A couple more points about GDPR: Pseudonymized data is specifically called out as still to be considered personal data falling under GDPR. Also, it's important to remember not to confuse Data Protection with Intellectual Property. GDPR is concerned with fundamental human rights.
-
-
Replying to @okeefekat @hansijzerman and
Your "that doesn't feel right" gets directly to the heart of the research ethics principle of informed consent. People entrusted you with their data for the purpose of research. It's fairly & transparently obtained specifically for research, not commercial repurposing.
1 reply 2 retweets 6 likes -
Replying to @okeefekat @Abebab and
But if someone to were legally enforce that (the NC of the license) they would turn to GDPR?
3 replies 0 retweets 0 likes -
Replying to @hansijzerman @Abebab and
Assuming you've got data subjects in the EU, yeah. The researcher as a data controller would be obligated to ensure they follow the core principles of GDPR to protect their fundamental human rights when processing their personal data.
1 reply 1 retweet 3 likes -
Replying to @okeefekat @hansijzerman and
(Apologies if I'm a bit unclear, rambling or repetitive. I'm a few glasses of wine in after a very long day of trying not to stress about the US elections.)
1 reply 0 retweets 3 likes -
Replying to @okeefekat @Abebab and
Totally understandable! (And participants are from all over the world, but I’m in EU)
1 reply 0 retweets 0 likes -
Replying to @hansijzerman @Abebab and
You're definitely obligated to follow GDPR then! Out of curiosity, where is the journal based?
1 reply 0 retweets 1 like -
Replying to @okeefekat @Abebab and
Oh I do follow GDPR, but just wondering whether I can force the license on them:). They’re US based.
1 reply 0 retweets 0 likes -
Replying to @hansijzerman @Abebab and
You can't share the data to them knowing they'll use it for a non-compatible secondary purpose. I'm a bit tired right now to parse controller/controller vs. controller/processor relationship, but either way you need clarity that data will still be treated in a compliant manner.
2 replies 0 retweets 1 like -
Replying to @okeefekat @hansijzerman and
(I'm neither sober enough nor drunk enough to get into the mess of cross-border data transfers and the US right now.)
1 reply 0 retweets 4 likes
TBF wouldn't the uni/dept in theory be able to help out with though? I mean we don't have to go this (dealing with GDPR compliance) alone, right? Employers should help.
-
-
Replying to @o_guest @hansijzerman and
Yes. The Uni should have a DPO to provide clarity. (And I erred earlier. The University is ultimately the data controller, the individual researcher is part of the data controller.) The uni should be providing its researchers guidance and training to ensure compliant processing.
1 reply 0 retweets 1 like -
Replying to @okeefekat @o_guest and
(I’ve provided some of this training, so I’m a bit embarrassed at that lack of basic clarity in the earlier tweet. Good sign I should stop watching election coverage and go to bed.)
0 replies 0 retweets 1 like
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.