In academic research, data sharing, particularly secondary data reuse, relies heavily on informal networking. ‘Grey’ transfers of data motivated by research purposes are common. In this paper, working through use cases presented by professionals in digital health, research governance and sensitive data management and publication, we explore the compliance challenges of informal data sharing, its detection, policy challenges such as penalties and associated risks such as accidental data breach and scientific impact. We highlight challenges of maintaining researcher awareness of best practice, given the fast-moving UK legal and regulatory landscape and the need to maintain compliance with standards required by key research partners in the EU. We then explore how good data privacy practices, privacy impact assessments, principles of privacy by design and existing frameworks might be used to support the process of engineering systems that provide the needed flexibility to researchers while minimising the risks.
Beckles et al. (Tue,) studied this question.