Copyright licenses and credits





Data protection is both a central issue for research ethics in Europe and a fundamental human right being linked to autonomy and human dignity, and the principle that everyone should be valued and respected. In research settings, data protection imposes obligations on researchers to provide research subjects with detailed information about what will happen to the personal data that they collect. It also requires the organisations processing the data to ensure the data are properly protected, minimised, and destroyed when no longer needed.


Depending on the setting or information in question, the failure to protect personal data against loss or misuse can have devastating consequences for the data subjects. It may also have serious legal, reputational and financial consequences for the data controller and/or processor. Particular attention should be paid to research involving special categories of data (formerly known as ‘sensitive data’), profiling, automated decision-making, data-mining techniques, big-data analytics and artificial intelligence, as such processing operations may pose higher risks to the rights and freedoms of data subjects. The fact that your research is legally permissible does not necessarily mean that it will be deemed ethical.


When developing and implementing your proposal, it is your responsibility to identify the appropriate legal provisions and ensure compliance. Comprehensively addressing data protection issues in your research proposal, which will become part of your contract if selected for funding, can make an important contribution to the accountability of the project. Note that in addition to the GDPR (EU’s 2016 General Data Protection Regulation) national legislation or related EU measures could also apply to your research.


ethics and data protection



Ethical aspect of the project


All topics with personal data (including illustrative videos) are covered by the Data Protection Act GDPR. In order to ensure that the project does not err on ethical issues, it would be wise to consult a local data and ethics protection specialist.


Each institution has its own set of rules for conducting research; in order to be correct, each partner must review its guidelines. Some procedures require informed consent, in other cases the permission of the ethics committee is required.


At Tallinn University ethics review is necessary if:


And if there is no need for ethics committee decision then you can just write:


None of the above criteria were present in the current study, so ethics review was not sought. The current study followed the procedure of informed consent and the participant’s rights were upheld at all times.



Ethical aspects to consider during planning


In your planning process try to imagine ethical issues that may arise during research and how to prevent or solve them. Pay special attention to risks and obstacles: if a large number of people refuse to participate, if you lose data, if it takes remarkably longer to collect data, etc. Which measures are taken to ensure respect to participants’ privacy and data protection? Possible conflicts of interest and subjectivity statement (researcher clarifies his/her connection to the research/participants).



There is stronger legal protection for more sensitive information, such as:



Data management


If personal data are processed in the course of the survey, describe the data protection issues and their solutions, paying attention to the following aspects:



If it is intended to process personal data without the data subject's consent, please justify the following: why it is impossible to obtain the data subject's consent and why the collection of personal data is indispensable; how to ensure that the processing of personal data does not infringe the rights of the data subject.










the data


Project X is committed to being transparent about how it collects and uses the data and to meeting its data protection obligations. This policy sets out the project's commitment to data protection, and individual rights and obligations in relation to personal data. The project will generate and collect video data, speech recordings, text documents, and metadata about individuals as far as is needed to meet the objectives of the project. All data generated within the project (regardless of the format or type) will be in line with the FAIR requirements for interoperability as required by the data centres where the data will be stored and made accessible.


  1. Data protection principles
    Everyone responsible for using data follows the data protection principles which mean that the information is:
    • used fairly, lawfully and transparently
    • used for specified, explicit purposes
    • used in a way that is adequate, relevant and limited to only what is necessary
    • accurate and, where necessary, kept up to date
    • kept for no longer than is necessary
    • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage


    During the X project the following data collection methods will be used for collecting the described types of data:

    • Quantitative data – questionnaires, surveys, activity logs from online participation, trace data from using technical devices
    • Qualitative data – video/audio recordings, interviews, focus group discussions
    The data will be collected by authorized researchers and assistants of the X project.

  3. Rights
    The data collected belong to the X project. The Y University and partner universities manage the collected data on behalf to the project consortium and access is granted to the partners to use the data for research, study and demonstration purposes after proper anonymisation whenever required.

  5. Confidentiality and data security
    Data is be use confidentially by the X project researchers. All collected data during the X project is treated with care to prevent potential breaches in privacy. We never store personally identifying information (such as names and addresses), while geographical information we do store will be sufficiently coarse grained to mean that it cannot be used to identify any one individual. Data we do release contains only this coarse grained information.
    The quantitative data collected during the project is fully anonymised prior any sort of publication, scientific or otherwise. Qualitative data such as interviews are anonymised prior any sort of publication whereas photos and video/audio recordings are only published after obtaining a required publication consent from the participants and only used for the project dissemination activities purposes (e.g., demonstrations in the project website).
    The data is stored at the X University and project partners servers in secure folders managed by the project researchers. The folder is shared for research and dissemination purposes with the project consortium partners when needed.

  7. Documentation on data processing and content
    Quantitative data are maintained in the corresponding CSV matrix file and the changes to it are well documented, recording the version control as the file is updated with new entries. Data describing different processes (e.g., online participation logs, surveys results) is stored separately in corresponding files.
    Qualitative data are also described and stored according to their type (e.g. transcriptions, audio tapes and photographs) for each pilot session. The naming of the data files is systematic and consistent in order to facilitate data management during the research process.

  9. Life cycle
    After the project ends and materials are produced the data created during the process will be archived at Tallinn University or partner universities and it can be used for further research re-use and study purposes.