Make open data sharing a no-brainer for ethics committees.

Zenodo badge

Statement of the problem

The ideology of open and reproducible science makes its ways into various fields of science. Neuroimaging is a driving force today behind many fields of brain sciences. Despite possibly terabytes of neuroimaging data collected for research daily, just a small fraction becomes publicly available. Partially it is because management of neuroimaging data requires to confirm to established legal norms, i.e. addressing the aspect of research participants privacy. Those norms are usually established by institutional review boards (IRB, or otherwise called ethics committees), which are in turn “governed” by national, federal and supra-national regulations.

Flexibility in interpretation of original regulations established in the past century, decentralization of those committees, and lack of a “community” influence over them created the problem: for neuroimaging studies there was no commonly accepted version of a Consent form template which would allow for collected imaging data to be shared as openly as possible while providing adequate guarantees for research participants’ privacy. In majority of the cases, used Consent forms simply did not include any provision for public sharing of the data to get a “speedy” IRB approval for a study. Situation is particularly tricky because major granting agencies (e.g. NIH, NSF, RCUK) nowadays require public data sharing, but do not provide explicit instructions on how.

To facilitate neuroimaging data sharing, we providing an “out of the box” solution addressing aforementioned human research participants concerns and consisting of

  • widely acceptable consent form templates (with various translations) allowing deposition of de-identified data to public data archives
  • a template data user agreement (if your repository allows DUA instead of a licence)
  • collection of tools/pipelines to help de-identification of neuroimaging data making it ready for sharing

You can read a summary of this work in our post-print: The Open Brain Consent: Informing research participants and obtaining consent to share brain imaging data

De-identification

Data must be de-identified before distribution. We will collect information on existing and possibly establishing an ultimate easy to use pipeline to standardize de-identification of neuroimaging data to simplify data sharing.

Content table

Recommendations

List of existing recommendations from various foundations and organizations.

World Medical Association

GDPR edition

Context

Responsible and ethical sharing of data and code that underlie the results of scientific work is an important step towards improving research transparency, fostering inclusivity and building public trust in science. At the same time, privacy of sensitive personal data, including neuroimaging data, is highly important. Ethical review boards at research institutions are responsible for reviewing a study protocol and deciding whether it can continue based on its adherence to the relevant ethical and research integrity principles, which typically include regulations on personal data privacy. In the European Union, such data privacy requirements are subject to the General Data Protection Regulation (GDPR) as implemented by its member countries. Despite the increased importance that funders and institutions are currently placing on open science practices, no clear, thorough and openly available guides exist for publicly sharing neuroimaging data under the GDPR. Our goal is to share community-contributed templates for consent forms and other documentation required for ethical approval of brain research data processing and sharing under the GDPR.

GDPR Documents

Data Privacy Impact assessment (DPIA)

Under the GDPR, it is necessary to have a Data Privacy Impact Assessment related to personal data being processed, shared and stored. This is typically done by the Data Protection Officer in collaboration with an IT team. For more information on DPIA, please refer to this link.

When planning a study and applying for ethical approval, it would typically be expected that you conduct and document a simple DPIA in order to answer some basic but important questions:

  • What does the study entail?
  • Which parties are involved?
  • Which data types are sensitive?
  • Which security measures are being taken to protect data privacy? E.g.:
    • Privacy by Design
    • Privacy by Default
    • Privacy Enhancing Technologies
  • What is the goal of the data processing?
  • What is the selected lawful basis for processing the data?

This is part of your job as researchers, i.e. the goal of the data processing is to answer research question as part of your public task.

Data User Agreement

A DUA does not provide a legal basis to share personal data (the consent does). A DUA allows controlling what happens to the data when it is shared. A DUA can be a legal instrument if the data are shared for further processing with similar purposes as the original research project (it gives a legal basis to the secondary data user).

This template is based on the Donder’s Institute DUA Version RU-DI-HD-1.0. Given that brain imaging data can be used to identify individuals, it is safe to consider them as ‘personal data’ under the GDPR, even after using a pseudo-anonymization procedure like defacing (see our information on de-identification tools.

To allow sharing of such personal data, it is recommended to use a Data User Agreement (DUA) over a license. The term “license” is more general than DUA, but both are “contracts” between a licensor and licensee.

Not all licenses that are commonly used online (like GPL, MIT, CC-BY) are appropriate for data or for databases. A “data use agreement” is a specific form of license (or contract) that is designed for data and can take into account that besides the rights of the licensor (e.g. the researcher or the university) there may also be rights of the participants whose data is included, for example relating to re-identification. You could call an “agreement” or a “contract” between data provider and data downloader a “license”, but calling it a “data use agreement” makes it more explicit that it is not about the (re)use of a creative work (like written text or code by an author) but reuse of measured/observed data.

General considerations for a Data User Agreement

This DUA is meant to be sufficiently restrictive to publicly sharing biomedical data, which under GDPR should be seen as personal data. If a direct collaboration for data sharing is in place we recommend to be less restrictive.

  • If applicable, the agreement must specify how to deal with subject confidentiality issues.
  • Point 4 on secondary and derived data redistribution is contentious - and careful consideration should be taken to include this or not.
  • Related to point 4, you could specify how credits and acknowledgements are to be handled. For instance, if someone uses a template that was built by a researcher or group of researchers who used your data, do you want to be acknowledged as well.
English
Data user agreement for accessing identifiable human data

Version: OBC-GDPR-DUA 1.0.0

I request access to the data collected in the digital repository of the <DEPARTMENT>, part of the <INSTITUTION>, established at <CITY>, <COUNTRY> (hereinafter referred to as the <INSTITUTION SHORTNAME>).

By accepting this agreement, I become the data controller (as defined under the GDPR) of the data that I have access to, and am responsible that I access these data under the following terms:

  1. I will comply with all relevant rules and regulations imposed by my institution and my government. Rules established in this agreement thus take place in addition to existing general data protection regulations that are applicable in my country.
  2. I will not attempt to establish or retrieve the identity of the study participants. I will not link these data to any other database in a way that could provide identifying information. I shall not request the pseudonymisation key that would link these data to an individual’s personal information, nor will I accept any additional information about individual participants under this Data Use Agreement.
  3. I will not redistribute these data or share access to these data with others, unless they have independently applied and been granted access to these data, i.e., signed this Data Use Agreement. This includes individuals in my institution.
  4. [OPTIONAL] When sharing secondary or derivative data (e.g. group statistical maps or templates), I will only do so if they are on a group level, and cannot be deduced information from individual participants.
  5. I will reference the specific source of the accessed data when publicly presenting any results or algorithms that benefited from their use: (a) Papers, book chapters, books, posters, oral presentations, and all other presentations of results derived from the data should acknowledge the origin of the data as follows: “Data were provided (in part) by <Research centre/University Department> <University, Country>”. (b) Authors of publications or presentations using the data should cite relevant publications describing the methods developed and used by the <Research centre/University Department> to acquire and process the data. The specific publications that are appropriate to cite in any given study will depend on what the data were used and for what purposes. When applicable, a list of publications will be included in the collection. (c) Neither the <Research centre/University Department> or <University>, nor the researchers that provide this data will be liable for any results and/or derived data. They shall not be included as an author of publications or presentations without consent.
  6. Failure to abide by these guidelines will result in termination of my privileges to access these data.
Translations
Bosnian

(translation courtesy of Dr Amira Serifovic Trbalic)

Ugovor sa korisnikom podataka za pristup prepoznatljivim ljudskim podacima

Version: OBC-GDPR-DUA.bs 1.0.0

Zahtijevam pristup podacima prikupljenim u digitalnom repozitoriju <ODJELA>, dijela <INSTITUCIJE>, osnovane u <GRAD>, <DRŽAVA> (u nastavku referirano kao <SKRAĆENO IME INSTITUCIJE >).

Prihvatanjem ovog ugovora, postajem kontrolor podataka (kako je definirano u GDPR-u) kojima imam pristup i odgovoran sam da tim podacima pristupim pod slijedećim uvjetima:

  1. Pridržavat ću se svih relevantnih pravila i propisa koje su postavile moja institucija i moja vlada. Ovaj sporazum nikad nema prevagu nad postojećim općim propisima o zaštiti podataka koji se primjenjuju u mojoj zemlji.
  2. Neću pokušati utvrditi identitet učesnika studije. Neću povezati ove podatke s bilo kojom drugom bazom podataka na način koji bi mogao pružiti identifikacijske podatke. Neću tražiti ključ za pseudonimizaciju koji bi povezao ove podatke s osobnim podacima pojedinca, niti ću prihvatiti bilo kakve dodatne informacije o pojedinim sudionicima na osnovu ovog Ugovora o korištenju podataka.
  3. Neću redistribuirati ove podatke niti dijeliti pristup tim podacima s drugima, osim ako oni nisu samostalno aplicirali i dobili pristup ovim podacima, tj. potpisali ovaj Ugovor o korištenju podataka. Ovo uključuje i pojedince u mojoj ustanovi.
  4. [OPCIONO] Pri dijeljenju sekundarnih ili izvedenih podataka (npr. grupne statističke mape ili predloške), to ću učiniti samo ako su na nivou grupe i ne mogu se utvrditi informacije o pojedinačnim sudionicima.
  5. Navest ću specifičan izvor pristupljenih podataka prilikom javnog predstavljanja bilo kakvih rezultata ili algoritama koji su imali koristi od njihove uporabe: (a) Radovi, poglavlja u knjigama, knjige, posteri, usmena prezentacija i sve ostale prezentacije rezultata izvedenih iz podataka bi trebali potvrditi porijeklo podataka na sljedeći način: “Podaci su (dijelom) omogućeni (dobijeni) od <Istraživački centar / Univerzitetski odjel> <Univerzitet, Država>”. (b) Autori publikacija ili prezentacija koji koriste podatke trebali bi navesti relevantne publikacije koje opisuju metode koje je <Istraživački centar / Univerzitetski odjel> razvio i koristio za prikupljanje i obradu podataka. Specifične publikacije koje je primjereno navesti u bilo kojoj studiji ovisit će o tome koji su podaci korišteni i u koje svrhe. Kada je to moguće, publikacije će biti uvrštene u zbirku. (c) Ni <Istraživački centar / Univerzitetski odjel> ni <Univerzitet>, niti istraživači koji daju ove podatke neće biti odgovorni za bilo kakve rezultate i / o r izvedeni podaci. Neće biti uključeni kao autor publikacija ili prezentacija bez saglasnosti.
  6. Nepoštivanje ovih smjernica rezultiraće ukidanjem mojih privilegija za pristup ovim podacima.
Czech

(translation courtesy of Dr Radim Jančálek)

Dohoda o užívání dat pro přístup k identifikovatelným lidským údajům

Version: OBC-GDPR-DUA.cs 1.0.0

Žádám o přístup k údajům shromážděným v digitálním úložišti <ODDĚLENÍ>, která je součástí <INSTITUCE>, zřízená v <MĚSTO>, <STÁT> (dále uvedený jako <ZKRATKA INSTITUCE>).

Přijetím této dohody se stávám správcem údajů (podle definice GDPR), ke kterým mám přístup, a jsem zodpovědný za to, že k těmto údajům přistupuji za následujících podmínek:

  1. Budu dodržovat všechna příslušná pravidla a nařízení stanovená mou institucí a vládou. Tato dohoda není nikdy nadřazena stávajícím obecným předpisům o ochraně osobních údajů, které jsou platné v mé zemi.
  2. Nebudu se pokoušet zjistit nebo získat identitu účastníků studie. Tyto údaje nebudu nikdy propojovat s žádnou jinou databází způsobem, který by mohl poskytnout identifikační informace. Nebudu požadovat pseudonymizační klíč, který by tyto údaje spojoval s osobními údaji jednotlivce, ani nepřijmu žádné další informace o jednotlivých subjektech spadajících pod tuto Dohodu o užívání dat.
  3. Tyto data nebudu nikdy dále distribuovat ani sdílet k nim přístup s ostatními, ledaže by nezávisle požádali a měli udělený přístup k těmto datům, například na základě této Dohody o užívání dat. To zahrnuje jednotlivce v mé instituci.
  4. [NEPOVINNÉ] Při sdílení sekundárních nebo odvozených dat (např. skupinových statistických map nebo šablon) tak učiním pouze v případě, pokud budou na úrovni skupiny a nepůjde z nich odvodit informace jednotlivých účastníků.
  5. Při veřejné prezentaci výsledků nebo algoritmů, které měly prospěch z použití přístupných dat, budu odkazovat na jejich konkrétní zdroj: a) Příspěvky, kapitoly knih, knihy, postery, ústní prezentace a všechny ostatní prezentace výsledků získaných z dat by měly přiznat původ dat takto: „Údaje byly (částečně) poskytnuty z [Výzkumné centrum / Univerzitní klinika nebo ústav] [Univerzita, Stát]“. (b) Autoři publikací nebo prezentací využívající data by měli uvést příslušné publikace popisující metody vyvinuté a používané [Výzkumné centrum / Univerzitní klinika nebo ústav] k získání a zpracování údajů. Konkrétní publikace, které je vhodné citovat v dané studii, budou záviset na tom, jaké údaje byly použity a za jakým účelem. Ve sbírce bude případně zahrnut seznam publikací. (c) Ani [Výzkumné centrum / Univerzitní klinika nebo ústav] nebo [Univerzita], ani výzkumní pracovníci, kteří tyto data poskytli, nebudou ručit za jakékoliv výsledky a/nebo odvozená data a nesmí být zařazeni jako autoři publikací nebo prezentací bez jejich souhlasu.
  6. Nedodržení těchto pokynů bude mít za následek ukončení mých oprávnění pro přístup k těmto datům.
German

(translation courtesy of Dr Vera Keil)

Vereinbarung über den Zugriff auf identifizierbare menschliche Daten

Version: OBC-GDPR-DUA.de 1.0.0

Ich beantrage Zugang zu den Daten, die im digitalen Repository des <DEPARTMENT>, Teil der <INSTITUTION>, eingerichtet unter <CITY>, <COUNTRY> (im Folgenden als <INSTITUTION SHORTNAME> bezeichnet) gesammelt wurden.

Durch die Annahme dieser Vereinbarung werde ich zum Datenverantwortlichen (wie im GDPR definiert) für die Daten, zu denen ich Zugang habe, und bin dafür verantwortlich, dass ich unter den folgenden Bedingungen auf diese Daten zugreife:

  1. Ich werde alle relevanten Regeln und Vorschriften einhalten, die von meiner Institution und meiner Regierung auferlegt werden. Diese Vereinbarung hat niemals Vorrang vor den bestehenden allgemeinen Datenschutzbestimmungen, die in meinem Land gelten.
  2. Ich werde nicht versuchen, die Identität der Studienteilnehmer festzustellen oder abzurufen. Ich werde diese Daten nicht mit einer anderen Datenbank in einer Weise verknüpfen, die identifizierende Informationen liefern könnte. Ich werde weder den Pseudonymisierungsschlüssel anfordern, der diese Daten mit den persönlichen Informationen einer Person verknüpft, noch werde ich zusätzliche Informationen über einzelne Teilnehmer im Rahmen dieser Datennutzungsvereinbarung akzeptieren.
  3. Ich werde diese Daten nicht weiterverteilen oder den Zugang zu diesen Daten mit anderen teilen, es sei denn, sie haben sich unabhängig voneinander um diese Daten beworben und Zugang zu ihnen erhalten, d.h. diese Datennutzungsvereinbarung unterzeichnet. Dies gilt auch für Personen in meiner Institution.
  4. [OPTIONAL] Wenn ich sekundäre oder abgeleitete Daten (z.B. statistische Gruppenkarten oder Vorlagen) gemeinsam nutze, werde ich dies nur tun, wenn sie sich auf Gruppenebene befinden und keine Informationen von einzelnen Teilnehmern abgeleitet werden können.
  5. Ich werde auf die spezifische Quelle der abgerufenen Daten verweisen, wenn ich Ergebnisse oder Algorithmen, die von ihrer Verwendung profitiert haben, öffentlich präsentiere: (a) In Papieren, Buchkapiteln, Büchern, Postern, mündlichen Präsentationen und allen anderen Präsentationen von Ergebnissen, die aus den Daten abgeleitet wurden, sollte die Herkunft der Daten wie folgt angegeben werden: “Die Daten wurden (teilweise) von [Forschungszentrum/Universitätsabteilung] [Universität, Land] zur Verfügung gestellt”. (b) Autoren von Publikationen oder Präsentationen, die die Daten verwenden, sollten relevante Publikationen zitieren, die die Methoden beschreiben, die vom [Forschungszentrum/Universitätsabteilung] zur Erfassung und Verarbeitung der Daten entwickelt und verwendet wurden. Welche spezifischen Publikationen in einer bestimmten Studie zitiert werden sollten, hängt davon ab, welche Daten und zu welchen Zwecken verwendet wurden. Gegebenenfalls wird eine Liste von Publikationen in die Sammlung aufgenommen. (c) Weder das/die [Forschungszentrum/Universitätsabteilung] oder die [Universität] noch die Forscher, die diese Daten zur Verfügung stellen, haften für die Ergebnisse und/oder die abgeleiteten Daten. Sie werden nicht ohne Zustimmung als Autor von Veröffentlichungen oder Präsentationen aufgenommen.
  6. Die Nichteinhaltung dieser Richtlinien führt zum Erlöschen meiner Zugriffsrechte auf diese Daten.
Greek

(translation courtesy of Dr Vasileios K. Katsaros)

Συμφωνία χρήστη δεδομένων για την πρόσβαση σε αναγνωρίσιμα ανθρώπινα δεδομένα

Version: OBC-GDPR-DUA.el 1.0.0

Ζητώ πρόσβαση στα δεδομένα που συλλέγονται στο ψηφιακό αποθετήριο του <DEPARTMENT>, μέρος του <INSTITUTION>, που είναι εγκατεστημένο στο <CITY>, <COUNTRY> (στο εξής αναφέρεται ως <INSTITUTION SHORTNAME>).

Με την αποδοχή αυτής της συμφωνίας, γίνομαι υπεύθυνος επεξεργασίας δεδομένων (όπως ορίζεται στο GDPR) των δεδομένων στα οποία έχω πρόσβαση και είμαι υπεύθυνος για την πρόσβαση στα δεδομένα αυτά υπό τους ακόλουθους όρους:

  1. Θα συμμορφωθώ με όλους τους σχετικούς κανόνες και κανονισμούς που επιβάλλει το θεσμικό όργανο και η κυβέρνησή μου. Αυτή η συμφωνία δεν έχει ποτέ επικράτηση σε σχέση με τους υφιστάμενους γενικούς κανονισμούς προστασίας δεδομένων που ισχύουν στη χώρα μου.
  2. Δεν θα επιχειρήσω να διαπιστώσω ή να ανακτήσω την ταυτότητα των συμμετεχόντων στη μελέτη. Δεν θα συνδέσω τα δεδομένα αυτά με καμία άλλη βάση δεδομένων με τρόπο που θα μπορούσε να παράσχει πληροφορίες ταυτοποίησης. Δεν θα ζητήσω το κλειδί ψευδωνύμου που θα συνδέει αυτά τα δεδομένα με τα προσωπικά στοιχεία του ατόμου, ούτε θα δεχτώ πρόσθετες πληροφορίες σχετικά με μεμονωμένους συμμετέχοντες στο πλαίσιο αυτής της Συμφωνίας Χρήσης Δεδομένων.
  3. Δεν θα αναδιανείμω αυτά τα δεδομένα ούτε θα μοιραστώ πρόσβαση σε αυτά τα δεδομένα με άλλους, εκτός εάν έχουν αυτοτελώς εφαρμόσει και έχουν πρόσβαση σε αυτά τα δεδομένα, δηλ. έχουν υπογράψει αυτή τη Συμφωνία Χρήσης Δεδομένων. Αυτό περιλαμβάνει άτομα στο ίδρυμά μου.
  4. [ΠΡΟΑΙΡΕΤΙΚΟ] Κατά την κοινή χρήση δευτερευόντων ή παράγωγων δεδομένων (π.χ. ομάδων στατιστικών χαρτών ή προτύπων), θα το κάνω μόνο αν βρίσκονται σε επίπεδο ομάδας και δεν μπορούν να εξαχθούν πληροφορίες από μεμονωμένους συμμετέχοντες.
  5. Θα αναφερθώ στη συγκεκριμένη πηγή των προσπελάσιμων δεδομένων όταν παρουσιάζω δημόσια οποιαδήποτε αποτελέσματα ή αλγορίθμους που επωφελήθηκαν από τη χρήση τους: (α) Έγγραφα, κεφάλαια βιβλίων, βιβλία, αφίσες, προφορικές παρουσιάσεις και όλες οι άλλες παρουσιάσεις αποτελεσμάτων που προέρχονται από τα δεδομένα πρέπει να αναγνωρίσει την προέλευση των δεδομένων ως εξής: “Τα δεδομένα παρασχέθηκαν (εν μέρει) από το [Ερευνητικό Κέντρο / Πανεπιστημιακό Τμήμα] [Πανεπιστήμιο, Χώρα]” β) Οι συντάκτες δημοσιεύσεων ή παρουσιάσεων που χρησιμοποιούν τα δεδομένα πρέπει να αναφέρουν σχετικές δημοσιεύσεις που περιγράφουν τις μεθόδους που αναπτύχθηκαν και χρησιμοποιήθηκαν από το [ Το Τμήμα Πανεπιστημίου] για να αποκτήσει και να επεξεργαστεί τα δεδομένα. Οι συγκεκριμένες δημοσιεύσεις που είναι κατάλληλες να αναφερθούν σε μια δεδομένη μελέτη θα εξαρτηθούν από το ποια δεδομένα χρησιμοποιήθηκαν και για ποιους σκοπούς. γ) Ούτε το [Ερευνητικό Κέντρο / Πανεπιστημιακό Τμήμα] ούτε το Πανεπιστήμιο ούτε οι ερευνητές που παρέχουν τα δεδομένα αυτά θα ευθύνονται για οποιαδήποτε αποτελέσματα ή / και παραγόμενα δεδομένα. Δεν θα συμπεριληφθούν ως συντάκτης δημοσιεύσεων ή παρουσιάσεων χωρίς συγκατάθεση.
  6. Η μη τήρηση αυτών των οδηγιών θα έχει ως αποτέλεσμα τον τερματισμό των δικαιωμάτων μου για την πρόσβαση σε αυτά τα δεδομένα.
Spanish

(translation courtesy of Dr Maria de la Iglesia)

Acuerdo de usuario de datos para acceder a datos humanos identificables

Version: OBC-GDPR-DUA.es 1.0.0

Solicito el acceso a los datos recogidos en el depósito digital del <DEPARTAMENTO>, parte de la <INSTITUCIÓN>, establecido en <CIUDAD>, <PAÍS> (en lo sucesivo, el <Nombre corto de la INSTITUCIÓN>).

Al aceptar este acuerdo, me convierto en el responsable o encargado del tratamiento (según la definición de la RGPD) de los datos a los que tengo acceso, y soy responsable de que acceda a estos datos bajo los siguientes términos:

  1. Cumpliré con todas las normas y reglamentos pertinentes impuestos por mi institución y mi gobierno. Este acuerdo nunca prevalece sobre las normas generales de protección de datos vigentes en mi país.
  2. No intentaré establecer o recuperar la identidad de los participantes del estudio. No vincularé estos datos a ninguna otra base de datos de manera que pueda proporcionar información de identificación. No solicitaré la clave de seudonimización que vincularía estos datos con la información personal de un individuo, ni aceptaré ninguna información adicional sobre los participantes individuales en virtud de este Acuerdo de uso de datos.
  3. No redistribuiré esos datos ni compartiré el acceso a ellos con otros, a menos que hayan solicitado y obtenido acceso a esos datos de forma independiente, es decir, que hayan firmado este Acuerdo de utilización de datos. Esto incluye a las personas de mi institución.
  4. [OPCIONAL] Cuando comparta datos secundarios o derivados (por ejemplo, mapas estadísticos de grupo o plantillas), sólo lo haré si son a nivel de grupo, y no se puede deducir la información de los participantes individuales.
  5. Haré referencia a la fuente específica de los datos a los que se ha accedido cuando se presenten públicamente cualquier resultado o algoritmo que se haya beneficiado de su uso: a) En las ponencias, capítulos de libros, libros, carteles, presentaciones orales y todas las demás presentaciones de resultados derivados de los datos se deberá reconocer el origen de los datos de la siguiente manera “Los datos fueron proporcionados (en parte) por [Centro de investigación/Departamento de la Universidad] [Universidad, país]”. b) Los autores de las publicaciones o presentaciones en que se utilicen los datos deberán citar las publicaciones pertinentes en que se describen los métodos elaborados y utilizados por el [Centro de investigación/Departamento de la Universidad] para adquirir y procesar los datos. Las publicaciones específicas que es apropiado citar en un estudio determinado dependerá de qué datos se utilizaron y con qué fines. Cuando proceda, se incluirá en la colección una lista de publicaciones. c) Ni el [Centro de investigación / Departamento de la Universidad] ni la [Universidad], ni los investigadores que proporcionen estos datos serán responsables de los resultados y/o los datos derivados. No se les incluirá como autores de publicaciones o presentaciones sin consentimiento.
  6. El incumplimiento de estas directrices dará lugar a la terminación de mis privilegios de acceso a estos datos.
Finnish

(translation courtesy of Marko Havu)

Tunnistettavien tietojen käyttäjän käyttöoikeussopimus

Versio: OBC-GDPR-DUA.fi 1.1.0

Pyydän käyttöoikeutta <OSASTON> digitaaliseen tietovarantoon tallennettuihin tietoihin. <OSASTO> on osa <TUTKIMUSLAITOSTA>, jonka kotipaikka on <KAUPUNKI>, <MAA> (jäljempänä <TUTKIMUSLAITOKSEN LYHYT NIMI>).

Hyväksymällä tämän sopimuksen minusta tulee GDPR:n mukainen rekisterinpitäjä . Käyttööni saamani tiedot muodostavat henkilötietorekisterin, ja olen velvollinen käsittelemään niitä seuraavien ehtojen mukaisesti:

  1. Noudatan tietojen käsittelyssä paikallisia säädöksiä ja tutkimuslaitoksessani vallitsevia sääntöjä ja määräyksiä. Tämä sopimus ei kumoa voimassa olevia tietosuojasäädöksiä.
  2. En yritä selvittää tutkimukseen osallistuneiden henkilöllisyyttä. En yhdistä tietoja muihin tietoihin siten, että henkilöllisyys on selvitettävissä. En hanki pseudonymisointiavainta, jonka avulla nämä tiedot pystytään yhdistämään henkilöön, enkä ota vastaan yksittäistä tutkittavaa koskevia lisätietoja.
  3. En julkaise näitä tietoja tai jaa niitä kenellekään, jolle ei ole myönnetty niihin käyttöoikeutta. Jokaisen käyttäjän on haettava käyttöoikeutta erikseen ja allekirjoitettava tämä käyttöoikeussopimus. Tämä koskee myös tutkimusyhteisöni jäseniä.
  4. [VALINNAINEN] Jaan toissijaisia tietoja tai johdannaistietoja (esimerkiksi tilastokarttoja tai mallineita) ainoastaan siinä tapauksessa, että tiedot koskevat ryhmätasoa, eikä niistä voi selvittää yksittäistä tutkittavaa koskevia tietoja.
  5. Viittaan tietojen lähteeseen, kun esitän tuloksia tai algoritmeja, jotka ovat syntyneet näitä tietoja käyttämällä: (a) Julkaisuissa, kirjan kappaleissa, kirjoissa, postereissa, suullisissa esityksissä ja muissa esityksissä, joissa esitellään näistä tiedoista syntyneitä tuloksia, tietojen lähde esitetään seuraavasti: “Tiedot toimitti (osittain) <tutkimuskeskus/yliopiston laitos>, <yliopisto>, <maa>”. (b) Näitä tietoja käyttävien julkaisujen tai esitysten tekijöiden tulee viitata asiaankuuluviin julkaisuihin, joissa kuvataan <tutkimuskeskuksessa/yliopiston laitoksella> tiedon keruuta ja käsittelyä varten kehitetyt ja käytetyt menetelmät. Se, mihin julkaisuihin on viitattava tietyssä tutkimuksessa, riippuu siitä, mitä tietoja käytettiin ja mihin tarkoitukseen. Julkaisuluettelo lisätään tarvittaessa kokoelmaan. (c) <Tutkimuskeskus/yliopiston laitos> tai <yliopisto> tai tutkijat, joilta tiedot ovat peräisin, eivät vastaa niistä saaduista tuloksista tai johdannaistiedoista. Heitä ei tule lisätä julkaisujen tai esitysten tekijäluetteloon ilman heidän suostumustaan.
  6. Näiden ehtojen noudattamatta jättämisen seurauksena menetän käyttöoikeuteni tietoihin.
French

(translation courtesy of Anne Hespel and Dr Elise Bannier)

Engagement de l’utilisateur des données pour l’accès à des données personnelles directement ou indirectement identifiantes

Version: OBC-GDPR-DUA.fr 1.0.0

Je demande l’accès aux données numériques collectées dans le dépôt numérique du <Département>, faisant partie de la <Institution>, établi à <Ville>, <Pays> (ci-après dénommé le <NOM DE L’INSTITUTION>).

En acceptant cet accord, je deviens le nouveau responsable de traitement de données au sens du RGPD vis à vis des données auxquelles j’ai accès. A ce titre, je m’engage à respecter la réglementation en vigueur et à satisfaire aux conditions suivantes :

  1. Je me conformerai à toutes les règles et réglementations en vigueur en matière de protection de données à caractère personnel imposées par l’état et l‘institution dont je relève. Cet accord n’a jamais préséance sur les réglementations générales existantes en matière de protection des données qui sont applicables dans mon pays.
  2. Je ne poursuivrai jamais, par quelque moyen que ce soit, la finalité visant à établir ou à retrouver l’identité des personnes concernées par le traitement des données à caractère personnel, ci-devant les participants à l’étude. Je n’établirai aucun croisement entre ces données et celles d’une autre base de données d’une manière pouvant aboutir à des informations d’identification. Je ne solliciterai de clé de pseudonymisation pouvant permettre de relier ces données à l’identité d’une personne physique. Je n’accepterai aucune information ou donnée supplémentaire relatives aux participants à l’étude dans le cadre du présent accord de partage de données à caractère personnel.
  3. Je ne diffuserai pas ces données. Je n’en partagerai pas l’accès avec d’autres personnes ou institutions, à moins qu’elles n’aient fait une demande indépendante et qu’on leur ait accordé l’accès à ces données, c’est-à-dire qu’elles aient signé le présent accord d’utilisation des données. Cela inclut les personnes de mon institution.
  4. [FACULTATIF] Toute donnée secondaire ou dérivée (par exemple, des cartes ou des modèles statistiques de groupe) ne pourra être partagée qu’au niveau du groupe, et non déduite d’informations individuelles.
  5. Je ferai référence à la source originelle spécifique des données auxquelles j’ai eu accès lorsque je présenterai les résultats ou des algorithmes ayant bénéficié de leur utilisation : a) Les articles, chapitres de livres, livres, posters, présentations orales et toutes les autres présentations de résultats dérivés des données doivent mentionner l’origine des données comme suit “Les données ont été fournies (pour partie) par [centre de recherche/département universitaire] [université, pays]”. (b) Les auteurs de publications ou de présentations utilisant les données doivent citer les publications pertinentes décrivant les méthodes développées et utilisées par le [centre de recherche/département universitaire] pour acquérir et traiter les données. Les publications spécifiques qu’il convient de citer dans une étude donnée dépendront de la nature et de l’objectif de l’utilisation des données. Le cas échéant, une liste de publications sera incluse avec le dépôt numérique. (c) Tout résultat produit à partir des données à caractère personnel précitées engage la seule responsabilité du nouveau responsable de traitement. Ils ne seront pas inclus en tant qu’auteur de publications ou de présentations sans leur consentement.
  6. Le non-respect de ces engagements entraînera la résiliation de mes privilèges d’accès à ces données.
Italian

(translation courtesy of Dr Francesca Pizzini)

DUA per l’accesso a dati umani identificabili

Version: OBC-GDPR-DUA.it 1.0.0

Richiedo l’accesso ai dati raccolti nell’archivio digitale del <DIPARTIMENTO>, parte dell’<ISTITUZIONE>, situata nella <CITTA’>, <NAZIONE> (di seguito denominato <ABBREVIAZIONE DELL’ISTITUZIONE>).

Accettando questo accordo, divento il responsabile del trattamento dei dati (come definito dal GDPR) a cui ho accesso e sono responsabile dell’accesso a questi dati nei seguenti termini:

  1. Rispetterò tutte le norme e i regolamenti pertinenti imposti dalla mia istituzione e dal mio governo. Questo accordo non ha mai prevalenza sulle vigenti norme generali sulla protezione dei dati applicabili nel mio paese.
  2. Non tenterò di stabilire o recuperare l’identità dei partecipanti allo studio. Non collegherò questi dati a nessun altro database in modo tale da fornire informazioni identificative. Non richiederò la chiave di pseudonimizzazione che collegherebbe questi dati alle informazioni personali di una persona, né accetterò ulteriori informazioni sui singoli partecipanti ai sensi del presente “Accordo sull’Uso dei Dati”.
  3. Non ridistribuirò questi dati né condividerò l’accesso a questi dati con altri, a meno che essi non lo abbiano richiesto in modo indipendente e che sia stato loro concesso l’accesso a tali dati, vale a dire, firmato il presente “Accordo sull’Uso dei Dati”. Ciò include le persone nella mia istituzione.
  4. [OPZIONALE] Quando condivido dati secondari o derivati ​​(ad es. Mappe statistiche o modelli di gruppo), lo farò solo se questi riguardano informazioni di gruppo e se non è possibile dedurre da essi informazioni dai singoli partecipanti.
  5. Farò riferimento alla fonte specifica dei dati accessibili quando presenterò pubblicamente risultati o algoritmi che hanno beneficiato del loro uso: (a) documenti, capitoli di libri, libri, poster, presentazioni orali e tutte le altre presentazioni di risultati derivati ​​dai dati dovrebbe riconoscere l’origine dei dati come segue: “I dati sono stati forniti (in parte) da [Centro di ricerca / Dipartimento universitario] [Università, Paese]”. (b) Gli autori di pubblicazioni o presentazioni che utilizzano i dati devono citare le pubblicazioni pertinenti che descrivono i metodi sviluppati e utilizzati dal [Centro di ricerca / Dipartimento universitario] per acquisire ed elaborare i dati. Le pubblicazioni specifiche che sono appropriate da citare in un dato studio dipenderanno da quali dati sono stati utilizzati e per quali scopi. Se applicabile, un elenco delle pubblicazioni saranno incluse nella raccolta. (c) Né il [Centro di ricerca / Dipartimento universitario] o [Università], né i ricercatori che forniscono questi dati saranno responsabili di alcun risultato e / o di dati derivati. Ed essi non devono essere inclusi come autori di pubblicazioni o presentazioni senza consenso.
  6. La mancata osservanza di queste linee guida comporterà la chiusura dei miei privilegi di accesso a questi dati.
Dutch

(translation courtesy of Dr Patricia Clement and Dr Henk-Jan Mutsaerts)

Overeenkomst voor toegang tot identificeerbare menselijke gegevens

Version: OBC-GDPR-DUA.nl 1.0.0

Ik verzoek toegang tot de gegevens die zijn verzameld in de digitale opslagplaats van de <DEPARTMENT>, onderdeel van de <INSTITUUT>, gevestigd te <STAD>, <LAND> (hierna de <KORTENAAM INSTITUUT> genoemd).

Door deze overeenkomst te accepteren, word ik de gegevensbeheerder (zoals gedefinieerd onder de AVG) van de gegevens, waartoe ik toegang heb, en ben ik verantwoordelijk voor de toegang tot deze gegevens onder de volgende voorwaarden:

  1. Ik zal alle relevante regels en voorschriften naleven die door mijn instelling en mijn regering zijn opgelegd. Deze overeenkomst heeft nooit voorrang op de bestaande algemene regels voor gegevensbescherming die in mijn land van toepassing zijn.
  2. Ik zal de identiteit van de deelnemers van de studie niet proberen vaststellen of terug te vinden. Ik zal deze gegevens niet aan een andere database koppelen op een manier die identificerende informatie zou kunnen opleveren. Ik zal de sleutel tot pseudonimisatie die deze gegevens zou koppelen aan de persoonlijke informatie van een individu, niet opvragen, noch zal ik aanvullende informatie over individuele deelnemers accepteren onder deze overeenkomst voor gegevensgebruik.
  3. Ik zal deze gegevens niet herverdelen of de toegang tot deze gegevens delen met anderen, tenzij ze onafhankelijk toegang tot deze gegevens hebben aangevraagd en gekregen, d.w.z. deze overeenkomst voor gegevensgebruik hebben ondertekend. Dit omvat ook individuen in mijn instelling.
  4. [OPTIONEEL] Bij het delen van secundaire of afgeleide gegevens (bijv. statistische mappen of templates voor groepen), zal ik dit enkel doen indien deze op groepsniveau zijn, waarbij geen informatie van individuele deelnemers af te leiden zijn.
  5. Ik zal naar de specifieke bron van de geraadpleegde gegevens verwijzen, wanneer ik publiekelijk resultaten of algoritmen, die baat hebben gehad bij het gebruik van deze data, presenteer: (a) Papers, hoofdstukken uit boeken, boeken, posters, mondelinge presentaties en alle andere presentaties van resultaten die zijn afgeleid van deze gegevens, moeten de oorsprong van de gegevens als volgt erkennen: “Gegevens zijn (gedeeltelijk) verstrekt door [Onderzoekscentrum / Universitaire Afdeling] [Universiteit, Land]”. (b) Auteurs van publicaties of presentaties die deze gegevens gebruiken, moeten relevante publicaties citeren waarin de methoden die ontwikkeld en gebruikt werden door het [Onderzoekscentrum / Universitaire Afdeling] om de gegevens te verkrijgen en te verwerken, worden beschreven. De specifieke publicaties die geschikt zijn om in een bepaalde studie te citeren, zijn afhankelijk van wat de gegevens zijn en voor welke doeleinden deze gebruikt worden. Indien van toepassing, zal een lijst met publicaties worden opgenomen in de collectie. (c) Noch het [Onderzoekscentrum / Universitaire Afdeling] of [Universiteit], noch de onderzoekers die deze gegevens verstrekken, zijn aansprakelijk voor eventuele resultaten en/of afgeleide gegevens. Ze worden niet zonder toestemming opgenomen als auteur van publicaties of presentaties.
  6. Het niet naleven van deze richtlijnen zal resulteren in het beëindigen van mijn privileges om toegang te krijgen tot deze gegevens.
Norwegian

(translation courtesy of Dr. Kyrre E. Emblem)

Databehandleravtale for tilgang til personsensitive data

Version: OBC-GDPR-DUA.no 1.0.0

På vegne av min institusjon ber jeg herved om tilgang til dataene som er lagret i den digitale databasen til <FORSKERGRUPPE / NAVN><INSTITUSJON>, i <BY>, <LAND> (heretter kalt <INSTITUSJON FORKORTELSE>).

Ved å godta denne avtalen blir jeg databehandler (som definert under GDPR) for dataene jeg får tilgang til, og er således ansvarlig for å oppfylle følgende vilkår:

  1. Jeg vil overholde alle relevante nasjonale- og institusjonelle regler og forskrifter for utveksling og oppbevaring av personsensitive data. Denne databehandleravtalen har aldri fortrinnsrett over andre eksisterende og relevante databehandleravtaler som gjelder ved min institusjon.
  2. Jeg vil ikke forsøke å fremskaffe identiteten til forskningsdeltakerne i studien. Jeg vil ikke koble aktuelle dataene til noen annen database som på en måte kan avsløre pasientsensitiv informasjon. Jeg skal ikke be om koblingsnøkkelen som kan avsløre den enkeltes forskningsdeltakers personlige informasjon, og jeg vil heller ikke godta tilleggsinformasjon vedrørende enkeltdeltakerne som inngår i denne databehandleravtalen.
  3. Jeg vil ikke videreformidle aktuelle dataene eller dele tilgang til disse dataene med andre, med mindre de på et selvstendig grunnlag har fått tilgang til de samme dataene, det vil si undertegnet en tilsvarende databehandleravtale som denne. Dette forhold inkluderer også andre personer ved min institusjon.
  4. [VALGFRITT] Når jeg deler annenhånds data og metadata (for eksempel statistiske sammenfatninger eller generelle maler), vil jeg bare gjøre dette hvis dataene er på gruppenivå, og ikke kan brukes til å trekke ut informasjon om individuelle forskningsdeltakere.
  5. Jeg vil referere til datakilden når jeg presenterer resultater eller algoritmer som har dratt nytte av dataene. For publiseringer av typen; (a) artikler, bokkapitler, bøker, skriftlige og muntlige presentasjoner, samt alle andre presentasjoner hvor resultatene er avledet fra dataene, skal datakilden anerkjennes som følger: “Data ble levert (delvis) av [Forskningsmiljø / Gruppe ] [Universitet, land]”; (b) forfattere av publikasjoner eller presentasjoner som bruker dataene, bør sitere relevante publikasjoner som beskriver metodene som er utviklet og brukt av [Forskningsmiljø / Gruppe ] for å skaffe og bearbeide dataene. De spesifikke publikasjonene som er passende å sitere i en gitt studie vil avhenge av hva dataene ble brukt og til hvilket formål. Når det er aktuelt, kan en liste over relevante publikasjoner bli inkludert i samlingen; (c) Hverken [Forskningsmiljø / Gruppe] eller [Universitetet], eller forskerne som genererte og delte de opprinnelige dataene vil være ansvarlig for resultater og/eller nye data hos mottaker. De skal ikke inkluderes som forfatter av publikasjoner eller presentasjoner uten samtykke.
  6. Mangel på overholdelse av overnevnte vilkår vil føre til oppsigelse og inndragelse av tilgangen til dataene omtalt i denne databehandleravtalen.
Portuguese

(translation courtesy of Ana Pina Rodrigues, Alexandre Sayal, Bruno Direito, Fernando Ferreira-Santos)

Acordo de Utilização de Dados

Version: OBC-GDPR-DUA.pt 1.0.0

Venho, por este meio, solicitar o acesso aos dados depositados no repositório digital do <DEPARTAMENTO>, parte de/a <INSTITUIÇÃO>, sediado em <CIDADE>, <PAÍS> (doravante designado por <SIGLA INSTITUIÇÃO>). Ao aceitar este acordo, assumo as responsabilidades do “responsável pelo tratamento dos dados” (como definido no Regulamento Geral sobre a Proteção de Dados) relativas aos dados a que solicito acesso, e sou responsável pelo acesso aos dados nos seguintes termos:

  1. Cumprirei todas as regras e regulamentos impostos pela minha instituição e legislação nacional. As regras estabelecidas neste acordo complementam as presentes no Regulamento Geral sobre a Proteção de Dados aplicáveis no meu país.
  2. Não tentarei estabelecer ou recuperar a identidade dos participantes do estudo. Não associarei estes dados a outras bases de dados de forma a proporcionar a identificação dos participantes. Não requisitarei a chave de pseudonimização que permitiria a associação dos dados à informação pessoal dos participantes, nem aceitarei informação individual adicional acerca dos participantes em virtude deste Acordo de Utilização de Dados.
  3. Não redistribuirei estes dados nem partilharei com outros o acesso a estes dados, exceto no caso de estes terem solicitado, de forma independente, e lhes ter sido concedido o acesso a estes dados através da assinatura deste Acordo de Utilização de Dados. Isto inclui pessoas da minha instituição.
  4. [OPCIONAL] Quando partilhar dados secundários ou derivados (por exemplo, mapas estatísticos de grupo ou templates), só o farei quando estes representarem o grupo e a informação individual de cada participante não possa ser deduzida.
  5. Farei referência à fonte específica dos dados acedidos quando apresentar publicamente quaisquer resultados ou algoritmos que tenham beneficiado do seu uso: (a) Artigos, capítulos de livros, livros, pósteres, apresentações orais, e qualquer outra apresentação de resultados derivada dos dados deverão reconhecer a origem dos dados desta forma: “Os dados foram disponibilizados (em parte) por <Unidade de Investigação/Departamento Universitário> <Universidade, País>”. (b) Autores de publicações ou apresentações que tenham usado os dados devem citar publicações relevantes descrevendo os métodos desenvolvidos e usados por <Unidade de Investigação/Departamento Universitário> para adquirir e processar os dados. As publicações específicas apropriadas para citação num determinado estudo dependerão dos dados usados e com que objetivos. Quando aplicável, uma lista de publicações será incluída no repositório digital. (c) Nem o <Unidade de Investigação/Departamento Universitário> ou <Universidade>, nem os investigadores que disponibilizaram estes dados serão responsáveis por quaisquer resultados e/ou dados derivados. Estes não deverão ser incluídos como autores de publicações ou apresentações sem o seu consentimento.
  6. O incumprimento destas diretrizes resultará na cessação dos meus privilégios de acesso a estes dados.
Turkish

(translation courtesy of Dr. Esin Öztürk Işık)

Tanımlanabilir insan verilerine erişmek için veri kullanıcı sözleşmesi

Version: OBC-GDPR-DUA.tr 1.0.0

<ŞEHİR>, <ÜLKE>’de kurulmuş olan <KURUM>’una bağlı <BÖLÜM>’ün (bundan sonra <KURUM KISA ADI> olarak anılacaktır) dijital deposunda toplanan verilere erişim istiyorum.

Bu sözleşmeyi kabul ederek, erişim hakkım olan verilerin veri denetleyicisi (GDPR altında tanımlandığı gibi) haline geliyorum ve bu verilere aşağıdaki şartlar altında erişmekten sorumluyum:

  1. Kurumum ve hükümetim tarafından uygulanan tüm ilgili kural ve düzenlemelere uyacağım. Bu anlaşma, ülkemde geçerli olan mevcut genel veri koruma düzenlemelerinden hiçbir zaman yaygın ve üstün değildir.
  2. Çalışma katılımcılarının kimliğini belirlemeye veya almaya çalışmayacağım. Bu verileri tanımlayıcı bilgiler sağlayabilecek şekilde başka bir veritabanına bağlamayacağım. Bu verileri bir bireyin kişisel bilgilerine bağlayacak takma adlandırma anahtarını talep etmeyeceğim veya bu Veri Kullanım Sözleşmesi kapsamındaki bireysel katılımcılar hakkında ek bilgileri kabul etmeyeceğim.
  3. Bağımsız olarak başvurup verilere erişim izni verilmediği, yani bu Veri Kullanım Sözleşmesini imzalamadıkları sürece, kimseye bu verileri yeniden dağıtmayacak veya bu verilere erişimi paylaşmayacağım. Buna kurumumdaki bireyler de dahildir.
  4. [İSTEĞE BAĞLI] İkincil veya türev verileri paylaşırken (örn. grup istatistiksel haritaları veya şablonları), bunu yalnızca veriler grup düzeyinde ise ve bireysel katılımcıların bilgileri veriden çıkarılamıyorsa yapacağım.
  5. Erişilen verilerin kullanımlarından faydalanan sonuçları veya algoritmaları, halka açık bir şekilde sunarken, verilerin özel kaynağına atıfta bulunacağım: (a) Verilerden elde edilen sonuçları sunan bildiriler, kitap bölümleri, kitaplar, posterler, sözlü sunumlar, ve diğer tüm sunumlar, verilerin kökenini şu şekilde teşekkürde belirtmelidir: “Veriler (kısmen) [Araştırma merkezi / Üniversite Bölümü] [Üniversite, Ülke] tarafından sağlanmıştır”. (b) Verileri kullanan yayınların veya sunumların yazarları, [Araştırma merkezi / Üniversite Bölümü] tarafından verileri elde etmek ve işlemek için geliştirilen ve kullanılan yöntemleri anlatan ilgili yayınlara atıfta bulunmalıdır. Herhangi bir çalışmada alıntı yapmak için uygun olan yayınlar, verilerin ne için ve hangi amaçlarla kullanıldığına bağlı olacaktır. Uygulanabilir olduğunda, veri koleksiyona bir yayın listesi dahil edilecektir. (c) Ne [Araştırma Merkezi / Üniversite Bölümü] veya [Üniversite], ne de bu verileri sağlayan araştırmacılar herhangi bir sonuçtan ve/veya türetilmiş veriden sorumlu olmayacaktır. Kendi rızaları olmadan, yayın veya sunum yazarı olarak dahil edilemezler.
  6. Bu yönergelere uyulmaması, bu verilere erişim ayrıcalıklarımın sona ermesine neden olacaktır.

Anonymization tools

Sanitization of headers/filenames

Elimination of facial (and dental) features

Skull stripping

One of the approaches is perform complete skull stripping, e.g. using

Some dedicated de-identification tools work on this principle, e.g. DeID

Faces/dental stripping

More “gentle” approach is to strip out only the areas of face/mouth leaving skull, which might be important for some types of analysis. Usually achieved through alignment of pre-crafted mask to the research participants anatomy and removing of the masked out regions.

Rendering faces unrecognizable

Even more data/information preserving approach is to just obscure facial features in the anatomical images:

Discussions

Chris Gorgolewski (Max Planck Institute for Human Cognitive and Brain Sciences)

Source:

Furthermore, I agree that my anonymised data may be made available to a central MRI data centre. A data centre is an Internet server for anonymised MRI data and makes published image data accessible to researchers around the world. This allows further supplementary processing and repeated analyses. It also serves the purpose of making the results more transparent and accelerating the progress of research in the brain sciences. Some scientific journals already make the on-line availability of data a prerequisite for publication.
Feedback to the post
Pierre Bellec Apr 8, 2014
Thanks for sharing the template ! I tried to get such a paragraph in a consent form three years ago, and after one year of discussion with the IRB I had finally to remove it. I found that at least at my institution it is very important to describe the data repository, data use agreement and anonymization strategy (as well as other variables shared in addition to imaging) in order to get approval.
Michael Hanke Apr 8, 2014
Thanks! That adds some facets that I haven’t used in mine before. Another aspect that I found necessary is to inform participants that data is actually accessible by anyone, not just scientists – this avoids concerns regarding access permissions and authentication. Moreover, at least in Germany participants can change their mind on the data sharing permission and can ask for their data to be removed from a database – even if it may not have an actual effect on privacy once data were out in the open. Lastly, I can confirm that information on what kind of data are shared is important, and at least a rough idea what kind of anonymization strategy is used. Ah and, not giving permission to share data must not lead to “disadvantages” for a person – this is mandated by law in Germany. Not sure what this means in the context of a scientific study, but I would not exclude a participant solely based on his or her unwillingness to share data.
Cyril Pernet Apr 9, 2014
In UK it’s getting crazy. For our data bank we are planning de-identification ie face and ear removal and or scrubbing, you know is case your insurance compagny decides to make 3d models of data, recognize you, and found something weird in your brain that our radiologists and neurologist haven’t seen before …

Issues | Pull requests | Build status | Website

Contribute

Researchers

Survey

Please first fill out this VERY brief survey about the consent forms for your studies: http://goo.gl/forms/2lsmYcOsAs . It only has a few questions and should take a few minutes to fill out. Even if your consent form doesn’t yet include any provision for data sharing, your contribution would be very valuable (although it would consist of simply saying “No”).

Additional Materials

We’re always looking for new materials to add to this shared neuroimaging resource. In particular, we’re looking for:

  • Samples of consent forms allowing re-distribution/deposit to public archives
  • Relevant publications and discussions
  • Changes/recommendations for the ultimate consent form formulation

To add to the materials on this site, please open an issue on our GitHub issues page or send a new pull request via GitHub pull requests. Whether or not you should open an issue or make a pull request depends on the type of contribution you are making.

For sample consent forms and links to relevant publications, please make submissions exclusively via the GitHub issues page. When submitting consent forms, please include a full URL to the form and the desired filename you’d like to see it represented as on the Sample consent forms page. Note that for the URL you submit, persistent URLs such as DOIs are ideal, since these will not require frequent updates to this site in the event that a link moves. If a consent form does not have a DOI associated with it, an Internet Archive Wayback Machine saved page also works well in practice.

Changes to the ultimate consent form should be made via GitHub pull requests.

IRB committee members

We would welcome your feedback very much, in particular:

  • What concerns on public sharing of neuroimaging data you might have if all identifiable information is removed (e.g. skull stripped) and research participants agreed to those terms.
  • What particular consent form composition and wording aspects would you recommend (e.g. “make it an explicit additional form requiring a separate signature”) and why?

Speaking multiple languages?

Please file an issue on GitHub Issues mentioning languages you would like to contribute or help maintain translations for, or simply propose a PR with the translation. We will be happy for you to join our Internationalization (i18n) teams.

Versioning

All Open Brain Constent (OBC) documents now follow following versioning schema:

OBC-<NAME>[.translation] MAJOR.MINOR.PATCH

  • MAJOR - boost when introducing major changes
  • MINOR - any change which might already require translations review/update
  • PATCH - language-specific minor fixes

Translations must use MAJOR.MINOR component from the corresponding English version of the document.

.PATCH is incremented in English version only if change does not require translations update (e.g., a typo).

.PATCH is incremented in translations upon any tune up of translation from its previous state for the same MAJOR.MINOR version.

TODO: more details

Contact information

Acknowledgement

When using our template forms, you can mention that your ethics followed the OBC recommendations: Open Brain Consent working group (2021). The Open Brain Consent: Informing research participants and obtaining consent to share brain imaging data. Human Brain Mapping, 1-7 https://doi.org/10.1002/hbm.25351.

Tackling these challenges requires diverse types of contributions. Every contribution is very welcomed and we try to acknowledge as many as we can. For our repository, the allcontributors bot recognizes the contributors to this initiative - be this in the form of feedback, further content, in-person discussions, review, maintenance or many more contribution types. You can find an overview of the wonderful people that contributed to this project in the associated GitHub repository. Maintainers are encouraged to alert the allcontributors bot if they are aware of a yet unrecognized contribution by commenting on issues or PRs with a bot invocation that follows the structure @all-contributors please add @jane for code feedback review.

||||||| parent of f5135b1 (ENH: prune probably stale email address, added basic info on versioning and instructions to file an issue if to join teams) .. _GitHub issues: https://github.com/datalad/open-brain-consent/issues .. _GitHub pull requests: https://github.com/datalad/open-brain-consent/pulls ======= .. _GitHub issues: https://github.com/datalad/open-brain-consent/issues .. _GitHub pull requests: https://github.com/datalad/open-brain-consent/pulls

>>>>>>> f5135b1 (ENH: prune probably stale email address, added basic info on versioning and instructions to file an issue if to join teams)