How does the General Data Protection Regulation (GDPR) impact the work of SSH researchers? What is the role of Research Infrastructures in supporting them in these challenges?
These were the main questions covered by the webinar Putting Data Protection into Practice: GDPR and the DARIAH ELDAH Consent Form Wizard co-organised by SSHOC and the DARIAH ELDAH (Ethics and Legality in Digital Arts and Humanities) Working Group. The webinar, held on the 13th of October 2020, was an opportunity not only to learn about the principles of the GDPR, and identify the main situations in which management of personal data plays a role in the daily activities of SSH researchers, but also to discover the Consent Form Wizard - a tool that helps researchers obtain GDPR compliant data.
Koraljka Kuzman Šlogar (University of Zagreb/DARIAH-HR) presented the DARIAH ELDAH Working Group, its mission and activities and highlighted how the changing technical environment and digital information landscape is creating new ethical questions and new regulations in terms of data protection & ethics in research. The development of the Consent Form Wizard by the ELDAH WG supports researchers in this transition by providing standardised consent form templates for obtaining legal consent from human participants.
Walter Scholger (University of Graz/CLARIAH-AT) uncovered the important aspects of the European legal framework for data privacy and processing personal data, in short the GDPR, its principles and definition. Explaining that this regulation should be seen as a set of guidelines and not a directive, he explored in detail its applicability (e.g. processing personal data outside of the digital), its limitations and exceptions (e.g. that it does not apply to processing of data of deceased persons, or to anonymised data), and the different roles described in the regulation (Data Controller, Data Processor and Data Subject) which need to be identified in a GDPR-compliant personal data processing scenario.
Finally, he addressed the principles of data processing as defined in the GDPR, and touched upon the process of defining and obtaining consent for personal data processing which might be the one of the most frequent cases where SSH researchers are faced with GDPR requirements.
Image source: https://zenodo.org/record/4090352#.X5vGtIhKiCg (slide 12)
To conclude the round of presentations, Vanessa Hannesschläger (Austrian Academy of Sciences/CLARIAH-AT) highlighted the prevalence of personal data processing scenarios in the SSH research context and explained how these scenarios were used to build the DARIAH-EU ELDAH Consent Form Wizard.
Image source: https://consent.dariah.eu/
Launched last September, the Consent Form Wizard supports humanities researchers within the EU in obtaining valid consent for data processing in the context of their specific professional activity. During the webinar, three scenarios were considered that would require a consent form in order to comply with the GDPR:
Vanessa first explained some principal aspects of the creation of GDPR-compliant forms tailored to specific purposes and data categories via the Consent Form Wizard, which were identified through surveys at international Digital Humanities conferences and workshops among the DARIAH-EU community. She then provided more details about the purpose of the tool, underlining despite the involvement of legal experts in the creation of the Consent Form Wizard, the templates produced via the tool cannot replace the expertise of a dedicated data protection lawyer and cannot provide cover for formal legal liability. In fact, in particular cases, the tool will recommend obtaining additional legal advice. Within the scope of the offered scenarios, however, the templates provided can be considered as best practice recommendations.
Feedback from the participants
The presentations were followed by a hands-on session in small groups where participants were invited to test the Consent Form Wizard and comment on the tool’s functionalities or ask questions.
While one group focused on gathering data/consent for communication and hosting an academic event, two others were discussing the GDPR challenges that can arise while gathering data from and/or about living people for research purposes. One group discussed the limits of the very concept of consent: how can we, as researchers, organise ourselves when the data subjects are people with mental disability, or children, for example? In another group, participants’ questions and presentation of individual cases were an opportunity to discuss how the forms produced by the Consent Form Wizard (i.e. downloadable in a raw format) can be adjusted to an institutional template or integrated in different communication channels.
The conclusion allowed Vanessa, Koraljka and Walter to highlight the main goal of the DARIAH ELDAH Working Group: to contribute to the education of those gathering consent to ensure that data privacy in research is better understood and that practices are GDPR-compliant!
The ELDAH Working Group also organised a virtual workshop focusing on Digital Humanities practices during the DARIAH Annual Event on October 28, 2020.
To stay updated on SSHOC's latest activities, sign up for our newsletter, follow us on Twitter @SSHopenCloud or get in touch at firstname.lastname@example.org.
Article written by Laure Barbot