Data Sharing Agreement


Data Sharing Agreement

At UCLouvain, we advise you to include this aspect in the data sharing agreement with your partners.

A data sharing agreement (DSA) is a convention between research partners that states several information  about the way data will be formatted, but also the way they will be (re)used and shared in the future (how data can be used and to which purpose). The DSA mentions data sources and ownership, and acknowledge partners’ responsibilities. Several complementary information such as Versioning, Naming, embargo period, etc., might be added.

You plan to share data with people outside your research team? We recommend to write a data sharing agreement (DSA). A data sharing agreement (DSA) is a convention between research partners and/or third parties. DSA can be different depending on the type of data, the receiving party, and the use that will be made. 

This page provides elements and best practices that should be present in a DSA. Yet, this page does not provide legal advice: we strongly recommend to contact a legal advisor in your university to ensure of the quality of your DSA. 

What should be present in a DSA?

1. Title: should contain: the name of the agreement, of the author (the person who disclose the data), and of the receiving party. 

2. Introduction: Should contain: 

a. a brief description of the data, the type of data (personal, sensitive, anonymized, pseudonymized). Are there any other documents (metadata, data documentation or description) that must be shared with the data? 

b. the purpose of the data collection and sharing, and the way data will be used by the receiving party. Are there any exclusion? Will the data be merged with other datasets?

c. the name of the research project in which it has been collected (grant), 

d. any relevant regulation that apply to the data (university code of conduct, RGPD, etc.). If your data are concerned by RGPD, please consult our specific webpage, or contact your Data Protection Officer, it will affect the DSA as a whole. 

3. Access provisions: Who will have the rights to access the data? Who has the right to change or modify the data, what methods will be used to access it? 

4. Confidentiality: how will the data be protected (IT solutions, encryption, non-disclosure agreements, etc.). What method of transfer, storage, will be used? How will the data be retained or destroyed?

5. Third parties: what can the data be used for and whether it can be shared with third parties (and which ones), and under what conditions. 

6. Publishing/dissemination/sharing of data: is any party allowed to share, publish or release any insight of the data (which data, for what purpose, to whom). Precise if there will be any secondary use or disclosure by the receiving party. Will it be a one-time disclosure or an on-going disclosure (e.g. annual)?

7. Ownership: state that the data still belong to your university (or supplementary owner if appropriate), and when they will be returned. In what circumstances can the agreement be terminated? 

8. Authority: names, signatures and other legal aspects

You can also contact Marie-Anne Crijns (ADRE/RJUR, for any juridic advise.