-
Notifications
You must be signed in to change notification settings - Fork 7
/
index.Rmd
275 lines (231 loc) · 13.1 KB
/
index.Rmd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
---
title: "Data Privacy Handbook"
author: "Utrecht University | Last updated: `r Sys.Date()`"
date: '`r format(Sys.time(), "%d %B %Y")`'
site: bookdown::bookdown_site
documentclass: book
description: |
The Data Privacy Handbook is a practical guide on handling personal data in
scientific research, created by Utrecht University's Research Data Management
Support.
url: "https://utrechtuniversity.github.io/dataprivacyhandbook/"
github-repo: "utrechtuniversity/dataprivacyhandbook"
cover-image: "img/cover-image-dph.png"
favicon: "img/favicon.ico"
apple-touch-icon: "img/apple-touch-icon.png"
apple-touch-icon-size: 180
linkcolor: #C00A35
urlcolor: #C00A35
citecolor: #C00A35
---
# (PART\*) Intro {-}
```{r setup, include=FALSE}
knitr::opts_chunk$set(echo = FALSE,
warning = FALSE,
message = FALSE,
fig.align = "center")
Sys.setlocale("LC_TIME", "English")
local({r <- getOption("repos")
r["CRAN"] <- "https://cloud.r-project.org"
options(repos=r)
})
```
# Data Privacy Handbook
```{r, results='asis'}
# Only include the DOI badge for html output (does not work with pdf)
if(knitr::is_html_output()){
cat("[](https://zenodo.org/badge/latestdoi/329296206)")
}
```
*Last Handbook update: `r format(Sys.time(), "%d %B %Y")`*
## About
The Data Privacy Handbook is a practical guide on handling personal data in
scientific research, primarily written for Utrecht University researchers and
research support staff in the Netherlands. It is an initiative of
[Research Data Management Support](https://www.uu.nl/en/research/research-data-management){target="_blank"},
in collaboration with privacy and data experts at Utrecht University.
The Data Privacy Handbook consists of:
- A **knowledge base** which explains how the EU General Data Protection
Regulation (GDPR, Dutch: Algemene Verordening Gegevensbescherming) applies to
scientific research, including guidelines and good practices in carrying out
GDPR-compliant scientific research;
- An overview of privacy-enhancing **techniques & tools** and practical guidance
on their implementation;
- **Use Cases** in the form of research projects with privacy-related issues,
for which a reusable solution (e.g., tool, workflow) is shared.
:::note
This is an Utrecht University (UU) community-driven,
[open source project](https://github.com/UtrechtUniversity/dataprivacyhandbook){target="_blank"}.
We welcome feedback and contributions of any type, please read our
[contributing guidelines](https://github.com/UtrechtUniversity/dataprivacyhandbook/blob/main/CONTRIBUTING.md){target="_blank"}
for more information.
:::
:::warning
If you work at the University Medical Centre Utrecht (UMCU) or any other
institution outside of Utrecht University, some of the guidelines in the Data
Privacy Handbook may not be in line with your institutional guidelines. Please
consult with your local privacy staff whenever you are in doubt about this.
:::
### License and Citation
The Data Privacy Handbook is licensed under a
[Creative Commons Attribution 4.0 International License](https://creativecommons.org/licenses/by/4.0/){target="_blank"}.
You can [view the license here](https://github.com/UtrechtUniversity/dataprivacyhandbook/blob/main/LICENSE.md){target="_blank}.
When using (parts of) the Data Privacy Handbook in your work, please cite us:
> Research Data Management Support et al. (2023). Data Privacy Handbook (v2023.11.24). Utrecht University, https://doi.org/10.5281/zenodo.8005847. Last updated on `r Sys.Date()`.
### Contributions
The Data Privacy Handbook is a collaborative effort, made possible by a large
number of contributors. All contributors can be found in our
[GitHub repository](https://github.com/UtrechtUniversity/dataprivacyhandbook/blob/main/contributors.md){target="_blank"}.
Would you like to contribute to this Handbook yourself? Please follow our
[Contributing guidelines](https://github.com/UtrechtUniversity/dataprivacyhandbook/blob/main/CONTRIBUTING.md){target="_blank"}
and the [Style guide](https://github.com/UtrechtUniversity/dataprivacyhandbook/blob/main/styleguide.md){target="_blank"}.
## How to use this Handbook
The Data Privacy Handbook aims to make knowledge and solutions on handling personal
data *Findable, Accessible, Interoperable, and Reusable* (FAIR) and present them in
a practical format.
The Handbook need not be read like a textbook. You are invited to navigate to the
topic you need based on the table of contents, or use the guide below.
### What are you looking for?
I want to...:
<ul style="list-style: none;">
<li>
<details>
<summary>Learn about the GDPR in the context of scientific research</summary>
<ul>
<li>[Introduction to the GDPR](#gdpr)</li>
<li>[Definitions](#glossary)</li>
</ul>
</details>
</li>
<li>
<details>
<summary>Plan a GDPR-compliant research project</summary>
<ul>
<li>[Designing your research project](#privacy-by-design)</li>
<li>[Choosing a legal basis](#legal-basis)</li>
<li>[Assessing the risks in your project](#risk-assessment),
for example using a [privacy scan](#privacy-scan),
[Data Protection Impact Assessment](#dpia), or
[Data classification](#data-classification)</li>
<li>[Informing participants](#privacy-notices)</li>
<li>[Obtaining consent](#informed-consent-forms)</li>
<li>[Collaborating on personal data](#data-sharing-collaboration)</li>
<li>[Setting up agreements](#agreements)</li>
</ul>
</details>
</li>
<li>
<details>
<summary>Work safely with personal data</summary>
<ul>
<li>[Storing personal data](#data-storage)</li>
<li>[Finding suitable tools and services](#tools-and-services)</li>
<li>[De-identifying personal data](#pseudonymisation-anonymisation)</li>
<li>[Securely analysing personal data](#secure-computation)</li>
<li>[Sharing personal data during research](#data-sharing-collaboration)</li>
<li>Using other approaches to protect personal data, such as
[encryption](#encryption),
[statistical approaches to de-identification](#statistical-privacy),
[synthetic data](#synthetic-data), or
[data donation](#data-donation)</li>
</ul>
</details>
</li>
<li>
<details>
<summary>Share personal data with others</summary>
<ul>
<li>[Sharing data legally](#legal-basis)</li>
<li>[Sharing personal data during research](#data-sharing-collaboration)</li>
<li>[De-identifying personal data](#pseudonymisation-anonymisation)</li>
<li>[Securely analysing personal data](#secure-computation)</li>
<li>[Using GDPR-compliant tools and services](#tools-and-services)</li>
<li>[Sharing personal data for reuse](#data-sharing-reuse)</li>
<li>[Sharing personal data case by case](#agreements)</li>
</ul>
</details>
</li>
<li>
<details>
<summary>Learn from other projects</summary>
<ul>
<li>[Minimising personal data in a survey](#pet-survey)</li>
<li>[Pseudonymising different types of data](#youth-pseudonymisation)</li>
<li>[Publishing metadata only](#open-science-questionnaire)</li>
<li>[Reusing education data for research purposes](#reuse-education-data)</li>
</ul>
</details>
</li>
<li>
<details>
<summary>Get help or information</summary>
<ul>
<li>[Getting help at Utrecht University](#seeking-help)</li>
<li>[Definitions](#glossary)</li>
<li>[References](#references)</li>
</ul>
</details>
</li>
</ul>
## Disclaimer
The content presented in the Data Privacy Handbook has been carefully curated by
Research Data Management Support, in collaboration with privacy officers and
data experts of Utrecht University.
The Data Privacy Handbook is a 'living' book that is continually being written,
updated and reviewed. Its contents can therefore change, or become outdated or
redundant. Hence, the information presented is provided "as is", **without
guarantees of accuracy or completeness**.
As scientific research may differ depending on the discipline, topic, and
context, measures needed or taken to ensure GDPR-compliance will vary across
research projects. The authors can therefore **not be held responsible, nor
accountable** for any negative consequences arising from interpretation and use
of the content of the Data Privacy Handbook.
The Handbook does not necessarily
constitute a mandatory directive. **For the most up-to-date and official/
authoritative information, please refer to the
[university website](https://www.uu.nl/en/research/research-data-management){target="_blank"}
and [intranet](https://intranet.uu.nl/en/knowledge-base/privacy-at-uu){target="_blank"},
to which this Handbook is a hands-on, practical supplement**. Moreover, before
implementing the guidance laid out in this Handbook, always seek the advice of
your privacy officer or RDM Support to confirm the suitability of any proposed
solution to your project.
Throughout the Data Privacy Handbook, links to external webpages may be provided
for additional information or assistance. The authors of the Data Privacy
Handbook are **not responsible for the content of any such linked webpages**, nor
is the content of external webpages necessarily endorsed by Utrecht University.
Utrecht University is committed to sharing knowledge in line with the principles
of open science and therefore welcomes readers from outside of the organisation.
However, the contents of the Data Privacy Handbook may not be in line with readers’
institutions’ policies or views. For more authoritative information, these
readers should refer to resources from their own institutions.
## Your own privacy {#privacy-policy}
:::keywords
This page was last updated on 2023-08-28
:::
We use Google Analytics to track the usage of the (online version of the) Data
Privacy Handbook. We do this, because we want to see how often the Data Privacy
Handbook is being visited, how users find it, and which pages are most useful.
With your consent, Google Analytics places a tracking cookie in your web
browser. The amount of tracked details is limited to:
- Which pages you visit and for how long
- Generic aspects of your behaviour on the page, such as clicks and scrolls
- How you found the page (e.g., directly or via another website)
- From what country you are accessing the page
- What language your browser is in
- How you are accessing the page (e.g., via desktop or mobile)
We do not collect your detailed location, and use IP address "anonymisation" to
prevent other unnecessary details from being collected.
This information is stored at Google for 2 months, and shared with the
maintainers of the Data Privacy Handbook and a selection of communication
professionals at Utrecht University.
:::fyi
Besides clicking Accept or Reject in the cookie banner, you can also:
- use the
[Google Analytics Opt-out Browser Add-on](https://tools.google.com/dlpage/gaoptout){target="_blank"}
to prevent websites, including this one, from tracking you
- disable or block tracking in your browser settings
:::
If you have questions or comments about tracking cookies, please consult the
[Google Analytics documentation](https://support.google.com/analytics/){target="_blank"}
or [contact us](https://www.uu.nl/en/research/research-data-management/contact-us){target="_blank"}.