Access levels
Access levels
Open Access
- Eligibility: Only anonymised datasets can be hosted under open access.
- Legal/GDPR Implications: Data must be fully anonymised, meaning no individual can be identified directly or indirectly.
- User Responsibilities: All users must comply with ethical standards and the Terms of Service, but no additional approval is required for access.
Controlled Access
- Eligibility: Datasets containing personal or sensitive data, or those with specific use restrictions, must be hosted under controlled access.
- Data Access Committee: Access requests are reviewed by a Data Access Committee (DAC), which evaluates eligibility, intended use, and compliance with the Data Access Policy.
- Legal/GDPR Implications:
- The Data Provider acts as the Data Controller and must define use conditions and restrictions in the Data Access Policy.
- ELIXIR Luxembourg acts as the Data Processor, ensuring secure storage and processing.
- Users must submit a Data Access Request Form and sign the Data Use Agreement (DUA) and Data User Responsibility Acknowledgement (DURA).
- The DAC ensures that access is granted only to eligible users and that all processing is GDPR-compliant.
- Audit and Oversight: The DAC may periodically review access logs and compliance.
Summary Table
| Hosting Option | Data Type | Access Process | Legal/GDPR Requirements |
|---|---|---|---|
| Open Access | Anonymised data | Direct, unrestricted | De-identification, ToS compliance |
| Controlled Access | Personal/sensitive | DAC review, agreements | Data Access Policy, DUA, DURA, GDPR |