Data repositories and data protection in Ireland
Sinéad RedmondSoftware EngineerDigital Repository of Ireland National University of Ireland Maynooth
DRI Presentation
• An interactive national trusted digital repository for contemporary and historical, social and cultural data held by Irish institutions.
• It provides a central internet access point and interactive multimedia tools, for use by the public, students and scholars.
• Four-year exchequer funded project, comprising six Irish academic partners supported by the National Library of Ireland, the National Archives of Ireland (NAI) and RTÉ
What is the DRI?
DRI Presentation
• Data protection issues for research participants
• Balancing ethical and legal standards• Under what conditions do research data on individuals
constitute personal data?
Review: three topics of today’s workshop
DRI Presentation
Data protection issues for repositories
• Addressing different ethical standards and expectations about audiences
• Changing European legal environment and uncertainty about status of historical, statistical and scientific research
• Under what circumstances might repositories be unable to vindicate ethical commitments to research participants, and how should they address this?
Review: three topics of today’s workshop
DRI Presentation
From our business requirements:
A Trusted Digital Repository The system shall be a trusted digital repository. 1.1 It shall supply provide 'reliable, long-term access to managed digital resources to its designated community, now and in the future'. (RLG-OCLC Report). 1.2 It shall conform to the Data Seal of Approval guidelines or equivalent. 1.3 It shall be an access repository for the humanities and social sciences (HSS). 1.4 It shall have disaster recovery process in place
What does it mean to be a ‘trusted digital repository’?
DRI Presentation
• Is there a tension between data protection requirements and audit requirements – email deletion?
• Is a user email address ‘personal data’?
• What information do we need to provide the user with on registration about how we handle their data?
• At DRI, we will need to expose some user data to ‘Collection Managers’ (archivists) in order to allow CMs to determine whether or not to grant access to their collections. Is this a potential data protection issue?
Discussion points
DRI Presentation
• Does the Data Protection Act apply to research data?
• Do we need to register annually as a data controller?
• Are we a data processor if we are ingesting, e.g., historical medical records?
• If we need to register a data controller – can we do this as consortium or do we need to register as single legal entity?
• Does providing ‘recommended’ links to users constitute direct marketing?
Discussion points