September 29, 2010 by Riina Vuorikari
Comments (0)
Here is the privacy document of the other project, eTwinning, that I talked about:
http:/
It's been in making for many months, because many stakeholders were involved (e.g. EAC Agency who owns the data (data controller), EUN who is the data processor, Commission's data privacy expert)
Part 2 is important, it outlines what data is collected (2. What personal information do we collect, for what purpose and through which technical means?). We outline 3 areas:
Data related to users’ behaviour within the various areas of the eTwinning platform may be used only for the purpose to carry out research and monitoring by the EACEA, the European Commission, and authorities in charge of implementing eTwinning (e.g., Central Support Services (CSS) and National Support Services (NSS) and national or regional school authorities) and other third parties (for instance, duly authorised research centres and universities). All usage of data by the actors mentioned above must be communicated to the data controller, which reserves the right to deny authorisation to such use.
Data shall not be processed for any other purpose. The legal basis for these processing operations of personal data is listed under point 9.
Then, we outline who can access that data (3. Who has access to your information and to whom is it disclosed?). This is what we learned that we need to add to the privacy document which makes it possible to use the data for our research purposes:
The transfer of specific data to other third parties (e.g., research centres and universities) can be permitted under specific authorisation of the Data Controller. Whenever possible, data will be processed in an anonymous way, especially if transferred to third parties for research purposes.
What happens is that we make a separate contract with each project/researcher/student who uses that data. It outlines the purpose of the research and says that the data can be only used for that purpose, is not shared, etc. It's also important to us to know who does research on our data and that we can use that research to make things better!
So, if anyone else wants to use the data to verify the research results, it is possible to make a new contract with them and make the dataset available.
As for now, we only are getting started with this procedure, but I can imagine that doing this type of research contract can become rather standardised, a bit like this one that I looked at as an inspiration (Data Purchase and Use Agreement for Welfare, Children and Families: A Three-City Study).
