Site icon 4TU.ResearchData

Development of a Data Access Committee

On 8th March, data stew­ard from the fac­ul­ty of Elec­tri­cal Engi­neer­ing, Math­e­mat­ics and Com­put­er Sci­ence (EEMCS), San­tosh Ilam­paruthi, attend­ed the Dutch Tech­cen­tre for Life Sci­ences Data Stew­ards Inter­est group (DTL-DSIG) meet­ing to present about the devel­op­ment of a Data Access Com­mit­tee with­in his fac­ul­ty at TU Delft.

What is the DAC?

The Data Access Com­mit­tee (DAC) was devel­oped for the fac­ul­ty of Elec­tri­cal Engi­neer­ing Math­e­mat­ics and Com­put­er Sci­ence (EEMCS) as a pilot ini­tia­tive to eval­u­ate the need for con­trolled access to per­son­al data with­in tech­ni­cal uni­ver­si­ties with­in the Nether­lands. 

In gen­er­al terms, a DAC is a body of indi­vid­u­als respon­si­ble for the release of data to exter­nal requestors based on con­sent and eth­i­cal con­di­tions. In the fac­ul­ty of EEMCS, the DAC is researcher-cen­tric com­pris­ing at least three mem­bers includ­ing the data own­er and a researcher of an exter­nal group. The work­flow is designed in such a way that the mem­bers of the DAC only need to adju­di­cate on a request while all admin­is­tra­tive tasks are tak­en care of by the data stew­ard.

The DAC con­trols access to data that is pub­lished under ‘restrict­ed access’ (also known as ‘per­ma­nent embar­go’) in the 4TU.ResearchData repos­i­to­ry. Essen­tial­ly, the DAC are ‘gate­keep­ers’ who pro­vide access to data that can­not be open­ly shared. Access is only grant­ed when the request sat­is­fies the legal and eth­i­cal require­ments decid­ed by the data own­ers. 

How does the DAC work?

Dur­ing the process of upload­ing a dataset in 4TU.ResearchData, there is an option to ‘Apply embar­go’ and write the rea­son why the files are under embar­go. 

In this textbox, researchers can dis­close their rea­son for pub­lish­ing their per­son­al data under restrict­ed access along with a data access request form and DAC email address to request access.  

As the data stew­ard, I receive the data access request form and for­ward it to the DAC who, in turn, con­firm that the legal, eth­i­cal and the End User License Agree­ments (EULA) are sat­is­fied. 

In addi­tion, a data pro­tec­tion offi­cer ensures that the process is man­aged in com­pli­ance with applic­a­ble data pro­tec­tion reg­u­la­tions. 

Once approved, the DAC grants the requestors access to the data via a pri­vate down­load link. 

Why is a DAC necessary?

In my expe­ri­ence, researchers who col­lect per­son­al infor­ma­tion are often advised to anonymise their data before mak­ing it open­ly avail­able online to com­ply with Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR)

This was con­firmed by the DTL-DSIG mem­bers dur­ing my inter­ac­tive pre­sen­ta­tion. Accord­ing to the Men­time­ter poll results, more than 80% of par­tic­i­pants col­lect per­son­al data or advise researchers about the man­age­ment of per­son­al data. The vast major­i­ty (~77%) of DTL-DSIG mem­bers advise researchers to pub­lish their data under restrict­ed access con­di­tions and more than 60% advise researchers to anonymise their data before pub­lish­ing it online.

In many cas­es, how­ev­er, data anonymiza­tion is not fea­si­ble or desir­able. For exam­ple, in the case of large, qual­i­ta­tive datasets, it can be dif­fi­cult to define which aspects con­tain per­son­al­ly iden­ti­fy­ing infor­ma­tion (PII) and to anonymise them to a suf­fi­cient degree with­out the dataset los­ing its val­ue. There­fore, a DAC seems a sen­si­ble approach to take.

FAQs about the DAC

There was a pos­i­tive response from DTL-DSIG mem­bers about the DAC and some impor­tant ques­tions were raised for con­sid­er­a­tion! Here are some fre­quent­ly asked ques­tions about the DAC pilot…

Q:  Is train­ing pro­vid­ed for DAC mem­bers to cov­er the con­cerns about han­dling per­son­al data?
A: The DAC mem­bers are giv­en guide­lines and there is liai­son between mem­bers to co-cre­ate the End User License Agree­ment (EULA). 

Q:  Is there a stan­dard tem­plate that can be used to cre­ate a EULA? Is a new EULA cre­at­ed for each data sub­mis­sion
A: We have a stan­dard tem­plate that was cre­at­ed based on dis­cus­sions about shar­ing per­son­al research data. Cur­rent­ly, a new EULA has to be cre­at­ed for each dataset. 

Q: Who do you need to approach with­in a research insti­tu­tion to devel­op and estab­lish a DAC? 
A: I dis­cussed imple­ment­ing the pilot ini­tia­tive with my line man­ag­er. It was also impor­tant to con­sult researchers to gauge inter­est before mak­ing plans. 

Q: For data pub­lished under ‘non-com­mer­cial use’, is it nec­es­sary to have a DAC or would a CC-NC license do? 
A: The license used for pub­li­ca­tion should agree with that doc­u­ment­ed in the informed con­sent agree­ment. How­ev­er, since a EULA is signed by data requestors as part of the data access pro­ce­dure a more detailed descrip­tion on data use can be pro­vid­ed. 

Q: How much time does it take to han­dle a data access request?
A: This is unknown as we are still in the pilot phase. We are still in the process of engag­ing researchers with per­son­al data and encour­ag­ing the use of the DAC. 

More to fol­low about the EEMCS DAC in the future!

Author(s): San­tosh Ilam­paruthi (TU Delft) and Con­nie Clare (4TU.ResearchData)
Slides: San­tosh Ilam­paruthi.
Cov­er image by Gerd Alt­mann from Pix­abay

Exit mobile version
Skip to toolbar