Are you allowed to share research data that contain personal information, and if so – in what way? What rules and laws apply, and who determines this on a case-by-case basis? These were some of the questions that created an engaging discussion among participants in SND’s webinar ”Personuppgifter i forskningsdata – hur hanterar man dem i praktiken?” (Personal data in research data – how do we actually handle them?) on 28 January.
—The webinar consisted of a presentation and exploration of what personal data really means, and which rules that have to be taken into account when we manage these types of information. The focus was on the challenges when you want to share research data that contain personal data. We talked about which legislation to use as a starting point, and which considerations that need to be made when you release research data, especially in relation to the Public Access to Information and Secrecy Act, and the General Data Protection Regulation, says SND Legal Officer Erica Schweder, who held the webinar.
To manage research data that contain personal data, and to make them accessible, is a tricky terrain, as far as legislation goes. Each case must be assessed independently, and Erica Schweder emphasises that you have to ask the right questions.
—We should remember that it’s not that easy to de-identify personal data in research. You cannot pseudonymise the information and think that the GDPR no longer applies. You also always have to weigh in the risk of re-identification. And there isn’t much in terms of case-law in this field. I’d say that it’s important to think about the fundamental questions. Before you start planning to share data, you need to know who the personal data controller for the research data is. If you start at the wrong end of this, it’s easy to end up in the wrong legal framework.
It was evident in the webinar that this is an important issue to address and discuss. Around 120 people from the SND network participated, and many of them contributed with insightful questions and new points of view.
—We could see that many of the participants were familiar with and interested in the topic, and there were some really good questions that came up. For example, we discussed how the principle of public access to official records addresses sharing of research data. This is a principle that we always have to bear in mind when we release research data, and it is unique for Sweden. We have to find a balance between our right to access official records, and the General Data Protection Regulation, which protects our personal data.
A new IT solution enables sharing of research data that contain personal data in the SND catalogue
How to share research data that contain personal data is an urgent matter in the SND networks. SND and Sunet have recently launched a solution which enables higher education institutions (and other research organisations) to connect their local storage areas to the SND system DORIS. With this solution, you can share research data through SND without the data ever leaving the HEI. This, in turn, means that it will now be possible to share data that contain personal information through the SND research data catalogue. SND Director Max Petzold remarks that this is an important milestone for SND.
—One of the main reasons for creating the model with SND’s distributed operations was to provide the conditions for making these types of data accessible. But being able to do so also requires us to have very good knowledge about the legal prerequisites for managing and sharing data that contain personal data. None of this is new, but as there are more possibilities, there is also more complexity, he says.
As a way to facilitate the work with reviewing and releasing data containing personal data, SND is creating more support resources for members of the SND Network.
—We’re adapting the SND system DORIS to meet the requirements both when you describe data, and when you’re handling requests for data that contain personal data. I can also recommend the updated episode on legal issues around research data in our virtual training BAS Online, that you can find on our web site, says SND Deputy Director and Collaboration Manager, Elisabeth Strandhagen.