Skip to main content

Table 2 Requirement clusters

From: Legal assessment tool (LAT): an interactive tool to address privacy and data protection issues for data sharing

Name of cluster Requirement tables Description
Data protection/privacy   General data protection requirements applicable to data bridges; conditions, which must be fulfilled in order to legally process personal data.
  Table 1 Requirements for animal data and other data Requirement in relation to:
• Deletion of personal data.
• Anonymising of personal data.
• Obtaining consent from the research subject / researcher
  Table 2 Potential identification risk for human research subjects Requirement in relation to:
• Removing metadata
• Removing data on an image
• Altering the image
• Link between biosamples and data has to be protected.
• Identification risk has to be checked after data merging
• Re-identification risk based on genetic data.
  Table 3 Pseudonymous human data Requirement in relation to:
• Obtaining informed consent from the research subject
• Checking current Informed consent.
• Right to be informed
  Table 4 Anonymous human data Requirement in relation to:
• Verifying the re-identification risk
Data security   Data security issues with a focus on access control; measures to protect data from possible outsider attacks, as well as from re-identification attempts
  Table 5 Requirements for getting access to data/biosamples Requirement in relation to:
• Data Access Committee Approval
• Research Ethics Committee Approval
• Renew Consent
• Anonymising data
• Material Transfer Agreement
  Table 6 Requirements for linking and sharing restricted access data and open access data Requirement in relation to:
• Different Access Tiers
• Authentication/Authorization system
• Audit trail
• Secure data transfer (e.g. via encryption)
• Approval for the use/processing of data
• Approval for redistribution/sharing
• Identifying data/personal data should be stored separately
• Limitation of use
• Removal of data
• Regular backup of database
Intellectual property and licences   Prevention of the infringement of intellectual property rights needs to be fulfilled in order to protect intellectual property rights within data bridges
  Table 7 Overview of the IP requirements cluster Requirement in relation to:
• Data and metadata encryption
• Data access agreement
• License agreement
• Limited liability statement
• Material transfer agreement
• Non-disclosure agreement
• Disposal of biological samples/material
• Removal of identifying metadata
• Temporary embargo of data sharing
• User authentication
• Data labelled as 'restricted'
• Staff awareness
Security of biosamples   Security issues concerning biobanking, measures that have to be taken to securely use and share biosamples
  Table 8 Requirements concerning the security of biosamples Requirement in relation to:
• Delete personal/identifying data
• Renew consent
• Get specific consent
• Get broad consent
• Get Research Ethics Committee approval
• Approval from a relevant regulatory body/authority (concerning biobank research)
• Data Access request
• Negotiate Material Transfer Agreement
• Anonymisation of data
• Approval from a relevant regulatory body/authority responsible for data transfer
• Data Access request
• Personal and Identifying data should be stored separately
• Remove researchers’ personal data
• Ask researcher to publish personal data
  1. Five requirement clusters were created containing eight requirement tables connecting requirements with constraints and protection measures