Table 1
Legal impediments to the Objective of Enabling Open Access to Research Data.
| Legal Impediments | How Does The Legal Impediment Arise? | |
|---|---|---|
| 1 | Intellectual property protection in research data | Access to and reuse of the research data protected by intellectual property rights is restricted and subject to permission from data owner. |
| 2 | Ambiguity about ownership of research data | The ambiguity hinders data sharing/self-archiving practices/open access participations among university researchers as the researchers are unsure whether they have the right to deposit the research data in open access repository. |
| 3 | Data owner’s exclusive rights in research data | A data owner who does not want to lose control over the research data may exercise their exclusive rights by refusing to release the research data in open access environment. |
| 4 | The restrictive scope of the legitimate use of research data | Data users are in a state of uncertainty whether their usage is within the permitted acts, preventing them from utilizing the research data deposited in open access repositories. |
| 5 | Complex and lengthy licensing procedures for research data | Licensing of research data which are protected under copyright law is costly and time consuming, and is not well suited to be used in the digital environment. |
| 6 | Data creator’s moral right of integrity/attribution | Lack of attribution discouraged data creators from sharing their research, while moral right of integrity enables data creators to prevent data users from making alteration or modification to the research data that tarnishes their honor or reputation. |
| 7 | Non-disclosure duty of confidential research data | Disclosure of research data which are subject to promise of confidentiality or under non-disclosure agreement is prohibited unless the research participants can be re-contacted for permission. |
| 8 | The right to informational privacy of subjects of research data | Disclosure and use of personal information against the will or consent of identified or identifiable data subjects will violate their right to informational privacy. |
| 9 | Protection of national security | Disclosure of research data which is classified as prejudicial to national security is restricted. |
| 10 | Novelty requirements in patent law | Researchers are required by the law to restrict, limit, delay or withhold disclosure of research data until the patent application has been filed. |
| 11 | Lack of a legal duty to ensure data quality | Since open access data providers have no legal duty to ensure data quality, data users are at risks of accessing and re-using incomplete, unfit, inaccurate or erroneous research data. |
Table 2
Principles/Policies/Guidelines Which Have Been Selected as Data Samples.
| Institutions | Principles/Policies/Guidelines |
|---|---|
| National Health & Medical Research Council (US) | ‘NHMRC Statement on Data Sharing’ (2016). |
| Australian Research Council | ARC National Principles of Intellectual Property Management for Publicly Funded Research 2015. |
| International Development Research Centre (Canada) | Open Access Policy for IDRC-Funded Project Outputs 2015. |
| Government of Canada | Policies and Guidelines: Research Data (2011). |
| Directorate-General for Research & Innovation, European Commission | H2020 Programme Guidelines on Open Access to Scientific Publications and Research Data in Horizon 2020’ (2016). |
| Government of the Republic of Slovenia, | ‘National Strategy Of Open Access To Scientific Publications And Research Data In Slovenia 2015–2020’ (2015). |
| European Union | EU Guidelines on recommended standard licences, datasets and charging for the reuse of documents (2014/C 240/01). |
| RECODE | Policy Guidelines For Open Access And Data Dissemination And Preservation: A Practical Guide For Developing Policies For Research Funders (2014). |
| Research Council of Norway | Open Access to Research Data Policy for The Research Council of Norway 2014 |
| Secretary-General of the OECD | OECD Principles and Guidelines for Access to Research Data from Public Funding 2007. |
| Natural Environment Research Council (UK) | NERC Data Policy – Guidance Notes Version 2.1 (May 2016) |
| Biotechnology and Biological Sciences Research Council (UK) | BBSRC Data Sharing Policy: Version 1.2 (March 2016 update). |
| Research Councils UK | RCUK Guidance On Best Practice In The Management Of Research Data 2015. |
| Economic and Social Research Council (UK) | ESRC Research Data Policy 2015. |
| The UK Government | UK Cabinet Office, ‘G8 Open Data Charter 2013’. |
| Science and Technology Facilities Council (STFC) | STFC Scientific Data Policy 2011. |
| Cancer Research UK | CRUK Data Sharing Guidelines 2009. |
| Institute of Education Sciences | IES Implementation Guide for Public Access to Research Data 2016. |
| US Office of Science & Technology | US Office of Science & Technology Policy: ‘Increasing Access to the Results of Federally Funded Scientific Research’ (2013). |
| National Institutes of Health (US) | Plan for Increasing Access to Scientific Publications and Digital Scientific Data from NIH Funded Scientific Research 2015. |
| Department of Veterans Affairs (US) | Policy and Implementation Plan for Public Access to Scientific Publications and Digital Data from Research Funded by the Department of Veterans Affairs (2015). |
| University of North Texas | Denton Declaration on Open Access to Research Data 2012. |
| The USA Government | US Open Government Data Principles (OGD) 2007. |
| Open Knowledge Foundation Working Group on Open Data in Science | Panton Principles for Open Data in Science 2010. |
Table 3
Measures Adopted to Address the Legal Impediments to Open Access to Research Data.
| LEGAL IMPEDIMENTS | MEASURE 1 | MEASURE 2 | MEASURE 3 |
|---|---|---|---|
| Intellectual property protection in research data | The policy should set open access for research data as the default and mandatory requirement (RECODE). | Research data have to be shared freely on the internet, as open as possible, accessible with as few restrictions as possible through public database or repositories (Government of the Republic of Slovenia; NHMRC). | Non-proprietary research data have to be made available in a format over which no entity has exclusive control (OGD Principles). |
| Ambiguity about ownership of research data | Ownership will initially be vested in the employer/research institutions receiving and administering the grants (NERC; ARC). | IP generated as a result of collaborative endeavours between research institutions will vest as agreed between those institutions (ARC). | Research institutions must have policies relating to the ownership IP generated as a result of public funding (NHMRC). |
| Data owner’s exclusive rights in research data | Embargo period to enable researchers to publish findings are between of 30 to 60 days after data collection (NIH), no longer than 12 months from the end of the grant (ESRC), maximum of two years from the end of data collection (NERC), never later than three years after the project has concluded (NERC). | ‘Published’ data should be made available as soon as possible (NIH), never later than at the time of publication (Research Council of Norway), at the time of publication in machine readable format (NIH), within six months of the date of the relevant publication (STFC). | Data owner will be required to grant to the funder a non-exclusive licence to allow the funder to manage and supply the data for reuse (NERC). |
| The restrictive scope of the legitimate use of research data | Data owner to grant rights to use and reuse the research data, to the widest range of users for the widest range of purposes, permitting any user to download, copy, analyse, re-process, pass them to software or use them for any other purpose (RCUK); Government of the Republic of Slovenia; EU; Research Council of Norway; UK Cabinet Office; Panton Principles; OGD Principles). | The use of licenses which limit commercial reuse or limit the production of derivative works by excluding particular purposes or persons or organizations is strongly discouraged (Panton Principles). | Any restrictions should be outlined in the data sharing plan and applicants should explore ways data sharing requests can be considered by the body that owns the data (CRUK). |
| Complex and lengthy licensing procedures for research data | The license should be internationally recognized/worldwide, perpetual, royalty-free, irrevocable by using Creative Commons (CC) licenses (version 4.00)/CC Zero Public Domain Dedication and Licence (Research Council of Norway; EU; Panton Principles). | Research data related to publication should be explicitly placed in the public domain/in the form of waiver of license (Panton Principles). | Research data for which no restrictions apply should be in the public domain by using CC0 Public Domain Dedication to make a research data license-free (OGD Principles). |
| Author’s moral rightof integrity | Data users should acknowledge the sources of their data (RCUK). | Data users must provide citation of the research data (Denton Declaration). | Data users must give appropriate attribution/credit to the originator/proprietor of the research data (NIH). |
| Non-disclosure duty of confidential research data | Anonymization/Confidentiality procedures that ensure a satisfactory level of confidentiality to preserve as much data utility as possible for researchers (OECD). | Researchers to develop a data management plan that protects the rights of study participants and confidentiality of the data (IES). | Researchers can opt out at any stage (either before or after signing the grant) to free themselves from the obligations of open access (European Commission. |
| The right to informational privacy of subjects of research data | Research data should be de-identified/redacted to strip all identifiers that would permit linkages to individual research participants and variables that could lead to deductive disclosure of the identity of individual participants (Government of Canada); IES). | Depositing data in data secure access facility/data archives or enclaves/making personal data protection a contractual obligation/sign data sharing agreement before data release/used of ‘Smart Notices’ to indicate the original purpose of personal data collection (ESRC; IES; RCUK; EU). | Where data cannot be stripped of identifiers, data may be exempted from the data sharing (Government of Canada). Researchers to apply for Certificates of Confidentiality to protect identifiable research information from forced disclosure (NIH). |
| Protection of national security | When open access to the data may threaten personal or national security, the datasets must not be made openly accessible (Research Council of Norway). | Specific aspects of the data may need to be kept protected (Government of Canada). | |
| Novelty requirements in patent law | There may be a need to delay data release/sharing for a period of time, until the patent applications have been filed by the institutions or researchers (CRUK). | Policies may permit delays in sharing research data for a period of time, in cases whereby institutions or researchers are applying for patents or developing new applications based on that data (Government of Canada. | If the outcomes of the research result in inventions, the provisions of the Bayh-Dole Act of 1980 apply (NIH). |
| Lack of a legal duty to ensure data quality | The licensor provides the information ‘as is’ and assumes no responsibility for its correctness or completeness (EU). |
| RESEARCH DATA PROTECTED AS INTELLECTUAL PROPERTY | |
|---|---|
| 1. | Research data may be protected as intellectual property especially where sufficient effort has been expended to make the research data as original works. |
| 2. | The intellectual property protection of research data does not relinquish the research data from being a subject of data release under the policy. |
| 3. | Data owner is to permit open access to research data in accordance to the requirement of the funding agency. |
| 4. | Where data owner is an institution, the researcher who is the creator/originator of the research data must be appointed as data custodian to give effect to data release. |
| OWNERSHIP OF PUBLICLY FUNDED RESEARCH DATA | ||
|---|---|---|
| 1. | To avoid any ambiguity about ownership and worldwide right, title and interest to or in all publicly funded research data in Malaysia which are covered under this Guidelines, it is hereby clarified that: | |
| i. | Where the research data is created/originated individually by a researcher who is an employee/registered student of the institution administering the research grant, full ownership and worldwide right, title and interest to or in the research data is vested in the institution regardless whether the research data is originated or created in or outside the course of employment/learning activities. | |
| ii. | Where the research data is created/originated jointly under research collaboration, ownership and worldwide right, title and interest to or in the research data is vested in the institution where the researcher is employed/attached/registered, in equal share with the collaborating party. | |
| For the purpose of this guidelines: | ||
| i. | the terms “employee” and “student” are to be interpreted in accordance to the law, constitution or policy of each institution; | |
| ii. | the research data is created/originated individually when the research data is the work of a singular nature, is made up of distinguishable contributions (where each contribution can be identified as coming from a particular researcher) and the research data is independently copyrightable; | |
| iii. | the research data is created/originated jointly when the research data is the unified/composite/blended work, is made up of indistinguishable contributions (where each contribution cannot be identified as coming from a particular researcher) or the contribution is distinguishable but copyright of the research data is dependent on the work of other researcher. | |
| DATA EXCLUSIVITY | ||
|---|---|---|
| 1. | Data owner/creator/originator has a legitimate interest in benefiting from the research data but not in prolonged exclusive use of the research data. | |
| 2. | Data owner/creator/originator is allowed a limited period of data exclusivity, during which a data owner has the exclusive rights in research data. | |
| 3. | The period of data exclusivity depends on the requirement of the funding agency. | |
| 4. | Where the period of data exclusivity is not fixed by the funding agency, it is expected that data release is to be given effect: | |
| i) | not later than two years from the collection/creation of the research data; or | |
| ii) | immediately upon the first publication based on the research data; or | |
| iii) | not later than one year from the end (either by expiry or termination) of the award/grant which funds the collection/creation of the research data; or | |
| iv) | not later than one year upon completion of the research project for which the research data is collected/created. | |
| 5. | The earliest data release of the three options shall be the expiry period of data exclusivity. | |
| 6. | A longer period of data exclusivity shall be allowed only in exceptional circumstances and subject to approval by the funding agency. | |
| 7. | Upon the expiry of the data exclusivity, the research data must be released in accordance to the policy of the funding agency. | |
| 8. | Data owner is required to grant to the funding agency a non-exclusive licence to allow the funder to manage and supply the released data for reuse. | |
| THE LEGITIMATE USE OF RESEARCH DATA | ||
|---|---|---|
| 1. | Pursuant to the principles of open access which requires the research data to be released with as few restrictions as possible, data owner must expand the scope of the legitimate use of research data which are protected by copyright beyond the fair dealing exceptions. | |
| 2. | For the purpose of clarity, the expansion of the scope of the legitimate use of research data beyond fair dealing exceptions should include: | |
| 1) | for commercial gain; | |
| 2) | permitting data user to download, copy, analyse, re-process, pass them to software or use them for any other purpose; | |
| 3) | to distribute full-copies of the research data to the public; | |
| 4) | to burn copies of the research data on CDs for bandwidth-poor parts of the world; | |
| 5) | to distribute semantically-tagged or otherwise enhanced (modified) versions of the research data; | |
| 6) | to migrate the research data to new formats or media to keep them readable as technologies change; | |
| 7) | to create and archive the research data for long term preservation; | |
| 8) | to include the research data in a database or mash-up; | |
| 9) | to make an audio recording of a textual research data; | |
| 10) | to translate a text of the research data into another language; and | |
| 11) | to copy a text of the research data for indexing, text mining and other kinds of processing | |
| LICENSING RESEARCH DATA | |
|---|---|
| 1. | Research data which are protected as copyright, sui generis database rights or other “copyright-like” rights and which are released under the policy must be licensed under Creative Commons License with the most liberal CC License which reserves only the right to be attributed as data owner (CC-BY) to be adopted. |
| 2. | While Creative Commons Zero Waiver (CC0) licence and Open Data Commons Public Domain Dedication and Licence (PDDL) are more liberal than CC-BY licences, both CC0 and PDDL licences with no rights reserved are inconsistent with the principles of open access not to harm the intellectual property rights in research data and to balance the interests of all stakeholders. |
| MORAL RIGHTS OF DATA CREATOR/ORIGINATOR | |
|---|---|
| 1. | Data creator/originator is required to permit alteration and modification of the research data which are released under open access policy through a non-assertion pledge of his/her moral right of integrity in the research data. |
| 2. | In return, data users are required to recognise the intellectual contributions of researchers who create/originate/generate, preserve and share the research data. |
| 3. | Data users are required to acknowledge the sources of their data by giving data creator/originator appropriate attribution/credit for the research data which they exploit. |
| 4. | Data users may use the citation and DOI-specific metadata laid out in the DataCite or other appropriate citation and metadata scheme. |
| CONFIDENTIAL RESEARCH DATA | |
|---|---|
| 1. | Data release must be given effect without violating the non-disclosure duty of confidential research data arising from promise of confidentiality, common law duty (tort or equity) or contractual duty such as confidential agreement or non-disclosure agreement. |
| 2. | Confidential research rata must be released using statistical methods such as data suppression, data random perturbations, data coding and recoding which protect the confidentiality of the research data. The statistical methods recommended above must balance the non-disclosure duty against the possibility that the methods applied will also reduce the quality and integrity of the research data. |
| 3. | Where statistical methods recommended above are not appropriate/possible, data release must not be given effect. Instead, confidential research data must be deposited in data archive/enclave which is provided by the research institution/funding agency. |
| 4. | The data archive/data enclave shall provide a secured, controlled environment where technical mechanisms such as encryption and password are to be used to protect the research data from unauthorized third party’s access and reuse. |
| 5. | Where the confidential research data is deposited in data archive/enclave, disclosure of the research data may be considered upon ad hoq request made by the third party, either individual or organisation. |
| 6. | Where ad hoc request is made by the third party, disclosure of confidential research data can only take effect after full compliance of the Data Security Procedure of the policy. |
| THE INFORMATIONAL PRIVACY OF SUBJECTS OF RESEARCH DATA | ||
|---|---|---|
| 1. | The research data may contain: | |
| i. | personal information which directly identifies or which could be used to identify subject of research data such as name, address, passport, identity card number, telephone number, e-mail address, photograph, fingerprint, DNA and social security numbers (hereinafter referred as “direct identifier”); | |
| ii. | indirect identifier that could lead to “deductive disclosure” of subject of research data. Deductive disclosure of subject of research data become more likely when samples are drawn from small geographic areas, rare populations or linked data sets; or | |
| iii. | sensitive personal information such as health information, genetic information, race, religion, culture, ethnicity, national origin, gender, age, marital status, socio economic status, political opinion, educational background, geographic location, sexual orientation or physical or mental health, ability or condition, criminal or prosecution record of identified or identifiable subject of research data. | |
| 2. | The research data which contains direct/indirect identifier or sensitive personal information of identified/identifiable subject of research data must only be released in a form that protects the right to informational privacy of subject of research data. | |
| 3. | The research data which contains direct/indirect identifier or sensitive personal information of identified/identifiable subject of research data can only be released with prior-informed consent of subject of research data. | |
| 4. | In the absence of consent or where consent is not given, the research data can only be released for the purpose that is compatible with the purpose for which the research data was collected. | |
| 5. | Alternatively, the research data can be released for different purposes and without consent from subject of research data after one of the following data redaction techniques is applied: | |
| i. | anonymization/de-identification by stripping or removing personal information which become direct identifier; | |
| ii. | pseudonymization by replacing direct identifier such as names with numerical identifiers; | |
| iii. | obfuscation by aggregating or reducing the precision of data, information or a variable; | |
| iv. | perturbation by introducing random errors into individual records whilst preserving descriptive statistics; | |
| v. | generalizing the meaning of detailed text; or | |
| vi. | restricting the upper or lower ranges of a variable to hide outliers. | |
| 6. | Where redaction techniques is not possible, the research data which contains direct/indirect identifier or personal information of identified/identifiable subject of research data must be deposited in data archive/enclave and can only be released in accordance to Data Security Procedure of the policy. | |
| CLASSIFIED RESEARCH DATA | ||
|---|---|---|
| 1. | Release of research data of which disclosure is prejudicial to the national security is strictly prohibited regardless whether or not there is any specific law on this matter. | |
| 2. | The Data Management and Sharing Plans must clarify whether the research data created/originated by the university researcher may contain information which is prejudicial to national security. | |
| 3. | Disclosure of research data which contains the following information is classified as prejudicial to national security: | |
| i. | instructions and guidance on bomb-making, biological weapon, illegal drug production or counterfeit products; | |
| ii. | information and statements with regards to possible terrorist attacks; | |
| iii. | information which compromise law enforcement activities, incitement to violence, counsels disobedience to the law or to any lawful order; | |
| iv. | information pertaining to prohibited place, munitions of war, apparatus, equipment, and machinery which are used in the maintenance of the safety and security of Malaysia; | |
| v. | information with regards to the outbreak of a deadly or contagious diseases; | |
| vi. | information which could likely lead to a breach of the peace or to promote feelings of hostility between different races or classes of the population which has a seditious tendency; | |
| vii. | information which could likely lead to outbreak of racial, sectarian or political disturbances in general or a specific part of the country; and | |
| viii. | documents relating the affairs of states such as military secrets, international affairs or Cabinet documents. | |
| 4. | The research data which contains any of the information classified above, must be deposited in data archive/enclave and its disclosure is subject to Data Security Procedure of the policy. | |
| RESEARCH DATA ABOUT AN INVENTION | |
|---|---|
| 1. | Release of research data about an invention need to be delayed until patent application is filed in order not to violate the novelty requirements in patent law. |
| 2. | To avoid prolonged and unnecessary restriction/delay, decision to patent the invention must be made by the institution within six (6) months upon formal notification of the invention by the researcher. |
| 3. | Prior to the decision by the institution, disclosure of the research data about an invention may be given effect in accordance to Data Security Procedure of the policy. |
| 4. | Where the institution’s decision is not to patent the invention, the research data about an invention must be immediately released in accordance to Data Release Procedure of the policy. |
| 5. | Where the decision is to patent the invention, the patent application should be filed within six (6) months from the date the decision was made, unless it is shown that it is not possible due to the complexity of the patent to be filed. |
| 6. | Regardless of the above provisions, the research data about an invention may be disclosed without violating the novelty requirements in patent law, provided the patent application is filed within one year after its disclosure to the public. |
| DATA PROVIDERS’ DUTY TO ENSURE DATA QUALITY | |
|---|---|
| 1. | The duty to ensure the quality of the research data is shared between the researcher as creator/originator/custodian of the research data (hereinafter known as the “Primary Data Provider”), the institution as data owner and the online repository/archive/enclave where the research data is deposited (The institution and data repository/archive/enclave center are collectively known as “Secondary Data Providers”). |
| 2. | For the purpose of the policy, it adopts the definition of data quality given by the US Office of Management and Budget Guidelines for Ensuring and Maximizing the Quality, Objectivity, Utility and Integrity of Information Disseminated by Federal Agencies 2002 (hereinafter referred as the “OMB Guidelines”). |
| 3. | Under the OMB Guidelines “Quality” is defined as encompassing utility, objectivity and integrity. |
| 4. | Being the Primary Data Provider, the responsibility to ensure data quality ultimately falls on the researcher. The researcher must supply the metadata describing the research data which enables data users to assess the quality of the research data. The metadata must be in accordance to the minimum standard required under Data Documentation and Record Keeping Procedure of the Policy. |
| 5. | The Data Repository/Archive/Enclave Manager must ensure that the research data is deposited together with the metadata. The Data Repository/Archive/Enclave Manager must require the depositors to declare whether the research data is subject to evaluation, validation and verification by formal, independent, external peer review in-line with accepted best practice to determine its quality. |
| 6. | Where the research data is not subject to peer-review prior to data release, the Data Repository/Archive/Enclave Manager must require the university researcher who is the creator/originator of the research data to properly advise and warn the data users about the fact. |
| 7. | Regardless whether or not the research data is peer-reviewed prior to data release, the university researcher must advise and warn the non-expert/non-professional data users on the potential risks related to the use/reuse of the research data. |
| 8. | The warning should cover information such as data quality, source materials, the date data was last updated, any known limitations of the data, as well as the limitation, defect or potential risk in the data utilization. The warning should also include an advice on the need to obtain independent or professional advice and verification before acting or relying based on the research data which are not subject to peer review. |
| 9. | The institution as owner of the research data must treat data quality assurance as integral to data release. The institution should adopt the standard of care to ensure data quality which is provided under the OMB Guidelines and applicable to the institution and the researchers. |