On 8th March, data steward from the faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Santosh Ilamparuthi, attended the Dutch Techcentre for Life Sciences Data Stewards Interest group (DTL-DSIG) meeting to present about the development of a Data Access Committee within his faculty at TU Delft.
What is the DAC?
The Data Access Committee (DAC) was developed for the faculty of Electrical Engineering Mathematics and Computer Science (EEMCS) as a pilot initiative to evaluate the need for controlled access to personal data within technical universities within the Netherlands.
In general terms, a DAC is a body of individuals responsible for the release of data to external requestors based on consent and ethical conditions. In the faculty of EEMCS, the DAC is researcher-centric comprising at least three members including the data owner and a researcher of an external group. The workflow is designed in such a way that the members of the DAC only need to adjudicate on a request while all administrative tasks are taken care of by the data steward.
The DAC controls access to data that is published under ‘restricted access’ (also known as ‘permanent embargo’) in the 4TU.ResearchData repository. Essentially, the DAC are ‘gatekeepers’ who provide access to data that cannot be openly shared. Access is only granted when the request satisfies the legal and ethical requirements decided by the data owners.
How does the DAC work?
During the process of uploading a dataset in 4TU.ResearchData, there is an option to ‘Apply embargo’ and write the reason why the files are under embargo.
In this textbox, researchers can disclose their reason for publishing their personal data under restricted access along with a data access request form and DAC email address to request access.
As the data steward, I receive the data access request form and forward it to the DAC who, in turn, confirm that the legal, ethical and the End User License Agreements (EULA) are satisfied.
In addition, a data protection officer ensures that the process is managed in compliance with applicable data protection regulations.
Once approved, the DAC grants the requestors access to the data via a private download link.
Why is a DAC necessary?
In my experience, researchers who collect personal information are often advised to anonymise their data before making it openly available online to comply with General Data Protection Regulation (GDPR).
This was confirmed by the DTL-DSIG members during my interactive presentation. According to the Mentimeter poll results, more than 80% of participants collect personal data or advise researchers about the management of personal data. The vast majority (~77%) of DTL-DSIG members advise researchers to publish their data under restricted access conditions and more than 60% advise researchers to anonymise their data before publishing it online.
In many cases, however, data anonymization is not feasible or desirable. For example, in the case of large, qualitative datasets, it can be difficult to define which aspects contain personally identifying information (PII) and to anonymise them to a sufficient degree without the dataset losing its value. Therefore, a DAC seems a sensible approach to take.
FAQs about the DAC
There was a positive response from DTL-DSIG members about the DAC and some important questions were raised for consideration! Here are some frequently asked questions about the DAC pilot…
Q: Is training provided for DAC members to cover the concerns about handling personal data?
A: The DAC members are given guidelines and there is liaison between members to co-create the End User License Agreement (EULA).
Q: Is there a standard template that can be used to create a EULA? Is a new EULA created for each data submission
A: We have a standard template that was created based on discussions about sharing personal research data. Currently, a new EULA has to be created for each dataset.
Q: Who do you need to approach within a research institution to develop and establish a DAC?
A: I discussed implementing the pilot initiative with my line manager. It was also important to consult researchers to gauge interest before making plans.
Q: For data published under ‘non-commercial use’, is it necessary to have a DAC or would a CC-NC license do?
A: The license used for publication should agree with that documented in the informed consent agreement. However, since a EULA is signed by data requestors as part of the data access procedure a more detailed description on data use can be provided.
Q: How much time does it take to handle a data access request?
A: This is unknown as we are still in the pilot phase. We are still in the process of engaging researchers with personal data and encouraging the use of the DAC.
More to follow about the EEMCS DAC in the future!