Difference between revisions of "Data Ownership"

Jump to: navigation, search
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
Research teams that acquire original data must also consider data ownership downstream, through the terms they will use to release that data to other researchers or to the general public. The team should consider whether they can publish the data in full after removing personal identifiers. For example, the team must consider whether it would be acceptable for their data to be copied and stored on servers anywhere in the world, whether they would prefer to manage permissions on a case-by-case basis, and whether they expect that data users would cite or credit them. Similarly, the team can require users in turn to release their derivative datasets or publications under similar licenses, or offer use without restriction. There are simple license templates for offering many of these permissions, but, at the planning stage, the team should make sure that all licensing agreements, data collection contracts, and informed consent processes used to acquire the data specifically detail those future uses.
[[Impact Evaluation Team|Research teams]] that acquire original data must also consider '''data ownership''' downstream, through a clear set of rules that they will use to [[Publishing Data|release data]] to other researchers, or to the general public. The team should consider whether they can '''publish''' the data in full after removing [[Personally Identifiable Information (PII)|personal identifiers]]. For example, the team must consider whether it would be acceptable for their data to be copied and [[Data Storage|stored]] on servers anywhere in the world, whether they would prefer to manage permissions on a case-by-case basis, and whether they require future users to cite them. A well established way of doing this can be through [[Data License Agreement|licenses]] which provide the conditions for future use.
== Read First ==
== Read First ==
* Before acquiring any data, it is critical to establish '''data ownership'''.
* Before acquiring any data, it is critical to establish '''data ownership'''.
* '''Data ownership''' can sometimes be challenging to establish, as regulations regarding data and information might vary across [[Impact Evaluation Team|research teams]], and the various organizations and governments they interact with.
* '''Data ownership''' can sometimes be challenging to establish, as regulations regarding data and information might vary across [[Impact Evaluation Team|research teams]], and the various organizations and governments they interact with.
* The best approach is always to consult with a local partner, and enter into specific legal agreements (like Data Licensing Agreement) establishing ownership, access, and publication rights.
* The best approach is always to consult with a local partner, and enter into specific legal agreements (like a [[Data_License_Agreement|DLA]] or [[Data_License_Agreement#Read_First|NDA]]) establishing ownership, access, and publication rights.
* It is especially critical to think about '''data ownership''' when [[Research_Ethics#Confidentiality|confidential data]] is involved or in the case of [[Personally Identifiable Information (PII)|personally identifiable information (PII)]].
* Thinking about '''data ownership''' is especially important when dealing with [[Research_Ethics#Confidentiality|confidential]] or [[Personally Identifiable Information (PII)|personally identifiable]] information.


== Overview ==  
== Overview ==  
In some cases, data is implicitly owned by the people who it is about. In others, it is owned by the people who collected it. In still more, it is highly unclear and there are varying norms. The best approach is always to consult with a local partner, and enter into specific legal agreements establishing ownership, access, and publication rights. This is particularly critical where confidential data is involved – that is, when people are disclosing information to you that you could not obtain simply by observation or through public records.
In some cases, data is owned by the people who it is about, for example, the [https://gdpr.eu/ GDPR] states that customers own the personal information that companies collect from them. In other cases, it is owned by the people who [[Primary Data Collection|collected]] it. However, in some cases ownership of data may not be clear.  
== Data Licensing Agreement ==


Data licensing agreement (DLA)
More specifically, in the context of social science research, if the [[Impact Evaluation Team|research team]] is generating data directly, such as '''survey data''', it is important to clarify up front who owns the data, and who will have access to it. These details need to be shared with respondents when they are offered the opportunity to [[Informed Consent|consent]] to participate in the study. If the research team is not collecting the data directly – for example, if a government, private company, or research partner is doing the data collection – make sure that you have an explicit agreement about who owns the resulting data.


== Data Licensing Agreement (DLA) ==
'''Data license agreements (DLA)''', or data use agreements (DUA) are documents that describe what kind of data is being shared with recipients.  A '''DLA''' clearly states the purpose and duration of access being provided to the recipient, along with restrictions and security protocols that the recipient of the data must follow. Other contracts, such as a '''non-disclosure agreement (NDA)''', may also be used to guarantee [[De-identification|confidentiality]] of sensitive data.
While '''DLAs''' can differ in terms of structure and the level of detail depending on the context, they must clearly cover the following aspects:
* '''The legal framework''' within which access to the data will be provided
* '''Scope of the study''' for which requestor needs access to the data
* '''Restrictions''' on what the requestor can do with the data
* '''Constraints''' on [[Publishing Data|publishing]] sensitive or [[Personally Identifiable Information (PII)|personally identifiable]] data.
== Best Practices ==
The following are some steps that '''research teams''' can take to deal with concerns surrounding '''data ownership'''.
* '''Templates.'''There are simple license templates (like [https://worldbankgroup.sharepoint.com.mcas.ms/teams/ddh/SiteAssets/SitePages/ddh/DataLicenseAgreementTemplate_v4.pdf?cid=68a54269-bbff-4b47-846d-cab248ad7de1 this one] used by the World Bank) for offering many of these permissions.
* '''Future uses.'''At the planning stage, the team should make sure that all licensing agreements, [[Primary Data Collection|data collection]] contracts, and [[Informed Consent|informed consent processes]] used to acquire the data specifically deal with possible future uses of the data - including [[Data Storage|storage]].
* '''Stakeholders.''' The contract for [[Primary Data Collection|data collection]] should include specific terms as to the rights and responsibilities of each stakeholder.
* '''Rights.''' The contract must clearly mention which party owns the data produced, and that the research team maintains full intellectual property rights.
* '''Respondent privacy.''' The contract should also explicitly indicate that the contracted firm is responsible for [[Protecting_Human_Research_Subjects|protecting respondent privacy]].
* '''Research ethics.''' The contract should also ensure compliance with [[Research Ethics|ethical standards]] for social science research, and adhere to the specific terms of agreement with the relevant [[Research_Ethics#Ethics_Approvals|institutional review board (IRB)]] or applicable local authority.
== Related Pages ==
== Related Pages ==
[[Special:WhatLinksHere/Data_Ownership|Click here for pages that link to this topic.]]


== Additional Resources ==
== Additional Resources ==
* Harvard University, [https://vpr.harvard.edu/files/ovpr-test/files/data_ownership_policy_08.06.19.pdf Research Data Ownership Policy]
* JPAL, [https://admindatahandbook.mit.edu/book/v1.0/index.html Handbook on Using Administrative Data for Research and Evidence-based Policy]
* ORI, [https://ori.hhs.gov/education/products/n_illinois_u/datamanagement/dotopic.html#:~:text=Ownership%20implies%20power%20as%20well,others%20(Loshin%2C%202002) Data Ownership]

Latest revision as of 17:02, 21 June 2021

Research teams that acquire original data must also consider data ownership downstream, through a clear set of rules that they will use to release data to other researchers, or to the general public. The team should consider whether they can publish the data in full after removing personal identifiers. For example, the team must consider whether it would be acceptable for their data to be copied and stored on servers anywhere in the world, whether they would prefer to manage permissions on a case-by-case basis, and whether they require future users to cite them. A well established way of doing this can be through licenses which provide the conditions for future use.

Read First

  • Before acquiring any data, it is critical to establish data ownership.
  • Data ownership can sometimes be challenging to establish, as regulations regarding data and information might vary across research teams, and the various organizations and governments they interact with.
  • The best approach is always to consult with a local partner, and enter into specific legal agreements (like a DLA or NDA) establishing ownership, access, and publication rights.
  • Thinking about data ownership is especially important when dealing with confidential or personally identifiable information.

Overview

In some cases, data is owned by the people who it is about, for example, the GDPR states that customers own the personal information that companies collect from them. In other cases, it is owned by the people who collected it. However, in some cases ownership of data may not be clear.

More specifically, in the context of social science research, if the research team is generating data directly, such as survey data, it is important to clarify up front who owns the data, and who will have access to it. These details need to be shared with respondents when they are offered the opportunity to consent to participate in the study. If the research team is not collecting the data directly – for example, if a government, private company, or research partner is doing the data collection – make sure that you have an explicit agreement about who owns the resulting data.

Data Licensing Agreement (DLA)

Data license agreements (DLA), or data use agreements (DUA) are documents that describe what kind of data is being shared with recipients. A DLA clearly states the purpose and duration of access being provided to the recipient, along with restrictions and security protocols that the recipient of the data must follow. Other contracts, such as a non-disclosure agreement (NDA), may also be used to guarantee confidentiality of sensitive data.

While DLAs can differ in terms of structure and the level of detail depending on the context, they must clearly cover the following aspects:

  • The legal framework within which access to the data will be provided
  • Scope of the study for which requestor needs access to the data
  • Restrictions on what the requestor can do with the data
  • Constraints on publishing sensitive or personally identifiable data.

Best Practices

The following are some steps that research teams can take to deal with concerns surrounding data ownership.

  • Templates.There are simple license templates (like this one used by the World Bank) for offering many of these permissions.
  • Future uses.At the planning stage, the team should make sure that all licensing agreements, data collection contracts, and informed consent processes used to acquire the data specifically deal with possible future uses of the data - including storage.
  • Stakeholders. The contract for data collection should include specific terms as to the rights and responsibilities of each stakeholder.
  • Rights. The contract must clearly mention which party owns the data produced, and that the research team maintains full intellectual property rights.
  • Respondent privacy. The contract should also explicitly indicate that the contracted firm is responsible for protecting respondent privacy.
  • Research ethics. The contract should also ensure compliance with ethical standards for social science research, and adhere to the specific terms of agreement with the relevant institutional review board (IRB) or applicable local authority.

Related Pages

Click here for pages that link to this topic.

Additional Resources