The best way to protect your participant's privacy may be not to collect certain identifiable information at all. The second best is anonymisation which allows data to be shared whilst protecting participant’s personal information. Anonymisation should be considered in the context of the whole project and how it can be utilised alongside, informed consent and access controls. For example, if a participant consents to their data being shared then the use of anonymisation may not be required | CESSDA, 2017c
This section is dedicated to the protection of the privacy of persons who are the subject of scientific research. We will focus on (medical) ethical review and will zoom in on the General Data Protection Regulation (GDPR), which has been in force since May 2018. In particular, we look at anonymisation, pseudonymisation and consent as tools for the FAIR publication of privacy-sensitive research data.
Ethics and the law
In research involving human participants, researchers have a (moral) obligation to consider whether the interests of the participants - such as the right to privacy - are not compromised.
Research in the Netherlands that involves people for which the 'Wet medisch-wetenschappelijk onderzoek' applies (WMO, Overheid.nl, 1998), must be tested in advance by the 'Centrale Commissie Mensgebonden Onderzoek' (CCMO, n.d.a) or one of the other 19 recognised Medical Ethics Review Committees (CCMO, n.d.b.). Medical research is also covered by the General Data Protection Regulation (GDPR, European Union, 2016). Conversely, much of the research involving the collection of personal data is not covered by the WMO. Ethical review committees have been set up at many institutions to assess the ethical aspects of research projects of this kind, such as research into socio-cultural changes in society or research into people's behaviour. In all cases, it is useful to apply the 'test of ethics' to a research design. Think, for example, of the impact of new technological developments on everyday life. Where the law is about 'what is allowed', ethics is about 'what is good to do'.
One of the ways to look at data collection and processing with an ethical eye is with the Data Ethics Decision Aid (Utrecht Data School, 2017). DEDA is a tool for researchers to think about ethical dilemmas at an early stage. The tool offers this opportunity by asking a number of open questions that help to think about ethical issues in a constructive way. The DEDA tool does not provide a complete overview of relevant laws, nor does it provide advice. It is a tool for self-evaluation.
The GDPR in a nutshell
The GDPR stipulates that every researcher within the European Economic Area who collects and processes personal data of a citizen of a country, anywhere in the world, must protect the privacy of the research participants. The GDPR places the emphasis on transparency and clear and comprehensible information. In the slideshow below, a number of interesting facts about the GDPR is presented.
FAIR data and privacy: measures
What is needed to be able to publish FAIR research data with personal data in a data archive and at the same time protect the rights of the research participants? At different stages of the research, the following measures can be taken:
- Planning phase
- Privacy by design in the research design
The principle of 'Privacy by design' is already applied in the research design. Think of data minimisation (only collecting data that are strictly necessary for the purpose of the research). - Asking participants for permission
A researcher can not only ask permission for participation, but also for the publication and sharing of the data.
- Privacy by design in the research design
What is consent?
Consent is the process by which a researcher discloses appropriate information about the research, so that a participant can choose whether or not to participate. It is an important instrument to comply with legal obligations and to pass the ethical test. Consent must be 'informed' and also 'freely given' (voluntarily), as stipulated in Article 4(11) of the GDPR.
On the one hand, the researcher takes into account his/her obligations to protect the anonymity and confidentiality of his/her participants by requesting permission; on the other hand, it is a legal means to ask participants in advance whether the data may be published and reused by others.
Do examples of templates for obtaining consent exist?
For sure! For example, take a look at:
- A template for informed consent - in line with the GDPR - developed by Delft University of Technology (2022).
What is the difference between consent and informed consent?
In the GDPR, only the term 'Consent' exists; the term 'Informed Consent' does not occur. This term originates from seeveral key human rights legislations (De Sutter et al., 2022).
Article 4, paragraph 11 of the GDPR says the following about consent:
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Consent contains several aspects:
- Freely given;
- Specific;
- Informed;
- Unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
One of these four aspects is 'informed'. In this sense, one can speak of 'informed consent' as a condition for the purpose: legally valid consent. But the goal is not 'informed consent' in itself, as is the case with the Clinical Trial Regulations.
What are good sources for obtaining consent for data publication?
- Have a look at the Guide 'Informed consent for data sharing' by Utrecht University (n.d.).
- Have a look at the CESSDA Data Management Expert Guide (2017a) for tips.
In present days, not only participation in the research project has to be consented, but also the archiving and sharing of the data. This will result in reproducible research and data with long term value. If appropriate, consent forms should address the possibility of sharing data, future data publication (including storage in a repository) or long-term retention of data for reproducibility | Utrecht University, n.d.
- Research phase
During research, data is kept safe with a range of technical (such as encryption) and organisational measures (such as agreements about who has access to the data and when). See 'Tips for keeping data safe', at the very bottom of the section 'Storing data'. - Harvest phase
When publishing the data, data can be anonymised or pseudonymised. If it is not possible to completely anonymise the data, the data can still be published in a data archive by controlling access and publishing the data in 'restricted access' with a machine-readable data license. FAIR and open are not the same. In this article (Mons, et al., 2017) the authors explain this.
What is anonimisation and pseudonimisation?
Pseudonymisation and anonymisation are two different terms that fall under different categories in the General Data Protection Regulation (GDPR, European Union, 2016). While anonymisation aims at irreversibly preventing any way of identifying the data subject, pseudonymisation makes it theoretically possible to re-identify the data subject with additional information. The data are encrypted upon pseudonymisation, but in principle they can still be traced back to the original identity of the research participant. So, pseudonymisation does not mean anonymisation, but is a method for reducing privacy risks.
The LCRDM offers some guidance on pseudonymisation and anonymisation.
Can data ever really be anonymous?
That depends on your definition of anonymity.
The GDPR says that appropriate technical measures must be taken to protect the data and thus the rights of European citizens (European Union, 2016). In addition, these measures should also be applied in accordance with the 'current state of the art'. But what exactly is appropriate? And if data is secured according to the state of the art of today, is that sufficient for tomorrow's data? Couldn't today's anonymous data turn out to be 'not anonymous anymore' tomorrow? These are all questions to which the answers are not yet concrete. In order to be able to work with anonymisation as a tool, institutions work with the concept that they have demonstrably done their best to anonymise data. In this way, anonymisation becomes a legal concept.
Risk-based anonymisation is a useful tool in the search for a balance between protecting the individual and optimising the data potential. Within the LCRDM, a small group is working on the concept of risk-based protection in a number of research scenarios: common situations for which you could prescribe standard measures.
What is the best way to make data anonymous?
A number of entrances with tips and tools:
- OpenAire offers the Amnesia tool (OpenAIRE, n.d.) which promises to remove identifying information from data and - according to the current state of technology - to make it truly anonymous. A case study about the use of Amnesia is available on the site of the EOSC Hub (n.d.).
- The CESSDA Data Management Expert Guide offers a chapter with extensive tips for the anonymisation of research data from quantitative and qualitative social scientific research (CESSDA, 2017c).
- For inspiration, take a look at the infographic 'A visual guide to practical de-identification' of the Future of Privacy Forum (2017).
Anonymization is a critical piece of the data-sharing puzzle - by it very nature, it enables the responsible sharing of data for secondary purposes. When we use the term anonymization we mean anonymization that is legally defensable | Privacy Analytics, 2018
In the spotlight
Frequently asked questions about the GDPR: An interview with Marlon Domingus
RDNL asked Marlon Domingus, Data Protection Officer at Erasmus University Rotterdam (EUR), to explain the GDPR in general and the role of the data supporter in answering privacy related questions in particular. You can find the interview in the form of a Q&A in the next paragraph.
Case study data support in practice: Privacy champions at the Vrije Universiteit Amsterdam
Since the introduction of the GDPR in May 2018, institutions have been busy arranging the necessary support. How do employees know what to do? What does the GDPR mean in practice? At the Vrije Universiteit Amsterdam they are experimenting with the concept of privacy champions. RDNL interviewed the brains behind the idea.
Privacy designer: A tool to make privacy by design easier
Privacy designer is a self-assessment tool that allows you to identify the biggest privacy risks and then work on choosing the most appropriate privacy by design strategies (SURF, n.d.a.):
- Collect less;
- Split;
- Make it abstract;
- Hide;
- Save less;
- Inform;
- Apply data subjects' rights;
- Enforce;
- Show.
Each strategy is explained on the basis of practical examples.
Cases about privacy protection and data publication
- You may have to deal with personal data outside interview projects. For example, the personal data from real life event logs (van Dongen, 2011) from Eindhoven first had to be cleaned before they could be included in open access in 4TU.Centre for Research Data.
- The article 'Realities of data sharing using the genome wars as case study - an historical perspective and commentary' provides an historical overview of the dilemmas and forces that played a role in the human genome project: how did privacy and open access relate to each other? (Jasney, 2013).
- A case about the use of Amnesia is available on the site of EOSC-Hub (n.d.).
Sources
Click to open/close
CCMO (n.d.a.). Centrale Commissie Mensgebonden Onderzoek. https://www.ccmo.nl/
CCMO (n.d.a.).Centrale Commissie Mensgebonden Onderzoek. Erkende METC's. https://www.ccmo.nl/metcs/erkende-metcs
CESSDA (2017a). Data Management Expert Guide. Informed consent. https://www.cessda.eu/Training/Training-Resources/Library/Data-Management-Expert-Guide/5.-Protect/Informed-consent
CESSDA (2017b). Data Management Expert Guide. Processing personal data. https://www.cessda.eu/Training/Training-Resources/Library/Data-Management-Expert-Guide/5.-Protect/Processing-personal-data
CESSDA (2017c). Data Management Expert Guide. Anonymisation. https://www.cessda.eu/Training/Training-Resources/Library/Data-Management-Expert-Guide/5.-Protect/Anonymisation
CESSDA (2017d). Data Management Expert Guide. Informed Consent. https://www.cessda.eu/Training/Training-Resources/Library/Data-Management-Expert-Guide/5.-Protect/Informed-consent
DANS (n.d.a.). DANS Datatags Prototype 2. https://zingtree.com/host.php?tree_id=791812481
DANS (n.d.b.) https://drive.google.com/file/d/10jisJ-5g7lcNX855k8m5mEjv43widcP7/view
DANS (n.d.c.). https://docs.google.com/document/d/1bmFwTeweYPkp60lYZhi7FnDStmZ1s70I8uSZIBBC4_w/edit
DANS (n.d.d.). Getuigenverhalen. http://getuigenverhalen.nl/
Delft University of Technology (2018). Template informed consent form. https://www.tudelft.nl/over-tu-delft/strategie/strategiedocumenten-tu-delft/integriteitsbeleid/human-research-ethics/template-informed-consent-form/
European Commission (2018). Ethics and data protection. https://ec.europa.eu/research/participants/data/ref/h2020/grants_manual/hi/ethics/h2020_hi_ethics-data-protection_en.pdf
European Commission (2019). Clinical Trials Regulation. https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-10/regulation5362014_qa_en.pdf
European Union (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance). http://data.europa.eu/eli/reg/2016/679/2016-05-04
Future of Privacy Forum (2017). A visual guide to practical de-identifcation. https://fpf.org/wp-content/uploads/2017/06/FPF_Visual-Guide-to-Practical-Data-DeID.pdf
LCRDM (n.d.a). Informed Consent overeenkomst. https://www.edugroepen.nl/sites/RDM_platform/Juridisch/Informed%20Consent%20overeenkomst.aspx
LCRMD (n.d.b.) Handreikingen privacy. https://www.lcrdm.nl/handreikingen-privacy
Mons et al. (2017). Cloudy, increasingly FAIR; revisiting the FAIR Data guiding principles for the European Open Science Cloud. Information Services & Use, vol. 37, no. 1, pp. 49-56. https://doi.org/10.3233/ISU-170824
OpenAIRE (n.d.). Amnesia. https://amnesia.openaire.eu/
Privacy Analytics (2018). The five safes of risk-based anonymisation. http://privacy-analytics.com/files/5-SAFES-WHITE-PAPER_FINAL_ELECTRONIC.pdf
SURF e.a. (n.d.) Privacy designer. https://www.privacydesigner.nl
SURF, Erasmus University (2019). Privacy in research [Online course]. https://maken.wikiwijs.nl/125518/Privacy_in__Research
University of Twente (n.d.). Personal Data. Research Protocol [Poster]. https://www.utwente.nl/en/cyber-safety/privacy/poster-personal-data-v08-1.pdf
Utrecht Data School (2017). DEDA for Research.https://survey2.hum.uu.nl/index.php/778777?newtest=Y&lang=en
Utrecht University (n.d.). RDM Support. Informed consent for data sharing [Guide]. https://www.uu.nl/en/research/research-data-management/guides/informed-consent-for-data-sharing
University of Groningen (2019). Protecting Health Data in the Modern Age: Getting to Grips with the GDPR [Online course]. https://www.futurelearn.com/courses/protecting-health-data
