Data Management Academy, part 3: Ethical and legal compliance

All data are subject to ethical and legal issues, and it is important to identify them in data management planning. The principles of research ethics and good scientific practice serve as a general framework for all research, but the data management plan must identify and describe the principles that are central to the data and their processing. More detailed research ethical issues should be described primarily in the research plan.

What legal issues are related to your data management?

Legislation can influence on how data can be collected, processed or shared for reuse. In particular, in projects where data is collected from research participants, the key legislation is the EU’s General Data Protection Regulation. In the data management plan, describe whether your data includes personal data and identify the types of personal data to be collected. If you reuse social and health data, the key legislation is the Act on the Secondary Use of Health and Social Data. Whatever the type of your personal data, show in the DMP that you recognise the requirements set to the processing of personal data and the lifecycle of the processing of personal data at different stages of your research. If the data will be archived for reuse, for example, the data subjects must be informed about the archiving and they must give their consent. Without consent, the data may not be archived for reuse at the end of the project. If you have an ethical review by the Ethical Committee, describe how you will protect the privacy of the research subjects by minimising the data (anonymisation, pseudonymisation, data removal) in the data management plan.

You also need to consider whether there are intellectual property rights such as copyright, patents or other exclusive rights connected to your data. For example, if you create a database in your research, you can use database right to protect it. In addition, describe in the data management plan whether you process any confidential information such as commercial data, company data, trade secrets, military data or sensitive species data. It may not be possible to open confidential data for reuse and confidentiality is also a legitimate reason not to share the data. The key is to demonstrate in the DMP that you have identified the different types of data and the conditions for processing them.

How will you manage the rights of the data you use, produce, and share?

In this section, describe how you will agree on data.  Especially in a research group it is necessary to agree on common practices related to the use of the data. You can consider the following:

  • Who is allowed to use the data?
  • How do you ensure that the data are not transferred elsewhere in the middle of the project?
  • What kind of restrictions are associated with the use of data?
  • Who will hand over the data for reuse and set the terms of use?
  • Who will be named as the author of the data?

When the data has been obtained from outside the project or a third party, the use of the data and possible terms of use must always be agreed upon.

It is preferred to set the terms of use by licensing the data. The research funder may have recommendations for a suitable license, so check the funder’s instructions first. The most effective way to ensure further use is through Creative Commons CC0, which gives others the right to freely use the data. This license is especially recommended for published metadata. A typical license for research data is CC 4.0, which requires that the original author of the data is credited. It is recommended that software and code are also licensed. MIT license or other commonly used software license are usually a good choices.

Instructions on how to write a data management plan can be found at DMPTuuli and you can ask more detailed advice at Instructions for data management can also be found in our guide.