Please select a page template in page properties.

Privacy protection

The best way to protect your participant's privacy may be not to collect certain identifiable information at all. The second best is anonymisation which allows data to be shared whilst protecting participant’s personal information. Anonymisation should be considered in the context of the whole project and how it can be utilised alongside, informed consent and access controls. For example, if a participant consents to their data being shared then the use of anonymisation may not be required | CESSDA, 2017c

This section is dedicated to the protection of the privacy of persons who are the subject of scientific research. We will focus on (medical) ethical review and will zoom in on the General Data Protection Regulation (GDPR), which has been in force since May 2018. In particular, we look at anonymisation, pseudonymisation and consent as tools for the FAIR publication of privacy-sensitive research data.

Ethics and the law

In research involving human participants, researchers have a (moral) obligation to consider whether the interests of the participants - such as the right to privacy - are not compromised. 

Research in the Netherlands that involves people for which the 'Wet medisch-wetenschappelijk onderzoek' applies (WMO, Overheid.nl, 1998), must be tested in advance by the 'Centrale Commissie Mensgebonden Onderzoek' (CCMO, n.d.a) or one of the other 19 recognised Medical Ethics Review Committees (CCMO, n.d.b.). Medical research is also covered by the General Data Protection Regulation (GDPR, European Union, 2016). Conversely, much of the research involving the collection of personal data is not covered by the WMO. Ethical review committees have been set up at many institutions to assess the ethical aspects of research projects of this kind, such as research into socio-cultural changes in society or research into people's behaviour. In all cases, it is useful to apply the 'test of ethics' to a research design. Think, for example, of the impact of new technological developments on everyday life. Where the law is about 'what is allowed', ethics is about 'what is good to do'.

One of the ways to look at data collection and processing with an ethical eye is with the Data Ethics Decision Aid (Utrecht Data School, 2017). DEDA is a tool for researchers to think about ethical dilemmas at an early stage. The tool offers this opportunity by asking a number of open questions that help to think about ethical issues in a constructive way. The DEDA tool does not provide a complete overview of relevant laws, nor does it provide advice. It is a tool for self-evaluation.  

The GDPR in a nutshell

The GDPR stipulates that every researcher within the European Economic Area who collects and processes personal data of a citizen of a country, anywhere in the world, must protect the privacy of the research participants. The GDPR places the emphasis on transparency and clear and comprehensible information. In the slideshow below, a number of interesting facts about the GDPR is presented.

FAIR data and privacy: measures

What is needed to be able to publish FAIR research data with personal data in a data archive and at the same time protect the rights of the research participants? At different stages of the research, the following measures can be taken:

  • Planning phase
    • Privacy by design in the research design 
      The principle of 'Privacy by design' is already applied in the research design. Think of data minimisation (only collecting data that are strictly necessary for the purpose of the research). 
    • Asking participants for permission
      A researcher can not only ask permission for participation, but also for the publication and sharing of the data.

What is consent?

Consent is the process by which a researcher discloses appropriate information about the research, so that a participant can choose whether or not to participate. It is an important instrument to comply with legal obligations and to pass the ethical test. Consent must be 'informed' and also 'freely given' (voluntarily), as stipulated in Article 4(11) of the GDPR.

On the one hand, the researcher takes into account his/her obligations to protect the anonymity and confidentiality of his/her participants by requesting permission; on the other hand, it is a legal means to ask participants in advance whether the data may be published and reused by others.

Do examples of templates for obtaining consent exist?

For sure! For example, take a look at:

What is the difference between consent and informed consent?

In the GDPR, only the term 'Consent' exists; the term 'Informed Consent' does not occur. This term originates from the Clinical Trials Regulation (European Commission, 2019).

Article 4, paragraph 11 of the GDPR says the following about consent:

 

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. 

 

Consent contains several aspects:

  • Freely given;
  • Specific;
  • Informed;
  • Unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

One of these four aspects is 'informed'. In this sense, one can speak of 'informed consent' as a condition for the purpose: legally valid consent. But the goal is not 'informed consent' in itself, as is the case with the Clinical Trial Regulations. 

What are good sources for obtaining consent for data publication?


In present days, not only participation in the research project has to be consented, but also the archiving and sharing of the data. This will result in reproducible research and data with long term value. If appropriate, consent forms should address the possibility of sharing data, future data publication (including storage in a repository) or long-term retention of data for reproducibility | Utrecht University, n.d.


  • Research phase
    During research, data is kept safe with a range of technical (such as encryption) and organisational measures (such as agreements about who has access to the data and when). See 'Tips for keeping data safe', at the very bottom of the section 'Storing data'.
  • Harvest phase
    When publishing the data, data can be anonymised or pseudonymised. If it is not possible to completely anonymise the data, the data can still be published in a data archive by controlling access and publishing the data in 'restricted access' with a machine-readable data license. FAIR and open are not the same. In this article (Mons, et al., 2017) the authors explain this. 

What is anonimisation and pseudonimisation?

Pseudonymisation and anonymisation are two different terms that fall under different categories in the General Data Protection Regulation (GDPR, European Union, 2016). While anonymisation aims at irreversibly preventing any way of identifying the data subject, pseudonymisation makes it theoretically possible to re-identify the data subject with additional information. The data are encrypted upon pseudonymisation, but in principle they can still be traced back to the original identity of the research participant. So, pseudonymisation does not mean anonymisation, but is a method for reducing privacy risks.

The LCRDM offers some guidance on pseudonymisation and anonymisation.

Can data ever really be anonymous?

That depends on your definition of anonymity. 

The GDPR says that appropriate technical measures must be taken to protect the data and thus the rights of European citizens (European Union, 2016). In addition, these measures should also be applied in accordance with the 'current state of the art'. But what exactly is appropriate? And if data is secured according to the state of the art of today, is that sufficient for tomorrow's data? Couldn't today's anonymous data turn out to be 'not anonymous anymore' tomorrow? These are all questions to which the answers are not yet concrete. In order to be able to work with anonymisation as a tool, institutions work with the concept that they have demonstrably done their best to anonymise data. In this way, anonymisation becomes a legal concept. 

Risk-based anonymisation is a useful tool in the search for a balance between protecting the individual and optimising the data potential. Within the LCRDM, a small group is working on the concept of risk-based protection in a number of research scenarios: common situations for which you could prescribe standard measures. 

What is the best way to make data anonymous?

A number of entrances with tips and tools:  

  • OpenAire offers the Amnesia tool (OpenAIRE, n.d.) which promises to remove identifying information from data and - according to the current state of technology - to make it truly anonymous. A case study about the use of Amnesia is available on the site of the EOSC Hub (n.d.). 
  • The CESSDA Data Management Expert Guide offers a chapter with extensive tips for the anonymisation of research data from quantitative and qualitative social scientific research (CESSDA, 2017c).   
  • For inspiration, take a look at the infographic 'A visual guide to practical de-identification' of the Future of Privacy Forum (2017). 

Anonymization is a critical piece of the data-sharing puzzle - by it very nature, it enables the responsible sharing of data for secondary purposes. When we use the term anonymization we mean anonymization that is legally defensable | Privacy Analytics, 2018


In the spotlight


Frequently asked questions about the GDPR: An interview with Marlon Domingus

RDNL asked Marlon Domingus, Data Protection Officer at Erasmus University Rotterdam (EUR), to explain the GDPR in general and the role of the data supporter in answering privacy related questions in particular. You can find the interview in the form of a Q&A in the next paragraph

Case study data support in practice: Privacy champions at the Vrije Universiteit Amsterdam

Since the introduction of the GDPR in May 2018, institutions have been busy arranging the necessary support. How do employees know what to do? What does the GDPR mean in practice? At the Vrije Universiteit Amsterdam they are experimenting with the concept of privacy champions. RDNL interviewed the brains behind the idea.

Datatags: Tool that divides privacy-sensitive research data into four categories

DANS has developed a tool called 'Datatags' (DANS, n.d.a.) that encodes the GDPR into a series of questions. After answering the questions, you will receive a recommendation on the required level of data protection. This is visually represented as one of the following four 'Datatags':

  • Non-personal data (blue tag)
    The dataset does not contain any information that refers to an identified or identifiable living person.
  • Anonymised personal data (green tag)
    The dataset does contain personal information, but the researcher has made sure that this data has been made anonymous. Principles of anonymisation have been followed accordingly. Necessary information security measures should be taken to ensure data protection and access authorisation.
  • Personal data (orange tag)
    The dataset contains personal data or pseudonymised personal data. This data is collected in a legal way on the basis of consent. In the case of data subjects under the age of 16, this consent is obtained in accordance with Articles 5, 6, 7 and 8 of the GDPR.
  • Special categories of personal data (sensitive personal data) (red tag)
    The dataset is expected to contain special categories of personal data. For example, health data, religious background data or information about trade union membership. This personal information is collected in a lawful manner on the basis of obtained consent. Since the GDPR contains several articles for these special categories of personal data, strict security measures must be taken to ensure the highest level of protection for these data.

The current version of the tool is still under development. 

Find out more

Check out the following sources from the creators:

Privacy designer: A tool to make privacy by design easier

Privacy designer is a self-assessment tool that allows you to identify the biggest privacy risks and then work on choosing the most appropriate privacy by design strategies (SURF, n.d.a.): 

  • Collect less;
  • Split;
  • Make it abstract;
  • Hide;
  • Save less;
  • Inform;
  • Apply data subjects' rights;
  • Enforce;
  • Show.

Each strategy is explained on the basis of practical examples. 

Information material for the translation of the GDPR into practice

The Association of Universities in the Netherlands (VSNU) is in the process of writing a revised 'Code of conduct for using personal data in research' which should contribute to the correct application of the GDPR (VSNU, 2019).

Other sources that can help to make the translation from law to practice are:

Online courses

Cases about privacy protection and data publication

  • While storing the interviews held for the 'Getuigenverhalen' (DANS, n.d.d.) project, DANS had to deal with privacy-sensitive information. The 'Report on the authenticity and legal aspects of the core collection of 'Getuigenverhalen' explains how DANS dealt with this (Tjalsma, 2009).
  • You may also have to deal with personal data outside interview projects. For example, the personal data from real life event logs (van Dongen, 2011) from Eindhoven first had to be cleaned before they could be included in open access in 4TU.Centre for Research Data.
  • The article 'Realities of data sharing using the genome wars as case study - an historical perspective and commentary' provides an historical overview of the dilemmas and forces that played a role in the human genome project: how did privacy and open access relate to each other? (Jasney, 2013).
  • A case about the use of Amnesia is available on the site of EOSC-Hub (n.d.). 

Sources

Click to open/close

CCMO (n.d.a.). Centrale Commissie Mensgebonden Onderzoek. https://www.ccmo.nl/

CCMO (n.d.a.).Centrale Commissie Mensgebonden Onderzoek. Erkende METC's. https://www.ccmo.nl/metcs/erkende-metcs

CESSDA (2017a). Data Management Expert Guide. Informed consent. https://www.cessda.eu/Training/Training-Resources/Library/Data-Management-Expert-Guide/5.-Protect/Informed-consent

CESSDA (2017b). Data Management Expert Guide. Processing personal data. https://www.cessda.eu/Training/Training-Resources/Library/Data-Management-Expert-Guide/5.-Protect/Processing-personal-data

CESSDA (2017c). Data Management Expert Guide. Anonymisation. https://www.cessda.eu/Training/Training-Resources/Library/Data-Management-Expert-Guide/5.-Protect/Anonymisation

CESSDA (2017d). Data Management Expert Guide. Informed Consent. https://www.cessda.eu/Training/Training-Resources/Library/Data-Management-Expert-Guide/5.-Protect/Informed-consent

DANS (n.d.a.). DANS Datatags Prototype 2. https://zingtree.com/host.php?tree_id=791812481

DANS (n.d.b.) https://drive.google.com/file/d/10jisJ-5g7lcNX855k8m5mEjv43widcP7/view

DANS (n.d.c.). https://docs.google.com/document/d/1bmFwTeweYPkp60lYZhi7FnDStmZ1s70I8uSZIBBC4_w/edit

DANS (n.d.d.). Getuigenverhalen. http://getuigenverhalen.nl/

Delft University of Technology (2018). Template informed consent form. https://www.tudelft.nl/over-tu-delft/strategie/strategiedocumenten-tu-delft/integriteitsbeleid/human-research-ethics/template-informed-consent-form/

European Commission (2018). Ethics and data protection. https://ec.europa.eu/research/participants/data/ref/h2020/grants_manual/hi/ethics/h2020_hi_ethics-data-protection_en.pdf

European Commission (2019). Clinical Trials Regulation. https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-10/regulation5362014_qa_en.pdf 

European Union (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance). http://data.europa.eu/eli/reg/2016/679/2016-05-04

Future of Privacy Forum (2017). A visual guide to practical de-identifcation. https://fpf.org/wp-content/uploads/2017/06/FPF_Visual-Guide-to-Practical-Data-DeID.pdf

LCRDM (n.d.a). Informed Consent overeenkomst. https://www.edugroepen.nl/sites/RDM_platform/Juridisch/Informed%20Consent%20overeenkomst.aspx 

LCRMD (n.d.b.) Handreikingen privacy. https://www.lcrdm.nl/handreikingen-privacy

Mons et al. (2017). Cloudy, increasingly FAIR; revisiting the FAIR Data guiding principles for the European Open Science Cloud. Information Services & Use, vol. 37, no. 1, pp. 49-56. https://doi.org/10.3233/ISU-170824​​​​​​  

OpenAIRE (n.d.). Amnesia. https://amnesia.openaire.eu/

Privacy Analytics (2018). The five safes of risk-based anonymisation. http://privacy-analytics.com/files/5-SAFES-WHITE-PAPER_FINAL_ELECTRONIC.pdf

SURF e.a. (n.d.) Privacy designer. https://www.privacydesigner.nl

SURF, Erasmus University (2019). Privacy in research [Online course]. https://maken.wikiwijs.nl/125518/Privacy_in__Research

University of Twente (n.d.). Personal Data. Research Protocol [Poster]. https://www.utwente.nl/en/cyber-safety/privacy/poster-personal-data-v08-1.pdf

Utrecht Data School (2017). DEDA for Research.https://survey2.hum.uu.nl/index.php/778777?newtest=Y&lang=en 

Utrecht University (n.d.). RDM Support. Informed consent for data sharing [Guide]. https://www.uu.nl/en/research/research-data-management/guides/informed-consent-for-data-sharing

University of Groningen (2019). Protecting Health Data in the Modern Age: Getting to Grips with the GDPR [Online course]. https://www.futurelearn.com/courses/protecting-health-data