Content for proposals: Privacy, ethics, data management and knowledge security
This document contains generic example texts to be used in proposals. The text should be adapted to the specific project for as much as possible. The Research Office grant advisors and/or the Faculty Data Steward can help you with more detailed texts tailored to the grant you’re applying for.
Personal Data
The [interview/survey/…] data collected for this project constitutes personal data as defined by the GDPR. The researcher will work with the faculty data steward and the VU’s privacy team to ensure compliance with GDPR. The legal ground for processing this data is informed consent. All respondents will be fully informed about the means and purposes of the data processing, and no data will be collected unless this consent has been given. The information sheets that will be used are based on standard forms developed in consultation with the VU’s privacy lawyers, and include information on what data will be processed, the purposes and the legal ground for processing, information on who will be able to access the data, the duration of data retention, and how respondents can exercise their privacy rights. For verification purposes, the data for this project will be retained for 10 years after the last publication. After this, the data will be destroyed. The data will stored on storage infrastructure provided by the VU, which can only be accessed using strong passwords and multi-factor authentication. Data will be pseudonymized after it has been collected. Any data containing directly identifying data (such as the raw, unpseudonymized data) will be stored separately from other data. The VU ensures that any storage solutions offered by third parties [e.g. Research Drive and Yoda by SURF, or qualtrics, name whichever apply] are governed by Data Processing Agreements, and that no personal data is stored outside the EEA [check if this last is true for the specific services you use!].
Ethics
The researcher will work with the Faculty of Social Sciences’ Research Ethics Review Committee (RERC) to ensure that the research is in line with ethics standards governing research at the faculty. The researcher will perform a scan of the research to flag ethics issues and will discuss any issues found with a representative of the RERC. [This really depends on the research. It is wise to do the self-check before and possibly consult your department’s RERC representative]
Research Data Management
Below are two examples of data management paragraphs that can be adapted and expanded to suit most templates. There is one example for projects where the data will not be shared, and one where it will be.
Example with No Data Sharing
The data stored for this project will be stored on secure network storage provided by the VU in accordance with VU’s ICT regulations. Access to the network storage is only granted to authorized personnel, using strong passwords and multi-factor authentication. In compliance with the European Union’s General Data Protection Regulation (GDPR), no personal data will be stored without prior, explicit consent by the data subjects. After completion of the project, all data will be archived for ten years, in accordance with the FAIR principles. Because of the sensitive nature of the data, the data will not be shared publicly but will be accessible for verification purposes. If it is necessary to share the data with individuals outside the VU for verification purposes, access will be governed by a data transfer agreement. Information on the access condition will be made public through a registry of the data set on VU’s Research Portal (which uses PURE). All data storage, archiving and registry solutions will be chosen in consultation with the faculty of social sciences’ data steward. These choices will be documented in a Data Management Plan before the start of the project.
Example with Data Sharing
The data stored for this project will be stored on secure network storage provided by the VU in accordance with VU’s ICT regulations. Access to the network storage is only granted to authorized personnel, using strong passwords and multi-factor authentication. In compliance with the European Union’s General Data Protection Regulation (GDPR), no personal data will be stored without prior, explicit consent by the data subjects. After completion of the project, pseudonymized data will be published on [add repository name, for example DataVerseNL or OSF], where it will be accompanied by rich metadata and full documentation. All data storage and archiving solutions will be chosen in consultation with the faculty of social sciences’ data steward. These choices will be documented in a Data Management Plan before the start of the project.
Knowledge Security
Knowledge scurity is an increasingly important topic, and one that you should address in your research. You may include a text in your proposal to emphasize you have considered this, base on the VU Knowledge Security Framework:
The researchers will follow the VU’s Knowledge Security Framework to ensure that international cooperation can take place in a safe manner. The project will not involve inviduals, companies, or organizations on the EU or UN sanction list. None of the research falls under the dual-use regulation. The researcher will work with the VU’s knowledge security team to prevent misuse of the project’s research outputs.