Last month, the European High Court ruled that organisations in EU member states cannot rely on the US Safe Harbor framework as being equivalent to EU Data Protection Law. If you are dealing with personal data as part of your research project, this may have an impact on you.
Research projects that involve partners or participants outside of the Open University, in whatever country, must be clear in the invitation to participate how any data will be shared, with whom and their location.
Cloud storage services
Whenever you sign up to store data in a cloud storage service make sure you read the terms and conditions to understand how and where these data will be kept. A good cloud storage provider should have clear and transparent information on their website about how they will secure your personal information and what they will or will not do with it. If you cannot find this information or feel terms are unfair or unclear, shop around and compare the information.
If you currently use any of the following online services to store personal data, you will need to review your processes (please note: this list is not exhaustive):
- Apple iCloud
- Google Drive
Online survey tools
Researchers making use of survey tools such as Surveymonkey that are based in the US must obtain consent from voluntary participants for their personal data to be stored and processed in the US, for example, by using the following wording in the survey invitation:
‘This survey is using [e.g. Surveymonkey] and any information you enter will be stored temporarily in the US. By taking part in the survey you are consenting to any information that can identify you as an individual being stored in this way.’
- If you are unsure whether your data storage option complies with the Data Protection Act, contact email@example.com
- For advice on how and where to store your research data, email firstname.lastname@example.org