the GDPR: How Open is Open? (updated version)
OpenAIRE
 
20200504_Research Data & the GDPR: How Open is Open?
20200504_Research Data & the GDPR: How Open is Open?20200504_Research Data & the GDPR: How Open is Open?
20200504_Research Data & the GDPR: How Open is Open?
OpenAIRE
 
OpenAire Sessions - Joris Deene
OpenAire Sessions - Joris DeeneOpenAire Sessions - Joris Deene
OpenAire Sessions - Joris Deene
Open Knowledge Belgium
 
Preparing research data for sharing
Preparing research data for sharingPreparing research data for sharing
Preparing research data for sharing
London School of Hygiene and Tropical Medicine
 
Legal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research dataLegal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research data
OpenAIRE
 

Recomendados

20200429_OpenAIRE Legal Policy Webinar: GDPR and Sharing Data
20200429_OpenAIRE Legal Policy Webinar: GDPR and Sharing Data20200429_OpenAIRE Legal Policy Webinar: GDPR and Sharing Data
20200429_OpenAIRE Legal Policy Webinar: GDPR and Sharing Data
OpenAIRE
 
20200429_Data, Data Ownership and Open Science
20200429_Data, Data Ownership and Open Science20200429_Data, Data Ownership and Open Science
20200429_Data, Data Ownership and Open Science
OpenAIRE
 
20200504_Data, Data Ownership and Open Science
20200504_Data, Data Ownership and Open Science20200504_Data, Data Ownership and Open Science
20200504_Data, Data Ownership and Open Science
OpenAIRE
 
20200429_Research Data & the GDPR: How Open is Open? (updated version)
20200429_Research Data & the GDPR: How Open is Open? (updated version)20200429_Research Data & the GDPR: How Open is Open? (updated version)
20200429_Research Data & the GDPR: How Open is Open? (updated version)
OpenAIRE
 
20200504_Research Data & the GDPR: How Open is Open?
20200504_Research Data & the GDPR: How Open is Open?20200504_Research Data & the GDPR: How Open is Open?
20200504_Research Data & the GDPR: How Open is Open?
OpenAIRE
 
OpenAire Sessions - Joris Deene
OpenAire Sessions - Joris DeeneOpenAire Sessions - Joris Deene
OpenAire Sessions - Joris Deene
Open Knowledge Belgium
 
Preparing research data for sharing
Preparing research data for sharingPreparing research data for sharing
Preparing research data for sharing
London School of Hygiene and Tropical Medicine
 
Legal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research dataLegal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research data
OpenAIRE
 
Open if Possible, Protected if Needed: Services and tools for the sharing of...
Open if Possible, Protected if Needed: Services and tools for the sharing of...Open if Possible, Protected if Needed: Services and tools for the sharing of...
Open if Possible, Protected if Needed: Services and tools for the sharing of...
OpenAIRE
 
The Open Research Data Pilot: Personal Data and PSI Rules, Andreas Wiebe and ...
The Open Research Data Pilot: Personal Data and PSI Rules, Andreas Wiebe and ...The Open Research Data Pilot: Personal Data and PSI Rules, Andreas Wiebe and ...
The Open Research Data Pilot: Personal Data and PSI Rules, Andreas Wiebe and ...
OpenAIRE
 
Research data management : Open Research Data pilot, data management (plans),...
Research data management : Open Research Data pilot, data management (plans),...Research data management : Open Research Data pilot, data management (plans),...
Research data management : Open Research Data pilot, data management (plans),...
Leon Osinski
 
DataONE Education Module 10: Legal and Policy Issues
DataONE Education Module 10: Legal and Policy IssuesDataONE Education Module 10: Legal and Policy Issues
DataONE Education Module 10: Legal and Policy Issues
DataONE
 
MANTRA Research Data Lifecycle
MANTRA Research Data LifecycleMANTRA Research Data Lifecycle
MANTRA Research Data Lifecycle
EDINA, University of Edinburgh
 
Data mining
Data miningData mining
Data mining
Ritesh Tiwari
 
Brenda M. Simon, "The Pathologies of Biomedical ‘Data-Generating’ Patents: Le...
Brenda M. Simon, "The Pathologies of Biomedical ‘Data-Generating’ Patents: Le...Brenda M. Simon, "The Pathologies of Biomedical ‘Data-Generating’ Patents: Le...
Brenda M. Simon, "The Pathologies of Biomedical ‘Data-Generating’ Patents: Le...
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
Horizon 2020 Open Research Data Pilot, Jean-Claude Burgelman, DG RTD European...
Horizon 2020 Open Research Data Pilot, Jean-Claude Burgelman, DG RTD European...Horizon 2020 Open Research Data Pilot, Jean-Claude Burgelman, DG RTD European...
Horizon 2020 Open Research Data Pilot, Jean-Claude Burgelman, DG RTD European...
OpenAIRE
 
UK & EU Freedom of Information & Data Protection: Continuity & Change
UK & EU Freedom of Information & Data Protection: Continuity & ChangeUK & EU Freedom of Information & Data Protection: Continuity & Change
UK & EU Freedom of Information & Data Protection: Continuity & Change
David Erdos
 
IDCC workshop: OpenAIRE services and tools for Open Research Data in H2020
IDCC workshop: OpenAIRE services and tools for Open Research Data in H2020IDCC workshop: OpenAIRE services and tools for Open Research Data in H2020
IDCC workshop: OpenAIRE services and tools for Open Research Data in H2020
OpenAIRE
 
ANDS health and medical data webinar 16 May. Storing and Publishing Health an...
ANDS health and medical data webinar 16 May. Storing and Publishing Health an...ANDS health and medical data webinar 16 May. Storing and Publishing Health an...
ANDS health and medical data webinar 16 May. Storing and Publishing Health an...
ARDC
 
ANDS health and medical data webinar 23 May 2017. Ethics, Legal issues and Da...
ANDS health and medical data webinar 23 May 2017. Ethics, Legal issues and Da...ANDS health and medical data webinar 23 May 2017. Ethics, Legal issues and Da...
ANDS health and medical data webinar 23 May 2017. Ethics, Legal issues and Da...
ARDC
 
Key principles for data protection & lawful protection in GDPR
Key principles for data protection & lawful protection in GDPRKey principles for data protection & lawful protection in GDPR
Key principles for data protection & lawful protection in GDPR
Dr. Marinos Papadopoulos
 
Data mining
Data miningData mining
Data mining
Birju Tank
 
Legal issues in dealing with Research Data - new OpenAIRE guides for research...
Legal issues in dealing with Research Data - new OpenAIRE guides for research...Legal issues in dealing with Research Data - new OpenAIRE guides for research...
Legal issues in dealing with Research Data - new OpenAIRE guides for research...
OpenAIRE
 
Preparing Research Data for Sharing
Preparing Research Data for SharingPreparing Research Data for Sharing
Preparing Research Data for Sharing
London School of Hygiene and Tropical Medicine
 
Good (enough) research data management practices
Good (enough) research data management practicesGood (enough) research data management practices
Good (enough) research data management practices
Leon Osinski
 
data mining privacy concerns ppt presentation
data mining privacy concerns ppt presentationdata mining privacy concerns ppt presentation
data mining privacy concerns ppt presentation
iWriteEssays
 
Ib3514141422
Ib3514141422Ib3514141422
Ib3514141422
IJERA Editor
 
OpenAIRE webinars during OA week 2017: Legal aspects of Open Science (Thomas ...
OpenAIRE webinars during OA week 2017: Legal aspects of Open Science (Thomas ...OpenAIRE webinars during OA week 2017: Legal aspects of Open Science (Thomas ...
OpenAIRE webinars during OA week 2017: Legal aspects of Open Science (Thomas ...
OpenAIRE
 
Protection of patient data in EU vs. US
Protection of patient data in EU vs. USProtection of patient data in EU vs. US
Protection of patient data in EU vs. US
Erik R. Ranschaert, MD, PhD
 
Using Open Science to advance science - advancing open data
Using Open Science to advance science - advancing open data Using Open Science to advance science - advancing open data
Using Open Science to advance science - advancing open data
Robert Oostenveld
 

Mais conteúdo relacionado

Mais procurados

Brenda M. Simon, "The Pathologies of Biomedical ‘Data-Generating’ Patents: Le...
Brenda M. Simon, "The Pathologies of Biomedical ‘Data-Generating’ Patents: Le...Brenda M. Simon, "The Pathologies of Biomedical ‘Data-Generating’ Patents: Le...
Brenda M. Simon, "The Pathologies of Biomedical ‘Data-Generating’ Patents: Le...
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 

Mais procurados (20)

Open if Possible, Protected if Needed: Services and tools for the sharing of...
Open if Possible, Protected if Needed: Services and tools for the sharing of...Open if Possible, Protected if Needed: Services and tools for the sharing of...
Open if Possible, Protected if Needed: Services and tools for the sharing of...
 
The Open Research Data Pilot: Personal Data and PSI Rules, Andreas Wiebe and ...
The Open Research Data Pilot: Personal Data and PSI Rules, Andreas Wiebe and ...The Open Research Data Pilot: Personal Data and PSI Rules, Andreas Wiebe and ...
The Open Research Data Pilot: Personal Data and PSI Rules, Andreas Wiebe and ...
 
Research data management : Open Research Data pilot, data management (plans),...
Research data management : Open Research Data pilot, data management (plans),...Research data management : Open Research Data pilot, data management (plans),...
Research data management : Open Research Data pilot, data management (plans),...
 
DataONE Education Module 10: Legal and Policy Issues
DataONE Education Module 10: Legal and Policy IssuesDataONE Education Module 10: Legal and Policy Issues
DataONE Education Module 10: Legal and Policy Issues
 
MANTRA Research Data Lifecycle
MANTRA Research Data LifecycleMANTRA Research Data Lifecycle
MANTRA Research Data Lifecycle
 
Data mining
Data miningData mining
Data mining
 
Brenda M. Simon, "The Pathologies of Biomedical ‘Data-Generating’ Patents: Le...
Brenda M. Simon, "The Pathologies of Biomedical ‘Data-Generating’ Patents: Le...Brenda M. Simon, "The Pathologies of Biomedical ‘Data-Generating’ Patents: Le...
Brenda M. Simon, "The Pathologies of Biomedical ‘Data-Generating’ Patents: Le...
 
Horizon 2020 Open Research Data Pilot, Jean-Claude Burgelman, DG RTD European...
Horizon 2020 Open Research Data Pilot, Jean-Claude Burgelman, DG RTD European...Horizon 2020 Open Research Data Pilot, Jean-Claude Burgelman, DG RTD European...
Horizon 2020 Open Research Data Pilot, Jean-Claude Burgelman, DG RTD European...
 
UK & EU Freedom of Information & Data Protection: Continuity & Change
UK & EU Freedom of Information & Data Protection: Continuity & ChangeUK & EU Freedom of Information & Data Protection: Continuity & Change
UK & EU Freedom of Information & Data Protection: Continuity & Change
 
IDCC workshop: OpenAIRE services and tools for Open Research Data in H2020
IDCC workshop: OpenAIRE services and tools for Open Research Data in H2020IDCC workshop: OpenAIRE services and tools for Open Research Data in H2020
IDCC workshop: OpenAIRE services and tools for Open Research Data in H2020
 
ANDS health and medical data webinar 16 May. Storing and Publishing Health an...
ANDS health and medical data webinar 16 May. Storing and Publishing Health an...ANDS health and medical data webinar 16 May. Storing and Publishing Health an...
ANDS health and medical data webinar 16 May. Storing and Publishing Health an...
 
ANDS health and medical data webinar 23 May 2017. Ethics, Legal issues and Da...
ANDS health and medical data webinar 23 May 2017. Ethics, Legal issues and Da...ANDS health and medical data webinar 23 May 2017. Ethics, Legal issues and Da...
ANDS health and medical data webinar 23 May 2017. Ethics, Legal issues and Da...
 
Key principles for data protection & lawful protection in GDPR
Key principles for data protection & lawful protection in GDPRKey principles for data protection & lawful protection in GDPR
Key principles for data protection & lawful protection in GDPR
 
Data mining
Data miningData mining
Data mining
 
Legal issues in dealing with Research Data - new OpenAIRE guides for research...
Legal issues in dealing with Research Data - new OpenAIRE guides for research...Legal issues in dealing with Research Data - new OpenAIRE guides for research...
Legal issues in dealing with Research Data - new OpenAIRE guides for research...
 
Preparing Research Data for Sharing
Preparing Research Data for SharingPreparing Research Data for Sharing
Preparing Research Data for Sharing
 
Good (enough) research data management practices
Good (enough) research data management practicesGood (enough) research data management practices
Good (enough) research data management practices
 
data mining privacy concerns ppt presentation
data mining privacy concerns ppt presentationdata mining privacy concerns ppt presentation
data mining privacy concerns ppt presentation
 
Ib3514141422
Ib3514141422Ib3514141422
Ib3514141422
 
OpenAIRE webinars during OA week 2017: Legal aspects of Open Science (Thomas ...
OpenAIRE webinars during OA week 2017: Legal aspects of Open Science (Thomas ...OpenAIRE webinars during OA week 2017: Legal aspects of Open Science (Thomas ...
OpenAIRE webinars during OA week 2017: Legal aspects of Open Science (Thomas ...
 

Semelhante a 20200504_OpenAIRE Legal Policy Webinar: GDPR and Sharing Data

Legal barriers to better use of health data to deliver pharmaceutical innovation
Legal barriers to better use of health data to deliver pharmaceutical innovationLegal barriers to better use of health data to deliver pharmaceutical innovation
Legal barriers to better use of health data to deliver pharmaceutical innovation
Office of Health Economics
 

Semelhante a 20200504_OpenAIRE Legal Policy Webinar: GDPR and Sharing Data (20)

Protection of patient data in EU vs. US
Protection of patient data in EU vs. USProtection of patient data in EU vs. US
Protection of patient data in EU vs. US
 
Using Open Science to advance science - advancing open data
Using Open Science to advance science - advancing open data Using Open Science to advance science - advancing open data
Using Open Science to advance science - advancing open data
 
GDPR Presentation
GDPR PresentationGDPR Presentation
GDPR Presentation
 
Using Open Science to accelerate advancements in auditory EEG signal processing
Using Open Science to accelerate advancements in auditory EEG signal processingUsing Open Science to accelerate advancements in auditory EEG signal processing
Using Open Science to accelerate advancements in auditory EEG signal processing
 
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral ResearchersAdjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
 
Publishing and sharing sensitive data 28 June
Publishing and sharing sensitive data 28 JunePublishing and sharing sensitive data 28 June
Publishing and sharing sensitive data 28 June
 
big-data-and-data-sharing_ethical-issues.pdf
big-data-and-data-sharing_ethical-issues.pdfbig-data-and-data-sharing_ethical-issues.pdf
big-data-and-data-sharing_ethical-issues.pdf
 
Part 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdfPart 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdf
 
20160719 23 Research Data Things
20160719 23 Research Data Things20160719 23 Research Data Things
20160719 23 Research Data Things
 
Brisbane Health-y Data: What are health and sensitive data and why are they t...
Brisbane Health-y Data: What are health and sensitive data and why are they t...Brisbane Health-y Data: What are health and sensitive data and why are they t...
Brisbane Health-y Data: What are health and sensitive data and why are they t...
 
Questions asked during 23 May webinar (Ethics, Legal issues and data sharing)
Questions asked during 23 May webinar (Ethics, Legal issues and data sharing)Questions asked during 23 May webinar (Ethics, Legal issues and data sharing)
Questions asked during 23 May webinar (Ethics, Legal issues and data sharing)
 
Increasing transparency in Medical Education through Open Data
Increasing transparency in Medical Education through Open Data Increasing transparency in Medical Education through Open Data
Increasing transparency in Medical Education through Open Data
 
The Intersection of Social Media and Human Subjects Research
The Intersection of Social Media and Human Subjects ResearchThe Intersection of Social Media and Human Subjects Research
The Intersection of Social Media and Human Subjects Research
 
Information Privacy?! (GDPR)
Information Privacy?! (GDPR)Information Privacy?! (GDPR)
Information Privacy?! (GDPR)
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
 
Donders Repository - removing barriers for management and sharing of research...
Donders Repository - removing barriers for management and sharing of research...Donders Repository - removing barriers for management and sharing of research...
Donders Repository - removing barriers for management and sharing of research...
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 
Methodologies for Addressing Privacy and Social Issues in Health Data: A Case...
Methodologies for Addressing Privacy and Social Issues in Health Data: A Case...Methodologies for Addressing Privacy and Social Issues in Health Data: A Case...
Methodologies for Addressing Privacy and Social Issues in Health Data: A Case...
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPR
 
Legal barriers to better use of health data to deliver pharmaceutical innovation
Legal barriers to better use of health data to deliver pharmaceutical innovationLegal barriers to better use of health data to deliver pharmaceutical innovation
Legal barriers to better use of health data to deliver pharmaceutical innovation
 

Mais de OpenAIRE

Mais de OpenAIRE (20)

10th OpenAIRE Content Providers Community Call
10th OpenAIRE Content Providers Community Call10th OpenAIRE Content Providers Community Call
10th OpenAIRE Content Providers Community Call
 
9th Content Providers Community Call\
9th Content Providers Community Call\9th Content Providers Community Call\
9th Content Providers Community Call\
 
OpenAIRE in the European Open Science Cloud (EOSC)
OpenAIRE in the European Open Science Cloud (EOSC)OpenAIRE in the European Open Science Cloud (EOSC)
OpenAIRE in the European Open Science Cloud (EOSC)
 
8th Content Providers Community Call
8th Content Providers Community Call8th Content Providers Community Call
8th Content Providers Community Call
 
7th Content Providers Community Call
7th Content Providers Community Call7th Content Providers Community Call
7th Content Providers Community Call
 
OpenAIRE PROVIDE Dashboard for Turkish repository managers
OpenAIRE PROVIDE Dashboard for Turkish repository managersOpenAIRE PROVIDE Dashboard for Turkish repository managers
OpenAIRE PROVIDE Dashboard for Turkish repository managers
 
What will it cost to manage and share my data?
What will it cost to manage and share my data?What will it cost to manage and share my data?
What will it cost to manage and share my data?
 
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 3)
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 3)Open Research Gateway for the ELIXIR-GR Infrastructure (Part 3)
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 3)
 
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 2)
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 2)Open Research Gateway for the ELIXIR-GR Infrastructure (Part 2)
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 2)
 
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 1)
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 1)Open Research Gateway for the ELIXIR-GR Infrastructure (Part 1)
Open Research Gateway for the ELIXIR-GR Infrastructure (Part 1)
 
6th Content Providers Community Call
6th Content Providers Community Call6th Content Providers Community Call
6th Content Providers Community Call
 
COVID-19: Activities, tools, best practice and contact points in Greece
COVID-19: Activities, tools, best practice and contact points in Greece COVID-19: Activities, tools, best practice and contact points in Greece
COVID-19: Activities, tools, best practice and contact points in Greece
 
5th Content Providers Community Call
5th Content Providers Community Call5th Content Providers Community Call
5th Content Providers Community Call
 
4th Content Providers Community Call
4th Content Providers Community Call4th Content Providers Community Call
4th Content Providers Community Call
 
3rd Content Providers Community Call
3rd Content Providers Community Call3rd Content Providers Community Call
3rd Content Providers Community Call
 
2nd Content Providers Community Call
2nd Content Providers Community Call2nd Content Providers Community Call
2nd Content Providers Community Call
 
1st Content Providers Community Call
1st Content Providers Community Call1st Content Providers Community Call
1st Content Providers Community Call
 
20200130_Mannocci_OpenAIRE_ResearchGraph
20200130_Mannocci_OpenAIRE_ResearchGraph20200130_Mannocci_OpenAIRE_ResearchGraph
20200130_Mannocci_OpenAIRE_ResearchGraph
 
IPR and Exploitation
IPR and Exploitation IPR and Exploitation
IPR and Exploitation
 
Eosc_OpenAIRE_onboarding_v2
Eosc_OpenAIRE_onboarding_v2Eosc_OpenAIRE_onboarding_v2
Eosc_OpenAIRE_onboarding_v2
 

Último

Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verifiedConnaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Delhi Call girls
 
Dubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai Young
Dubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai YoungDubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai Young
Dubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai Young
kajalvid75
 
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 bAsymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Sérgio Sacani
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 60009654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
Sapana Sha
 
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdfPests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
PirithiRaju
 
development of diagnostic enzyme assay to detect leuser virus
development of diagnostic enzyme assay to detect leuser virusdevelopment of diagnostic enzyme assay to detect leuser virus
development of diagnostic enzyme assay to detect leuser virus
NazaninKarimi6
 
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
Nitya salvi
 
Pests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdfPests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdf
PirithiRaju
 
Bacterial Identification and Classifications
Bacterial Identification and ClassificationsBacterial Identification and Classifications
Bacterial Identification and Classifications
Areesha Ahmad
 

Último (20)

Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....
Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....
Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....
 
Clean In Place(CIP).pptx .
Clean In Place(CIP).pptx .Clean In Place(CIP).pptx .
Clean In Place(CIP).pptx .
 
Introduction to Viruses
Introduction to VirusesIntroduction to Viruses
Introduction to Viruses
 
300003-World Science Day For Peace And Development.pptx
300003-World Science Day For Peace And Development.pptx300003-World Science Day For Peace And Development.pptx
300003-World Science Day For Peace And Development.pptx
 
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verifiedConnaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
 
Dubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai Young
Dubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai YoungDubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai Young
Dubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai Young
 
Site Acceptance Test .
Site Acceptance Test .Site Acceptance Test .
Site Acceptance Test .
 
Locating and isolating a gene, FISH, GISH, Chromosome walking and jumping, te...
Locating and isolating a gene, FISH, GISH, Chromosome walking and jumping, te...Locating and isolating a gene, FISH, GISH, Chromosome walking and jumping, te...
Locating and isolating a gene, FISH, GISH, Chromosome walking and jumping, te...
 
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICESAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
 
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 bAsymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 60009654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
 
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdfPests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
 
GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)
 
development of diagnostic enzyme assay to detect leuser virus
development of diagnostic enzyme assay to detect leuser virusdevelopment of diagnostic enzyme assay to detect leuser virus
development of diagnostic enzyme assay to detect leuser virus
 
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
 
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
 
chemical bonding Essentials of Physical Chemistry2.pdf
chemical bonding Essentials of Physical Chemistry2.pdfchemical bonding Essentials of Physical Chemistry2.pdf
chemical bonding Essentials of Physical Chemistry2.pdf
 
Pests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdfPests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdf
 
Bacterial Identification and Classifications
Bacterial Identification and ClassificationsBacterial Identification and Classifications
Bacterial Identification and Classifications
 

20200504_OpenAIRE Legal Policy Webinar: GDPR and Sharing Data

  • 1. GDPR and Sharing Data Dr. Jacques Flores Dourojeanni Research Data Management Consultant RDM Support -Utrecht University Library https://www.uu.nl/en/research/research-data-management
  • 2. Legal Basis How can I legally collect personal data?
  • 3. Personal data may only be processed if at least one of the following applies: o Informed Consent o Legitimate interest of the controller o Legal Obligation o Contractual o Vital interest of the data subject o Public Interest Lawfulness of Processing (Art. 6) Collecting information from social media that was meant for the public domain …The EDPB considers that the fight against COVID-19 has been recognized by the EU and most of its Member States as an important public interest which may require urgent action in the field of scientific research… (63) Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak Used to meet the Legal and Ethical obligations a researcher holds towards their participants
  • 4. Informed Consent Freely given Must be a real choice and not influenced by external factors Specific Bound to several specified purposes which are sufficiently explained Informed What kind of data; How it will be used; With what purpose; Right to withdraw Unambiguous A clear affirmative statement
  • 5. Data subjects must be (at the very least) provided with • The controller’s identity and contact details • DPO’s contact details (if there is one) • Purpose and legal basis for collecting their personal data • Categories of personal data • Data Subject Rights Other requirements may be in place for • Third country transfers • Multiple controllers • Automated Decision-making processes Right to Information
  • 6. Purpose Limitation How can I share/reuse data compliantly?
  • 7. Purpose limitation and Data Reuse The GDPR distinguishes between two types of data use: 1. Research on personal (health) data which consists in the use of data directly collected for the purpose of scientific studies (“primary use”) Initial data collection 2. Research on personal (health) data which consists of the further processing of data initially collected for another purpose (“secondary use”) Reusing Data
  • 8. Data Reuse and GDPR The GDPR allows for the secondary use of data (further processing) if it is for “research purposes” only if: Appropriate technical and organizational measures are in place to ensure the privacy of the data subjects is been adequately and protected Recital 50 and Article (89)
  • 9. Encryption Anonymization Pseudonymization Technical and Organizational measures Minimization Aggregation/Abstraction
  • 10. Further processing for research purposes is considered to be a compatible purpose as long as appropriate safeguards are in place (Recital 50 GDPR) Purpose limitation (Art. 6) Personal Data collected for Epidemiological Research Reused for Epidemiological Research GDPR
  • 11. Purpose limitation (Art. 6) Personal Data collected for Epidemological Research Reused for Cancer Immunology Research GDPR Further processing for research purposes is considered to be a compatible purpose as long as appropriate safeguards are in place (Recital 50 GDPR)
  • 12. Purpose limitation (Art. 6) Personal Data collected for Hormone Research Reused for Gender Studies GDPR Further processing for research purposes is considered to be a compatible purpose as long as appropriate safeguards are in place (Recital 50 GDPR)
  • 13. Just because it is Legal does not mean it is Ethical Ethical vs Legal
  • 14. Right to Information still applies when reusing data! Even if re-consent is not required to further process the data, the data subjects still have a right to be informed about the new processes! This may be achieved via individual contact if possible or public announcements (websites, newsletters) In some cases the right to inform may be waived if it involves a “disproportionate effort” to comply… It falls upon the controller to prove this and show that a legitimate effort has been made to explore why it is “disproportionate” i.e.: A dataset that has • No contact information • Data has been heavily pseudonymized • Poses low risk to the individuals • No central forum/platform where information can be made available
  • 15. Sharing Personal Data How should I formulate an informed consent form to facilitate data sharing?
  • 16. “DO’S” of Sharing Data and Informed Consent  Provide information on the intent to share the data and the conditions for sharing Make it clear to the participant [ in the information section] that one of the goals is to share the data collected with the research community. i.e. Other researchers may request access to data in the future. Access will only be granted if they agree to preserve the confidentiality of the information as requested in this form. Their access will also require approval from the original research team.
  • 17. “DO’S” of Sharing Data and Informed Consent  Be transparent about which information you will make available Be granular about which data will be deposited I give permission to deposit my impulsivity test scores, weight, age and gender data in a repository
  • 18. “DO’S” of Sharing Data and Informed Consent  State the methods you will apply to reduce the risks of identification Be specific about the methods employed to improve security and privacy i.e. I give permission to deposit my pseudonymized impulsivity test scores, weight, age and gender data in a… i.e. The principal investigator will keep a link that identifies you to your coded information, but this link will be kept secure and available only to the principal investigator or selected members of the research team. Any information that can directly identify you will remain confidential. Your age and weight will be grouped into ranges (i.e. 20-30yo, 60-70kg) to reduce the risk of re-identification.
  • 20. “DON’TS” of Sharing Data and Informed Consent  Avoid terms such as fully anonymous Very difficult to achieve To be truly anonymous, it should not be possible to re-identify an individual by any means. Including using external databases, even if such databases are unknown to the researcher.
  • 21. “DON’TS” of Sharing Data and Informed Consent  Avoid promises to destroy all the data Unless absolutely certain it will be done Have good reasons for destroying data such as • The information has been transcribed (audio files) • No longer needed for verification and re-use no longer expected Be specific about which data you plan to destroy
  • 22. “DON’TS” of Sharing Data and Informed Consent  Avoid promises that all the data will only be accessed by the research team Instead describe explicitly which parts of the data will indeed only be accessed by the research teams and which will be available to others (after proper measures are taken to increase privacy).
  • 23. How to Share personal data Share the metadata and place the data under restricted access • When requested for the data only share it if requesters fill out a Data transfer agreement and meet the legal requirements
  • 24. Key points • The GDPR asks researchers to be transparent towards their participants as to how their data will be handled and for what purpose. • Personal data collected for research purposes holds a privileged spot within the legislation which softens restrictions so long as proper safeguard and measures are adopted.
  • 25. Q1: What is the best way to deal with international research consortia? Can you govern the rules of personal data exchange in the consortium agreement and/or do you always need to setup standard contractual clauses in case the consortium contains partners outside the EEA? Q2: Does GDPR applies for European Union only or it covers other countries? Q3: When are patient data sufficiently de-identified to be able to share datasets publicly online? What should be in place? What to take into account? Q4: What do you think of the privacy conditions of online meeting applications such as Zoom?
  • 26. Q5: How to manage published, but controlled access datasets for the long-term? Should participants be receiving updates about how the data are being used ? And who will be determining whether a third party gets access (since most PhDs don't stay on at the same institution)? Q6: Ideally when sharing data that falls under the GDPR purview, we want to have third parties sign a data sharing agreement: can we set up standard models for such an agreement? Q7: For data that doesn't meet the standards of what is anonymous, but would be quite difficult to re-identify, is there an option to control access solely by requiring the re-user to digitally sign a list of Terms and Conditions for re-use, e.g. as part of a license on the data? Then there isn't someone at the institution determining access, but access is somewhat controlled by a legal document. If so, can we come up with some models for these Terms and Conditions?

Notas do Editor

  1. And vice versa