Recht und Forschungsdaten - Ein Überblick
Diese Seite bietet eine Kurzeinführung in unterschiedlichste rechtliche Dimensionen des…
Research projects especially when publishing their results have to consider a number of legal regulations. Certain reserach methods are subject to strict data privacy/protection laws. Projects involving sensitive data especially involving human subjects in medical and psychological research may also be required to pass an evaluation by an ethics committee. [1]
Research that includes obtaining personal data is expected to conform to high ethical standards during the project as well as when sharing the data, such as recommended by professional bodies, institutions and funders (e.g. the German Medical Association, the German Psychologist and Sociologist Associations, DFG or international funders).
sensitive, personal and otherwise confidential data can be shared and made available in ethically and legally correct ways if the following aspects are considered from the start of the project (see UK Data Archive):
Conforming to data privacy laws and protecting the personality rights of study participants is a central requirement for the archiving and re-use of personal reserach data. In order to conform to data privacy laws, sensitive research data have to be anonymized. Anonymization is the removal of personal and personalised information from research data. [2] The Federal Data Protection Act (Bundesdatenschutzgesetz) contains specific regulations on the use of personal data for research purposes. It stipulates that personal data which are gathered or stored for scientific purposes can only be used within the framework of those regulations (image 1). In general the principles of necessity, data avoidance and data economy ("gather, process and use as little personal data as possible") should be considered. Generally, personal data have to be anonymized at the earliest possible point in the research project. Up to that point data that can be used to identify a person have to be stored separately from other data and may only be used in conjunction as far as necessary for research purposes. [3] These regulations can be found in the Federal Protection Act § 3 paragraph 6 and paragraph 1. Special protection is given to sensitive personal data. That includes characteristics like ethnicity, political opinion, religious and philosophical denomination, union membership, health and sexuality. Sensitive personal data may only be used under special circumstances. (BDSG § 3 paragraph 9).
There is a difference between anonymising qualitative and quantitative data. More information on anonymising these two kinds of data can be found on the website of the UK Data Archive .
Data can be anonymised by: |
---|
Removal of directly identifying characteristics like name and address |
Aggregation of information or reduction of variable precision, for example substituting birth dates by group age |
Generalising of personal data |
Using pseudonyms |
Hiding variable outliers for example by top-coding salaries |
Characteristics that might reveal the identity of a person: |
---|
direct identifiers: name, address, postal code, telephone number |
indirect identifiers which could reveal an identity if combined with other sources of information such as information about profession, employment or outliers in age and salary |
Special consideration should be given to: |
---|
relational data which could expose relationships between variables of associated data sets |
georeferential data where identifying spatial references also have a geographical value |
Scientists are required by the ethics codex of their discipline (DGP and BGP, DGS and BGS, DVPW, BÄK) as well as by law to obtain consent. This applies to study participants as well as for information gathere das part of a study. Where possible consent should include all future uses such as data sharing, preservation and long-term sue of research data. The German Data Forum (Rat für Sozial-und Wirtschaftsdaten) provides recommendations and consent form templates (in German). More information and downloads can be found on the DIPF website.
Recommendations |
---|
Inform participants on how research data will be stored, preserved and used in the long term |
Inform participants how confidentiality is protected, for example by anonymisation |
Obtain written consent for data transfer |
By using data centres or archives it is possible to limit the access to confidential and sensitive data as well as providing access to data for research and education purposes. Data stored in data centres and archives are usually not openly accessible and their use is generally limited to certain purposes. USers of data centres sign an end user license agreement which stipulates certain usage conditions such as not using the data commercially and not attempting to identify potentially identifiable individuals. Which kind of access will be permitted is agreed upon together with the author.
Data centres can impose additional access limitations for confidential data such as:
[Translate to Englisch:]