Topic
This guide discusses concerns which arise when activity data is shared outside the institution where the data was gathered.
The problem
If you want to share activity data with others then you have to make sure that two aspects are addressed, that you have the right to do so, and that you then distribute the data in an appropriate fashion.
In order to share data you need to have to have the right to do so, Typically this means that you own the intellectual property, and if so, in order for others to legally use the data they need to do so under an suitable license to use that intellectual property.
  • If the data subjects might be able to be identified (i.e. you are realising full data rather than anonymised data or statistical summaries) then the data subjects need to have been informed that sharing can happen when they agreed to the data being collected (and they had a real ability to opt out of this).
Intellectual property rights (IPR)
It is likely that you will own the data produced by any systems that you are running, though it may be necessary to check the licence conditions in case the supplier of the systems is laying any claim to the data. However, if the system is externally hosted then it is also possible that the host may lay some claim to the log-file data, and again you may need to check with them.
  • JISC Legal has a section addressing copyright and intellectual property right law
Licensing activity data
Any data automatically comes with copyright. Copyright is a form of IPR. You need to licence the data in order for other people to legitimately use your IPR, in this case, the data. There are a wide variety of types of licence that you can use, though the most common is likely to be some form of creative commons licence.
Guidance is available from a wide variety of places including:
Data protection
Data protection, which addresses what one may do with personal data, is covered by the Data Protection Act (1998) . Some material which discusses data protection is:
An alternative approach to addressing the needs of data protection is to anonymise the data (see also the guide on anonymising activity data ).