• Like
  • Save
Legally Bound? Data Protection Legislation and Research Practice
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Legally Bound? Data Protection Legislation and Research Practice


Legally Bound? Data Protection Legislation and Research Practice …

Legally Bound? Data Protection Legislation and Research Practice

Katharina Kinder-Kurlanda, Laurence Horton
GESIS - Leibniz Institute for the Social Sciences

This paper explores how data archives provide a service facilitating the gap between legal data protection requirements and research practices. Researchers encounter legal frameworks concerning data protection in all phases of the data-lifecycle, but research practice - without due care - can clash with these frameworks. Social science archives can intervene, helping researchers navigate an environment which simultaneously pushes data sharing, and consideration of the individual's right to privacy. These aims are not mutually exclusive, but pressure on researchers to 'get it right' when collecting, storing, analyzing, and anonymizing data has never been greater. We examine how archives can intervene in stages of the data-lifecycle, against the context of German and British regulatory requirements. We propose that whilst differences exist in the substance of laws (e.g. Bundesdatenschutzgesetz and Data Protection Act), research cultures, and funding environments, archives face similar challenges in the data reuse/privacy dynamic. With research innovations such as geo-referenced data, and increasingly, cross-national collaborative projects existing either across national laws or outside established legal frameworks - the regulatory grounding is not firm. Here facilitation becomes an act of setting best-practice standards as guidance and, we suggest, data archives are best suited to be guides.

Published in Education , Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Legally bound?Data protection legislation andresearch practiceLaurence Horton(laurence.horton@gesis.org)Katharina Kinder-Kurlanda(katharina.kinder-kurlanda@gesis.org)Presentation for 39th IASSIST Annual ConferenceGESIS, Cologne, 30 May 2013
  • 2. Legal context in the UK• Data Protection Act (DPA)• Information Commisioner Office (ICO)guidance and commissioner precedents
  • 3. Legal context in Germany• Federal Data Protection Act =Bundesdatenschutzgesetz (BDSG)– “The purpose of this Act is to protect individualsagainst infringement of their right to privacy asthe result of the handling of their personal data.“– “Personal data” = any information concerning thepersonal or material circumstances of an identifiedor identifiable natural person
  • 4. Anonymisation in the UK"Anonymisation is the process of turning datainto a form which does not identify individualsand where identification is not likely to takeplace."See: http://www.ico.org.uk/for_organisations/data_protection/topic_guides/anonymisation
  • 5. Anonymisation in GermanyBDSG,§3,6 on ‚factual anonymisation‘:“’Rendering anonymous’ shall mean the alterationof personal data so that information concerningpersonal or material circumstances cannot beattributed to an identified or identifiable naturalperson or that such attribution would require adisproportionate amount of time, expense andeffort. “
  • 6. Legal context of the EU1995 Data Protection Directive• personal data is any information relating to anindividual• apply when a person can be identified,directly or indirectly• implemented (unevenly) through memberstates
  • 7. Current issues for researchersLack of harmonization in data access regimes due tolegal uncertainty• Whats fine for a Belgian is not fine for the Dutch• Gaps, inconsistencies and contradictions– Under what circumstances are small cell valuesproblematic...?– What degree of security measures is enough?– Does the door of a safe room need to be closed...?
  • 8. Current issues (2)Technological developments are ahead of legalones• Therefore best practice has become veryimportant as everybody is cautious (Avoidingunnecessarily conservative approaches)– e.g.: the proposed EC current reforms
  • 9. Current Issues (3)Balancing researchers needs against a publicmood of (understandable) suspicion• Example: high profile cases of personal data leakage(not research data, but still...)• Example: Albrecht report: Legitimate concernsregarding marketing interests pushing for cuttingdown on privacy lead to researchers being punished• But: Data becomes more transparent throughresearch!
  • 10. Archives to the rescue?• Data archives are expanding their role within datainfrastructures. Not just end point data providers,but support services for those creating data– We have an interest in ensuring good quality data isproduced• Archives build up a store of expertise throughexperience– We encounter a lot more data and a diversity ofprojects that most researchers never encounter
  • 11. Where archives helpCombating ignorance in the research community aboutdata protection laws, by...• Active help with specific queries• Proactive help: Creating training and support materialsProviding the technological capacity to share data thatcould not ordinarily be shared• Legally binding user licenses• Secure data services for rich but sensitive data
  • 12. Example: Advising researchersDear GESIS,someone has accused me of profiling her andasks that my research be approved by theBundesdatenschutzbeauftragter.Please advise on whether doing so is required bythe law in Germany?Yours,a researcher.
  • 13. Example: GESIS SDC -Secure Data Center• Contractual safeguards• Technical safeguards• Organisational safeguards
  • 14. Thank you!