The increase in sharing research data brings a number of complex legal matters to the fore; that was evident in the Thursday kick-off meeting for the SND legal network.
—I think this could become a good platform for continued work. We had very good discussions and it was clear that many higher learning institutions share the same concerns, says Erica Schweder, Legal Officer in SND and the University of Gothenburg.
Legal officers and Data Protection Officers from 14 Swedish HEIs participated in this network meeting. The meeting opened with brief presentations of the participants, SND’s mission and operations. Then followed a review of some of the legal challenges that the HEIs face in the work with making research data more accessible for reuse. The discussions touched upon topics such as public documents, research confidentiality, personal data controlling, and sharing research data that contain personal data.
To classify or not classify?
On the matter of research confidentiality, several participants shared the experience that there is a growing awareness among researchers, as well as in the general public, about the right to request research data from HEIs. This opportunity also means that the HEIs to a greater extent than before have to make decisions on whether information should be classified or disclosed. In several HEIs, for instance Linköping University, they are drawing up guidelines for what to classify and on which grounds. In some areas, the legislation is unclear and complicated, and there aren’t very many precedent decisions to fall back on.
The issue of personal data controlling and research data is also being discussed in many HEIs. The discussions mainly focus on how to best manage the responsibility for processing personal data when researchers and other people from different organisations collaborate, such as from more than one HEI, or from an HEI and a hospital. Several of the legal officers mentioned how there were plans to use the support for joint controllers which is regulated in Article 26 in the General Data Protection Regulation. In many research disciplines, especially in medicine, it is difficult to ascertain what the responsibility from the university is, and what is the hospital’s responsibility. In those cases, the best solution is to jointly determine that both parties are responsible for proper management of personal data.
The road ahead in the legal network
In most of the issues that were discussed in the network meeting, the participants stated that there are huge benefits in working together on outlining and sharing guidelines, instructions, and policy documents about legal evaluations. The SND legal network could be a forum for that form of work. Another function for the network can be questions of competence development related to research data. A suggestion for a training that came during the meeting was to look deeper into the risks of so-called indirect identification of individuals in a data material.
The SND legal network will continue to meet regularly, although there has been no decision about when and how the next meeting will be organised.