Sharing activity data: Legal issues
This guide discusses concerns which arise when activity data is shared outside the institution where the data was gathered.
If you want to share activity data with others then you have to make sure that two aspects are addressed, that you have the right to do so, and that you then distribute the data in an appropriate fashion.
In order to share data you need to have to have the right to do so, Typically this means that you own the intellectual property, and if so, in order for others to legally use the data they need to do so under an suitable license to use that intellectual property.
- If the data subjects might be able to be identified (i.e. you are realising full data rather than anonymised data or statistical summaries) then the data subjects need to have been informed that sharing can happen when they agreed to the data being collected (and they had a real ability to opt out of this).
Intellectual property rights (IPR)
It is likely that you will own the data produced by any systems that you are running, though it may be necessary to check the licence conditions in case the supplier of the systems is laying any claim to the data. However, if the system is externally hosted then it is also possible that the host may lay some claim to the log-file data, and again you may need to check with them.
- JISC Legal has a section addressing copyright and intellectual property right law
Licensing activity data
Any data automatically comes with copyright. Copyright is a form of IPR. You need to licence the data in order for other people to legitimately use your IPR, in this case, the data. There are a wide variety of types of licence that you can use, though the most common is likely to be some form of creative commons licence.
Guidance is available from a wide variety of places including:
- JISC OSS Watch has a section on IPR and licensing.
- The Licensing Open Data: A Practical Guide by Naomi Korn and Charles Oppenheim
- The JISC sponsored IPR and licensing module that can be found at http://www.web2rights.com/SCAIPRModule/ . Within that you might be particularly interested in:
- Introduction to licensing and IPR http://xerte.plymouth.ac.uk/play.php?template_id=352
- Creative Commons license: http://xerte.plymouth.ac.uk/play.php?template_id=344
Data protection, which addresses what one may do with personal data, is covered by the Data Protection Act (1998) . Some material which discusses data protection is:
- JISC Legal has a section on data protection
- Edinburgh University has produced a useful set of a definitions
An alternative approach to addressing the needs of data protection is to anonymise the data (see also the guide on anonymising activity data ).