Answer: Last Updated: Mar 11, 2024 Views: 319
It is important to agree on responsibilities and terms regarding data collection, management and sharing in projects that involve several organisations.
A data management plan should describe what types of data will be collected/generated as well as roles and responsibilities for the management of those data, including if/what data will be shared between parties, how and when. Data Management Support (DMS) provides templates and support for preparing a data management plan.
Data management and use may also need to be regulated contracually, in a formal agreement, to clarify rights and obligations. The most common example is collaborative research, where, for example, it may be stated in a consortium agreement that "party XYZ owns the results (the data)". This does not mean that party XYZ owns the data as property, but that the party has rights vis-a-vis the other parties which in other contexts usually follow with ownership, such as the right to use the data in further research or commercially, the right to publish them, archive them, etc.
To determine whether you need a formal data agreement and to get help preparing one you should contact Legal affairs. On their web page, under Contract management, there are guidelines for entering into various types of agreements as well as agreement templates. In addition, your funder may have specific templates where data rights and obligations are adressed.
The SLU data management policy includes the following section about data agreements:
The agreements shall specify the data management responsibilities as well as whether and how the data is to be stored and made accessible and which respective party is responsible for archiving and making data accessible. If ownership is agreed upon, it does not mean that a party owns the data but rather that the party has rights and obligations towards the other parties within the project/study that usually come with ownership (such as the right to use the data in further research or commercially, the right to publish, and archive them, etc.). Confidentiality can also be agreed upon but then binds no one other than the contracting parties. The principle of public access to official documents cannot be waived, and should there be no basis for confidentiality according to the Public Access to Information and Secrecy Act then the data must be disclosed upon request. To the extent that a funder imposes requirements on how data within a project or study should be stored and made openly available, the funder's requirements shall be followed, provided that Swedish legislation is complied with. Should data belong to another organisation, such as a private company or a public authority in another country, access may be restricted or blocked. In such cases, it is important that an agreement governs the accessibility and availability of data during the project.
- SLU's data management policy (chapter 4.2)
If personal data are collected, you should discuss which party determines the purpose and means of the processing of personal data. This party or those parties are Personal Data Controllers. If there is more than one Personal Data Controller (“Joint controllers”), they have to determine their respective responsibilities for compliance with the personal data protection obligations under GDPR. If a party does not determine the purpose and means of the personal data, but processes data on behalf of the Controller (e.g. a supplier), a personal data processing agreement is compulsory. Please note that specific precautions must be taken if you cooperate with partners outside the EU/EEA. More information, definitions and templates are available on the SLU web pages about data protection. Contact Legal affairs for advice.
Note that data management plans and agreements should be registered in the SLU records management system Public 360 once set up. Contact the person responsible for registry and archiving routines ("RA-rollen") at your department for help.
Was this helpful? 1 0