Ethics and data protection

Obtaining research data from human participants places ethical and legal obligations on researchers. The need to respect confidentiality and privacy can seem to conflict with funders' expectations that data will be shared wherever possible, but with careful planning, it is possible to share research data from human participants. A combination of gaining consent for sharing, de-identifying or anonymising personal data, and controlling access, can ensure long term access to sensitive data.

• When giving consent, participants need to understand and give explicit permission for possible future uses of their data, this should include details of any anonymisation, the extent of planned sharing, future data storage and conditions of access. Once data have been fully anonymised, participant permission is not needed for further work.
• Data must be handled and stored with particular care when they contain personal or sensitive information; see the advice on this site for safeguarding research data.
• Careful anonymisation can ensure that meaning within the data is not lost. There is good advice and guidance from the specialist sites listed below.
• Controlled access enables sharing data with bona fide researchers without anonymisation compromising meaning in the research data.

Relevant to these issues is the General Data Protection Regulation (GDPR), which came in to force across Europe on 25th May 2018. Replacing the UK Data Protection Act 1998, GDPR strengthens the rights of research participants with regard to their personal data.

Our guide listed below, GDPR – How does it affect Research Data Management and data sharing? highlights the key issues for researchers and draws together useful resources and contacts. See also the UK Data Service GDPR Research and Archiving FAQs listed below.