2.4 Data Access Policies
This section refers to policies that an archive needs to apply when providing users with access to the data and other resources it holds. Thus, the main policies to be presented include data access and collection policies for designated user communities. Data Repositories usually maintain different data access conditions and subsequent policies because access conditions often rely on the national context. Taking into consideration the statement of Principle 11 in the CESSDA Data Access Policy that “Access conditions to data shall, by 2022, be fully interoperable”, it means that data access policies are situated at the core of every archive’s operations (Bolton, Sharon 2022; Woollard, Matthew, L’Hours, Hervé, and Beedham, Hilary 2016). As of today, there are three levels of access, depending on the nature of the data and agreements with data depositors:
1) Open access to data: Data holdings can be accessed by users at any time and by any means. No registration or authentication is needed and usually data is subject to an open data license (such as CC, Creative Commons n.d.).
2) Restrictive data access (access under conditions):
- Standard access: Data holdings are fully anonymized and available for scientific purposes, upon registration. They may be accessed without special permissions or conditions from the data depositor, i.e. free access via an ordering system, by e-mail or online. Registered users must have accepted the End User License (EUL) of the archive.
- Special conditions access: Data holdings are released, and the user may gain access to data according to the data depositor’s requirements, meaning that a written approval may be needed. In that case, a data registration form is available that includes the given data access conditions and presupposes written permission to access the data. By default, the user must sign the end user license agreement in order to gain access to the material.
- Access under special license: Data that contain more detailed information and are usually not fully anonymized require users to complete a detailed special license form describing in detail the terms of using that data.
3) Controlled data access: the archive reserves the right to permit access to data only through a physical or virtual secure environment or after special training. This applies to data that are considered too confidential or sensitive to be released via downloading.
A key element in enabling data access is for data to have a unique and persistent identifier. A persistent identifier (PID) is a unique and permanent digital reference that makes it possible to find and reuse digital material. PIDs are used to reference digital objects such as documents, web pages, and files. DOIs are one form of PID.
Here is the CESSDA ERIC Persistent Identifier Policy (Hausstein, Brigitte et al. 2017). An essential component of data access policies is the Persistent Identifier policy that a Data Repository implements to meet citation and visibility purposes (see also Chapter 2, 1. Data Collection and Acquisition Policies)
Relevant sections from Chapter 1
1.1 What does an archive look like and what does it do?
1.6 How does an archive make data available?
Links to examples
Some good examples for Data Access policies are the following:
Regulating Access to Data. UKDS. Retrieved from: https://www.ukdataservice.ac.uk/manage-data/legal-ethical/access-control.aspx
Data Access Policy. UKDS. Retrieved from: https://www.ukdataservice.ac.uk/media/604526/cd239-dataaccesspolicy.pdf
Woollard, Matthew, L'Hours, Hervé, & Beedham, Hilary. (2016). CESSDA Data Access Policy (Version 1). Zenodo. https://doi.org/10.5281/zenodo.4054793
Bolton, Sharon. (2022). CESSDA Data Access Policy (Version 2). Zenodo. https://doi.org/10.5281/zenodo.6722000
Hausstein, Brigitte, Borschewski, Kerrin, Jerlehag, Birger, van Horik, René, & van der Vaart, Lilian. (2017). CESSDA ERIC Persistent Identifier Policy (1.0). Zenodo. https://doi.org/10.5281/zenodo.3611317
What to consider when creating or adapting a policy
For any Data Repository to act within the law, it is necessary to have a license agreement for redistribution in place for each data collection. The license should clearly state the rights owner and the data collector, and it should give the conditions under which the Archive can provide access.