Data protection and privacy are a part of the ethics of modern research. There is a number of issues that must be initially dealt with and resolved when planning one’s own project activities.
Properly establishing the ethical and legal issues (e.g., general personal data protection, strict respect to sensitive data, minimizing the burden placed on persons participating in research) allows you to handle data easily and effectively in the future – complying with the ethical and legal terms is a basic assumption for the work of a modern researcher. What questions should be asked and answered or what joint consensus should be reached when planning a project?
Is the informed consent of respondents needed? In what scope and form will the consent be needed? Did you obtain the consent of data subjects for storing and sharing data (have you thought about the future reuse of the data)?
Are there any barriers to making the data available to other researchers?
If necessary, how will you protect the identity of participants? (protection against revealing the identity of respondents, e.g., by anonymization – one needs to understand what anonymization is and know how to use it)
How will sensitive data be used to ensure that the data are stored safely over the long term? Can sensitive data be shared? If yes, under what conditions?
Who will be responsible for storing the data, where will the data be stored and what will be the procedure? Who will have access to the data during the project and how will this be secured?
How long will the data be stored after the end of the project?
To whom do you report any loss or misuse of the data acquired during the specific research? Are you able to demonstrate that I have taken the maximum measures for the protection and integrity of the data?
Have you sufficiently considered the possible risks arising from various areas of work with the data: technical factors, human factors?
Proper “management” of this complex area includes the following:
Assessing the potentially problematic areas (carrying out an ethics self-assessment), and based on the results, planning the research and the handling of data and subsequent implementation according to the plan.
A proposal for appropriate, effective, and targeted measures (general/specific to the format of the data – e.g., work with AV recordings): e.g., (pseudo) anonymization of data.
Taking into account the key characteristics of the specific areas (e.g., research involving people, research with over-researched and especially vulnerable groups such as small children, the elderly, pregnant women, socially marginalized groups, etc.).
Complying with national (European and international) legislative requirements dealing with research ethics. Being aware of the various legal power for the different levels of regulations – don’t be afraid to consult experts.
Referral and deliberation by the relevant ethics committees (= independent expert assessment).
At Charles University, there is a central working group for research data management and data management plans whose objective is to provide support to researchers when working with data, which also includes legal and ethical aspects of data management. These aspects affect, among other things, how the data will be stored and who will have access to the data during and after the research project.
An individual approach and assessment according to the type of data the researcher works with is needed for each project. There is a list of contacts that you can consult for various issues is available on the web pages of the Centre. All questions are legitimate!
Another objective of the working group for research data management (RDM) and data management planning (DMP) is to provide support to the respective faculty ethics committees:
Mediating contacts (e-mail addresses for contact persons/aliases) for faculty committees and their web pages.
Mediating exchanges relating to experience/best practices throughout the university (between the faculty ethics committees, between the specific research teams) – discussion forums with the option of requesting consultation via MS Teams.
Harmonizing processes and settings where desired and effective.
Obtaining feedback from the research teams and faculty committees for the prepared activities and documents.
Addressing the most frequent problematic areas (according to information from researchers/you);
Preparing a template form for informed consent, etc.
GDPR at Charles University: https://cunicz.sharepoint.com/sites/gdpr/SitePages/Domu.aspx
Charles University Data Service – Data management costing tool and checklist: https://ukdataservice.ac.uk/media/622368/costingtool.pdf
ISSUES IN MANAGING VIDEO DATA, LIBBY BISHOP UK DATA ARCHIVE, 2013: https://www.dcc.ac.uk/sites/default/files/documents/events/workshops/video-data-OU/Bishop_DMVideo_OU_19July2013v2.pdf
H2020 Online Manual– Cross-cutting issues– Ethics https://ec.europa.eu/research/participants/docs/h2020-funding-guide/cross-cutting-issues/ethics_en.htm
Horizon 2020 Programme Guidance How to complete your ethics self-assessment: https://ec.europa.eu/research/participants/data/ref/h2020/grants_manual/hi/ethics/h2020_hi_ethics-self-assess_en.pdf