Data governance / sovereignty policy considerations for research data

[mapkyca]

What topic do you wish to add?

I would like a page discussing data sovereignty of research data with hopes of widening the discussion surrounding this issue.

Instruct is a distributed RI, and has a number of centres in different counties.

This necessarily involves the processing of personal data, proposal metadata and the scientific data required for the proposal to be reviewed (research proposal, preliminary data, communications regarding scientific aspects of the project) of researchers from across Europe and, in some cases, beyond (e.g. applicants and/or reviewers based outside of Europe). There are two aspects to this: one is where the data is physically stored (eg server locations), the second is where it might be accessed from.

Additionally, for sovereignty considerations, as Instruct provides access transnationally, the home country of the researcher and the location of the Instruct facility may both be relevant for the purposes of applicable law. eg National legislation of country X could apply to all researchers from country X using Instruct facilities in any country, or to all users from any country of facility in country X, or both.

In summary:

• What is the definition of research data - obviously research outputs held at a facility, but what about the initial proposal or associated metadata (could be argued either way)?
• For data produced in a facility in country X, how does a researcher access that from country Y, and whose law is in effect?
• If a researcher from country Y produces data in country X, whose country's laws does that data fall under.. who is it owned by? There is a potential of competing national claims

We have run into this at Instruct when dealing with research data in a distributed RI and trying to conduct trans national access. So far we have no specific recommendations or solutions, but it seems like many in our community aren't even aware that this is even a problem.

This is not related to GDPR or specifically user or sensitive data, which the issue is often confused with.

There have been indications that some European countries’ strong national regulations prevent the use of international clouds for international sharing of scientific data. Use of American cloud offerings has even blocked in the past due to national restrictions, and this may cause problems for people who have not considered this as being a problem.

At the moment although EOSC is pushing for the development of tools and policies facilitating open sharing of data resources, there is no consensus and no regulations at the EC level regarding the problem of data sovereignty and the sharing of scientific data at the international level.

Are there existing pages in the RDMkit website related to the requested page?

Perhaps https://rdmkit.elixir-europe.org/data_management_plan

Resources
If there are there resources that could be utilised for writing the new page, please list them below:

Context

TNA projects, distributed RIs

[mapkyca]

To hopefully help, I have begun a provisional document here: https://docs.google.com/document/d/1j-LmUHXeUF5orRqFgUC5jzG1D3xPU23x/edit?usp=sharing&ouid=109622249060170703374&rtpof=true&sd=true

[smza]

To hopefully help, I have begun a provisional document here: https://docs.google.com/document/d/1j-LmUHXeUF5orRqFgUC5jzG1D3xPU23x/edit?usp=sharing&ouid=109622249060170703374&rtpof=true&sd=true

Hi Marcus, @mapkyca

This is interesting content and would be great to have it on the RDMkit website. We were wondering if you still intend to follow this up and complete the page or have other people in mind who could do it, incase you're busy to do this.

Thanks,
RDMkit Editorial Team