Sharing policies are an important aspect of data stewardship. Your sharing policy should be tailored to your project. You are responsible for describing the data sharing policy for your study.
Your sharing policy is affected by the following questions:
If you will obtain the data as part of a research collaboration, the intellectual property rights and openness of the resulting data should be discussed between the partners before you start collecting data (e.g., who has the first right to valorise the results).
Note that your data sharing policy should not depend on whether your own research confirmed your hypothesis or not. Your research data can still be useful for other researchers.
External access most often means the transfer of certain datasets under certain conditions (restricted access). Contact your legal department (JZ) of Technology Transfer Office (TTO) at the start of your study and before sharing data. They can help you create written agreements (Data Transfer Agreements) on when to share what data with whom under what circumstances. Make clear statements on ownership of data in a consortium, especially when the project ends and with commercial partners.
There is no general answer to this question, for reasons explained below. The UMCs encourage responsible data sharing. Funders and publishers are demanding open access more and more often.
In the era of big data, attitudes towards open access to research data are changing. Traditionally academic institutions as well as companies considered their datasets as their property and assumed a right to protect them. Now, the relevance of using all known data within some kind of research perspective might overrule the present existence of fragmented datasets within institutions and companies. However, public access to datasets will evoke all kinds of new problems concerning privacy and the use of data in social contexts that may harm the persons from which the data were derived.
At present, it is still accepted morality that datasets created in biomedical research are subject to rules of privacy (GDPR) and should not be handed over to third parties outside the domain of biomedical research. Nevertheless, the moral reasoning that warrants limiting access is not overwhelmingly strong if some crucial steps are taken to impede that the persons behind the data are identified. Access rules have been developed to prevent misuse or even abuse by people outside the domain of biomedical research. Moral change in this respect can be expected in the years to come.
As a provider of data you may be involved in designation of a Data Access Committee (DAC) for your data. These DACs have procedures to decide whether data can be shared with a third party. An example of this is the European Genome-Phenome Archive, where each archived dataset has its own DAC. Another example of this is the ‘Division of Biomedical Genetics’ (DBG) Data Access Committee at UMC Utrecht.
The question is not whether the data should be anonymous, since any research data should already be anonymised or pseudonymised. However, anonymous data may become identifiable when datasets are combined. As a data steward, you should consider this before sharing data.
The solutions to this issue are:
Anonymity is an important condition of biomedical research, making it impossible to identify the person behind the data. However, complete anonymity seems almost impossible in the age of digital information technology. By combining data from different datasets, it is, according to some, only a matter of time until every individual can be identified in a so-called anonymous set. In addition, personal data sometimes needs to be part of a dataset in order to allocate later events to the same person. In that case, you need to take extra measures to secure the privacy of the study subjects to be GDPR-compliant.
This depends on the consent, that was given by the patient. In any case, data sharing cannot lead to 'open medical data', unless the data is truly anonymous. The guiding principle is responsible data sharing and protecting the privacy of study subjects. The primary responsibility and integrity of researchers relate to their work and the obligations they have towards those who gave informed consent.
Research data may only be shared with an external commercial party if the patient has provided informed consent for this. You should not hand over exclusive rights to reuse or publish your research data to commercial publishers or agents without retaining the rights to make the data openly available for reuse. See section about intellectual property rights.