The present guidelines were adopted by the Executive Board (Radboud University) and the Executive Committee (Radboudumc) on 2 March 2016.
Context of the guidelines
On 25 November 2013, the Executive Board decided to adopt the “university policy on the storage and management of research data”. Managing and granting access to research data generated at Radboud University and Radboudumc in accordance with this policy imply that it must be clear who controls this research data and who is thus authorised to exercise rights to this research data. The general rules for the protection and exploitation of knowledge by Radboud University and Radboudumc that were adopted in 2007 do not touch on this specific subject. The present guidelines have been adopted in order to clarify the matter of the control of data that have been generated by researchers at Radboud University and Radboudumc. As far as the research data generated by research workers is concerned, the main principle is that control rests with Radboud University or Radboudumc (and thus the Stichting Katholieke Universiteit as the umbrella employer) and not with the individual research workers themselves. The guidelines are based on the database law, on the Higher Education and Scientific Research Act (WHV), and on employment law.
- Radboud University or Radboudumc is entitled to store, manage, and grant access to the research data generated by its research workers. This authority is based on the database law, on HESRA, and on employment law.
- It will, to the extent possible, be agreed with researchers who are not employed by the university or by Radboudumc, such as students, interns, and visiting researchers that Radboud University or Radboudumc acquires the right to store, manage, and grant access to the research data generated by these researchers.
- In the case of cooperation between or among universities, it will be agreed to the extent possible that the university where the research data are generated is entitled to store, manage, and grant access to the data. If research data are generated by two or more partners such that the generation of the data cannot be attributed to one of them, then agreements will be made with the other partners on control regarding the research data in relation to storing, managing, and granting access to the data. This provision shall apply, mutatis mutandis, to cooperation between or among university medical centres.
- Where contracts are concluded with external customers for research, the principle is that it will be agreed to the extent possible that Radboud University or Radboudumc is entitled to save, manage, and grant access to the research data.
- As regards the determination of who controls research data that are generated in the framework of subsidised research (the Netherlands Organisation for Scientific Research, the European Union, and so on) the determinant is what is set out in the relevant terms and conditions of the subsidy.
- If and in so far as Radboud University or Radboudumc has control over the research data, control will be exercised by the director of the research institute under whose responsibility the research is carried out. For each research project, the director of the research institute will make further agreements with the Principal Investigator, an individual researcher, or another official designated by the research institute regarding the actual exercise of control. The powers thus granted expire upon a change in function and upon termination of employment of the person concerned.
- Within the framework of the Research Data Management programme, these guidelines will be elaborated into protocols, processes and agreements.
The decision by the Board dated 25 November 2013 regarding data management laid the groundwork for the creation of the conditions necessary for good data management.
In paragraph 4 of its decision, the Executive Board declares that the directors of the research institutes are ultimately responsible for the storage of employees’ data from research that falls under their responsibility and that education directors are ultimately responsible for the storage of data from approved Bachelor’s and Master’s theses. The university ensures centrally that knowledge, advice, and guidance on data management are made available (paragraph 5.a). For each research institute, the overall university policy will be elaborated on and supplemented further (paragraph 7).
In addition to the design of the essential technical (IT) infrastructure that must meet requirements for security, stability, and so on, it is important for data management who has control over those data. Control means the following: the ability to decide on storage of (when, where, and how), destruction of (when and why), and access to data (by whom and under what conditions) and on making them available (to whom, under what conditions).
In short, this means that control of research data rests legally with the employer (and thus not with the employee or researcher). Any restrictions on the free exercise of that right arise from obligations to funding bodies, customers or natural persons (pursuant to the Personal Data Protection Act).
It is emphasised that there is a distinction between control as such (directive, paragraph 1) and the actual exercise of control (directive, paragraph 6). The effective exercise of control (including provision of access to the research data) is vested in the director of the research institute under whose responsibility the research is carried out. The director may subsequently make further agreements with the Principal Investigator, an individual researcher, or another official designated by the research institute.