Open science results are not used only by researchers, but they are equally accessible to all people, regardless of the purpose of use. Since the aim of open science is to preserve and make machine-readable FAIR data accessible, access is also granted to machines, which makes data usage uncontrollable after they are opened.
This guide provides a quick overview of which ethical and legal aspects are important at different stages of research and how to take them into account. It covers intellectual property rights and personal data protection.
EOSC-Pillar Legal Compliance Guidelines for Researchers: a Checklist (Interactive digital version, March 2022): https://doi.org/10.5281/zenodo.632766
The General Data Protection Regulation (GDPR; EU 2016/679) is an EU regulation that creates a legal framework for personal data protection standards, setting guidelines for processing personal data in the EU. It is directly applicable, meaning it applies uniformly to everyone.
In addition, EU countries have adopted their own data protection laws to clarify aspects missing from the regulation. For example, Estonia’s Personal Data Protection Act (IKS) specifies when ethics committee approval must be obtained before starting research. Due to such differences, it is necessary to compare documents on personal data across countries, which can be conveniently done using the website: Compare data protection laws around the world.
The University of Tartu has developed a guide Data Protection in Research, which addresses personal data processing from research planning to publication and data preservation.
In addition to this guide, decision trees created by the University of Twente are useful: APPROPRIATE USE OF PERSONAL DATA IN SCIENTIFIC RESEARCH ACCORDING TO THE GDP.
If sensitive data processing is expected, a risk assessment and risk matrix should be prepared.
Sensitive Data Expert Group (2020). Sensitive Data Toolkit for Researchers Part 2: Human Participant Research Data Risk Matrix https://doi.org/10.5281/zenodo.4088954
In Estonia, the new Estonian Information Security Standard (E-ITS) is applied, and reviewing its threat catalog makes risk assessment and mitigation easier.
Copyright is a set of personal and property rights belonging to the author. Copyright applies to works considered “any original result in the field of literature, art, or science, expressed in some objective form and perceptible and reproducible through that form either directly or by technical means” (Copyright Act § 4 (2)).
Personal rights of the author cannot be transferred; they remain with the author permanently. Property rights, however, are transferred to the institution under an employment contract, as researchers typically use the employer’s resources and receive a salary.
The owner of property rights can grant part of their rights and define what may or may not be done with the work. This is licensing, and the most common licenses are Creative Commons licenses.
The quickest overview in Estonian can be found in the Wikipedia article on Creative Commons licenses.
A more detailed guide:
Pascal Braak, Hans de Jonge, Giulia Trentacosti, Irene Verhagen, & Saskia Woutersen-Windhouwer. (2020). Guide to Creative Commons for Scholarly Publications and Educational Resources (final) https://doi.org/10.5281/zenodo.4741966
Licensing plays an important role in ensuring the reusability of FAIR data (R – reusable). If a researcher uses a dataset created by someone else, they must show they have the right to do so. The dataset must be licensed, or an agreement must be made with the author.
When granting a license for your own dataset, you must define the conditions under which others may use it.
For making a choice, you can use the License Chooser tool.
