Mandatory Ethical Review and the use of Personal Data

Our faculty requires a mandatory ethical review for all research involving participants or their data. For researchers and PhD candidates, this is done through PRIDE, while student research goes through UU-SER. This review addresses privacy, data management, and the ethical aspects of the research. The review is mandatory both when collecting new data from participants and when using an existing dataset. For more information, see this page on our website. 

An important factor when assessing potential risks for participants is whether identifiable personal data is used. If identifiable personal data is involved, researchers must comply with the General Data Protection Regulation (GDPR). “Identifiable” means that as a researcher, you can identify participants through the collected data. This may include names, email addresses, video or audio recordings, but also information about someone’s job or hobbies that could directly or indirectly lead to their identification. 

Key measures you can take include pseudonymization or anonymization. In pseudonymization, identifiable data is replaced with a pseudonym or code, and the key is stored separately (for example, in a different location on the O-drive). This does not make the data anonymous if there is still reasonable access to the key. However, the data can be considered anonymous if the researcher receives pseudonymized data from another party and does not have a realistic way of obtaining the original key. 

If you have any questions about the use of personal data in research, you can contact privacy-fsw@uu.nl or visit the  faculty privacy website.