 Okay, let's start. Good morning everyone. Thank you for joining this open air webinar. We will have one hour webinar with so short presentations and then question and answers moment. So we want to have time to answer questions. We have some questions already that you have sent us via the registration form, but you can also put other questions. So use the question and answer button to ask questions. You can ask questions during the presentations from the speakers from Thomas and Prodromos, but we will try to answer the questions after the presentation. But if you have a question just in the moment that they are presenting, you can just put the question and we will answer at the end. So it's really a pleasure to have so many participants and so many people interested in this webinar. So the webinar we will have Thomas Margoni from Glasgow University and Prodromos Tsiavos from the Tina Research and Innovation Center. We are all part of the open air team, cooperating in different areas of open air from the training and the policy activities to also some support to technical activities and we will run this webinar. So I will give in three or four minutes really a short overview about the support materials that open air have available, focusing on the new support materials that we have related with legal issues and RdM issues. And then we will have Thomas Margoni presenting the guides in the content that we have from copyright licensing and research, not the guides. And then addressing the issues related with personal data in open science, Prodromos will also present the guides, the content and highlight some of the main issues that we have when we address this kind of the topics. And then we have already selected some questions and answers from the registration form and you can also put other questions during the webinar. So open air have an open science help desk. We have we run the help desk based on different kinds of support tools. So we have some support materials like the guides that we are presenting today, fact sheets, FAQs. We have a ticket system that you all the users from researchers to research support staff can use to ask questions. And of course we have direct support at the national level run by the National Open Access Desks. We have several activities related with so specifically training activities. So like webinars that we are doing today and the workshop, we have several workshops already planned for 2019. Please check the agenda in the open air portal. And we have also some activities around the support and training for the new open air services and products. Specifically, so we have several support materials related with the issues that we are discussing today, so the legal issues and also around research that sharing and management. So we have, I would like to highlight that we have two primers. So we have a kind of the basics about open science, open access to publications and research data management. We have the guides. So I really want to highlight that we are updating the guide section in the portal. Like every month we since October that we have released the new open air portal. Every month we have two or three new guides and we will have the same until the summer. For sure you will find new guides targeting different stakeholders and the approach so related with different topics you can check the portal and also, as I said, check the agenda of the workshops. We have several fact sheets and so we are always updating also the FAQs. And all these new materials are also due to the fact that now we are pushing to have a kind of task forces to build more capacity and capacity on the three main areas, research data management, open science policies and the legal issues. And the result of this push to have more support and training content related with legal is the fact that we now have several guides, new guides available and this is what we want to present you during this webinar. I like the new guides that we have related with copyright licensing and personal data that we have available already in the portal. So we will focus mainly in these four guides and then other topics that Thomas and Prodromus will identify as relevant for all of us. So how do I know if my research data is protected? How do I license my research data and can I reuse someone else's research data? Are the guides that we will highlight related with copyright licensing and then related with data protection and open science? How to deal with sensitive data and Prodromus will for sure identify more relevant topics that we need to focus on for the work we are doing in our projects as a researcher and then also as research support staff that need to provide support to researchers and project coordinators in our institutions. So now I will give the floor to Thomas to present himself if he wants and also of course to detail and to present the guides that we have specifically addressing copyright and licensing issues. So please Thomas you can now share your screen and start your presentation. Thank you very much Peter. Thank you for the kind introduction. So let me share my screen first. Okay so I have a couple of slides. Well good morning everyone first of all and thank you for joining us in such a great number. I have a couple of slides that I think are useful just to set the stage and then I will move directly through you could call it a live demonstration of the guides that Peter just referred to. I think it's interesting to show how where the guides are. We already have the links but have a visual feedback and have a quick overlook of what kind of information they cover. This could also form the basis for additional Q&As later on. I think that is important to clarify right away a few terminological aspects because obviously there are at least there are many but at least two many dimensions here. The dimension, the point of view, the approach, the understanding of the researcher, so the scientific community and what they mean by what you mean by research, what we mean by research data and then there is the law and the law has a completely different definition and viewing of what research data and databases are and I think this is a first major element that has to be addressed because often it happens that we think we're talking about the same things because they have the same name, data or research data but as a matter of fact in our heads, in our minds, in our disciplines we are talking about very different things and this is the first cause of frustration. Here I have just a couple of very basic points but I think they are instrumental to what we're going to say later on. There is no clear legal definition of what research data are. There is no a corporate act or a research data act saying research data is. So it's a matter of norms, often community scientific academic norms to define what research data are but as we know these kind of norms are not engulfed in stone. They are fluid. They may change over time over discipline and over jurisdiction. Do we have at least a definition of what data is from a legal point of view? Partially, the law talks about data but talks about data in many different ways. It may refer to corporate aspects, to related rights to corporate, to other IP rights, to personal data and in all these cases, even though you may think well it's data, as a researcher I don't really know how a discipline that is not mine defines a certain concept. I just need to know what I can do. Can I do this yes or no? This is not my job. This is something that someone else should do and should give me a clear answer. That's what we're trying to do. It's not easy. It's not easy because the law attaches very, very different consequences to different categorization and this is what we're trying to do today and throughout the guides. But I think that right now what is really important to understand is that it's not sufficient even for you as researchers or SPIs. It's not sufficient to say well this is data. You have to go a step further. It may not be what you want to hear but if you go a step further, it's going to be a lot easier for all of us, including for us, for the legal expert to give you more specific feedback on what you need to do. I haven't clarified this introductory aspect. In my, in the first part of this presentation, I will be focusing on aspect of copyright related rights, database and licensing issues. Whereas in the second part, we'll be talking about personal data and the reason why we treat them separately is because, believing it or not, they are very different legal concepts and they behave in very, very different ways. And this is a very important aspect to keep in mind. So we have produced from the, let's say, copyright point of view three main guides that I will show to you in a moment from the portal. The first one is, how do I know if my research data is protected? The second one is, they should follow some sort of logical narrative. First of all, you need to know whether what you have is protected. Once you know whether and how it is protected, you want to know how you can license it, meaning how you can tell other people how to use it. And finally, when it's you who wants to reuse someone else's research data, what do you need to know? To complement these three guides, we have an additional companion guide that tackles directly repositories, but it's something that I would nevertheless recommend you to have a look at, especially if you are in charge or in coordination of research projects, which is how to make your repository open science compliant. It includes a lot of additional information on licensing aspects, but it's perhaps a bit more, it has a lot more detail, it can get a bit more complicated. So your starting point should be the first three guides, and then if you are still liking it and you are not extremely bored, you can move to the fourth one. So let's move to the guides. I'm stopping for a second on the sharing because I think that's the only way that I know how to do this. Okay, so hopefully everything worked fine, and we are all seeing the first guide. Yes, yes, yes. So everything okay. Great. Thank you for the feedback. So how do I know if my research data is protected is the first guide. As you see, we try to be as concise as possible, because after many years of research, we finally came to the conclusion that people don't like to read hundreds and hundreds of pages of legal analysis, which is surprising because it's very interesting legal analysis, but it turns out that no one really reads them. So how can we, and this is not a problem question, how can we distillate so much, so many details, so much complexity in a way that can be easily understand by people, by researchers who do this every day, but who should not be excessively concerned in terms of knowledge cost and time cost in the legal dimension of their research activity. So this is the idea behind these guides, and we're very eager to know your opinions, your feedback on any aspect. As Peter said, we are constantly developing the guides, not only content-wise, but also in terms of graphics and how to make them even easier to understand. We will probably in the future implement visuals, etc. But obviously for this, your opinion would be very, very useful. So please feel free to share your views on this. Now, regarding the content, obviously here as I mentioned at the beginning, we do have a few questions on what is research data, and once we can, if not precisely define it, at least have a common core of situations where we say, okay, this is research data, then the following question is, well, how is it protected? When is it protected? Is it always protected? I would say we'll not go through all the text. We don't have the time, and I think it wouldn't be very useful. But I invite you to go through it. What I will offer you is a general overview of how to determine or what are the main legal issues here. So as I was saying, the law doesn't really have a definition of data. It doesn't have a definition of data sets either, but the law defines databases. And that's something that also has to be kept in mind. The law has a definition of database. And when we speak about legal issues, we have to make sure that we only call databases what the law defines databases. Because otherwise, we're again talking about different things. And therefore, we may not understand each other. So here I have the definition of the law. It's, as you see quite broadly, it's a collection of independent works, data or other materials arranged in a systematic or methodological way, and individually accessible by electronic or other means. This is an extremely important definition, because either we have this structure of independent works. So here independent works means that the work so a text, a poem, an article cannot be a database, because there is no, they're not independent works, and they're not individually accessible. There is a narrative sequence that has to be followed in a literary work. Just to give you an example of works. So works here means something that is protected by copyright, imagine a database of scientific articles. Data, not really defined, but something that is not work. So measurements, numbers, everything you can think of could potentially fit into this definition of data, or other materials, but they have to be arranged in a systematic or methodological way. If they are not, then we don't have a database for legal purposes. Obviously, things are not this easy, because the law says that, well, if this systematic and methodological organization is original, and we see things here in copyright, then there is a copyright in data in the database, but only in the structure. It doesn't extend to the data. So if the data composing the database are not protected themselves, a database is only a form of protection for the structure, for how you have selected or arranged those data, not for the data themselves, which understand can be quite counterintuitive. And on top of this, we have this weird word that we saw already, that's why January's database right, which is a purely, so what I said so far, imagine that more or less applies everywhere in the world. There may be differences, but not too marked. In the case of the slide, January's database right, we're talking about a purely European creation. This right, it's what, as a matter of fact, can protect data. So you still have to have the database. Regardless of whether your collection is original or not, if you have put, and the definition is a substantial investment in obtaining, verifying or presenting the data, then you have this additional right that protects extractions of substantial amounts of data. So it's not a single pattern that is protected, but if someone else's want to copy your entire database or a substantial amount, then this is why January's database right will forbid that. But obviously, once again, this is just the surface. There are many other considerations to be made. Chiefly, for example, the fact that this way January's database right only protects data that has been obtained, not data that has been created. And this is a very important aspect because that's triggered a lot of litigation in Europe about what the data, when a certain amount of data has been created or obtained. And obviously, don't make the mistake of thinking with a scientific mindset. It's not an epistemological analysis that the court will do awful sometimes to do on whether you create a data when you record a measurement or the data already existed, you're just obtaining it from nature. Here, a lot of attention is paid to the competition aspect. So have we created a monopoly right over single source databases? If this is the case, probably the data will be considered created and it's not protected. If the same amount of data could be independently obtained through measurement from a competitor, then probably the data is obtained and there is no so January's database right protection. Sorry, I won't say anything else about this because I understand it's complicated, but I want to give you a dimension of what the law is saying about these aspects and what we call in the guides. So once we have understood whether our research data is protected, then we can move to the second stage, which is how do I license my research data? Now here maybe we are more familiar with some of these concepts and topics and we refer to licenses. Obviously, a common mistake is to think that a license protects something that's wrong. It is copyright or rights that related to copyrights such as the database right that protects and they are automatic. So you don't have to do anything. When you create something, when you write a piece of code, when you write a scientific article, you are already protected by copyright as well. So you don't have to do anything. You don't have even to write down your name or the usual copyright notice or a circle C. All those things can help, but they're not necessary. So copyright protects you. A license is a permission, license means permission. So since the default is all rights reserved because copyright gives you this property, right, then if you want other people to reuse your data or your articles, then you have to give them a permission. And this permission is a license. It can be a restrictive license, as when you buy commercial products, you have to set that an end user license agreement or it can be an open license such as Creative Commons. In this case, we are talking about licenses that allows you always to produce, redistribute, etc, etc. But there are conditions. Now we go through some of the conditions, but these are normally well known. We have other more basic guides that explain how Creative Commons work. You know, this is a question we can easily go there. A normal debate here is, well, I have to apply a CC buy or a CC zero to my database. It depends, right? So what normally we recommend is CC zero because if you apply a CC buy, you are requiring attribution for your data when the law doesn't really request attribution because there are no more rights of attribution for data. So by applying a CC buy, as a matter of fact, you are restricting even further than what the law requires to be used. So that's why normally for data we recommend CC zero. That said, there is a reasonable community expectation in some areas where you say, well, but you know, I spent a lot of effort in collecting this data. I'm happy to share it, but at least I would like to have recognition, like people to cite me. Well, you can obtain this in two ways. You can do CC zero and then kindly request that attribution is given to you. This is what the European does for certain data sets that they have, for example. But this is not so legally enforceable. This is just a request, but it's a norm. It's a social norm in the scientific community, like when you cite someone. So normally it works. If you really, really want to get attributed, then you can apply a CC buy. That's, you know, maybe not the best of the best of the best of the solutions for open science approaches, but it's still something that if you really want, you can do. You are restricting the reuse of data to some extent, but you're still open access compliant. Important to keep in mind that non-commercial and non-derivatives are non-open access compliance. So if you have to publish an open access because your funders require it, and you cannot use those conditions. Very quickly to the last slide, also for the sake of time, can I reuse someone else's research data? This is somehow the logical follow up from the previous slide. Well, you need there needs to be, well, you need to know whether the research data that you want to reuse is protected or not. Often it is not protected. If it is protected, then you have to look at a license. If this license is CC zero, then you can do almost anything you want. If this license is CC buy, or if the license, sorry, just to follow the structure of my previous guide, if you, if the license is CC zero plus a kind request to attribute, then, you know, legal obligation, it's CC zero, but there is a moral obligation to attribute when you reuse the data to the original maker. If the license is CC buy, well, then there is a contractual obligation to attribute in the way that is specified in the original database. Obviously these are just the, let's say, the broad picture. It's how you should approach the questions or the problems when they are presented to you as researchers, as PIs, as research coordinators, but obviously normally there are much more specific issues and questions, and we are happy to answer them or discuss them further or even include them in the guides. But what is really important is that from the outset, you understand these basic rules. You have to understand that as researchers, you need to have at least a basic understanding of how the law regulates this area, because if you do it, you may avoid certain mistake at the very beginning in the phase of designing your research experiment, that if you made this mistake, it would be much, much, much more harder to address them later on. It would be costly in terms of legal analysis, in terms of delay in your ability to publish or share your data, etc, etc, etc. You have to become a bit, a little bit, not too much, just a little bit, lawyers as well. This is how science works nowadays, and obviously everyone has its specialties, but as much as lawyers have to understand a little bit of science in order to answer certain questions, scientists have to understand a little bit of law in order to address their problems in the right way, and hopefully these guides can assist you in this. So thank you very much. Okay, thank you. Thomas, so we have already some questions we will answer at the end, but now we give the floor to Prodromos. Please, Prodromos, can you start? Okay, perfect. Thank you all. You can put in presentation mode if you, yes, perfect. Thanks everyone, and thanks for being in this webinar. It's always exciting to see that there are many people interested in legal issues, and hopefully they're going to be slightly more enlightened by the time we have finished our presentations. And following up from where Thomas has left us, I would like us to talk a bit about the research data, the GDPR, and ask the question, how open is open? So how basically can we really have open science in relation to the General Data Protection Regulation, because what we very frequently hear is that, okay, this piece of data set has personal data, so what can I do with it? Does it mean that I cannot really release it, or I cannot really release it openly? And I always, when I start talking about this issue, I start with the title of the GDPR, which people don't read, but if you read it, you will see that it has two objectives. One is the protection of the personal, of the natural persons in relation to their personal data, but it's also the free movement of such data. And it's crucial to understand that the objective of the regulation is not to stop the flow of data, but actually to facilitate that. It's just that it needs to happen within a particular framework. So there are five elements which I would like to discuss with you today in relation to personal data and open science in order to see what are some very basic and very frequent questions and issues we are facing and how can we tackle them. The first thing is to actually understand the setting, to understand what we're talking about. It's not always resets that takes place within a single organization, but in multiple settings. So this is crucial. The second thing is to identify what we want to do with the data. The third thing is what is our legal basis for performing any processing. The fourth thing to understand how these maps on the data management plan or the data lifecycle, and finally how the data subject may exercise here right. In this presentation today, I'm not going to go through basic definitions because we don't have the time and we have quite a bit of that in our fact sheets. But I think we will return with a more comprehensive guide in relation to how I remain compliant to the GDPR while opening my data. So the setting. There are cases when the resets will actually do resets within a resets performing organization. In that sense you're bound by the legal requirements which is the implementation of the GDPR that has happened in your country in your member states and if it hasn't transposed the regulations which by the way they have a direct effect. So the GDPR has a direct effect since May 2018. So it's not necessary for your country to have a national law. But because it contains some elements which require further elaboration by the national legislature, it makes sense to check your national law if it exists. So one framework is the big framework, the laws in your country and the GDPR. And the second one is if you have an ethics framework with your institution. So the first thing you do is that in quite a few institutions before a resets project, internal resets project is approved, you need to go through the ethics community which very frequently is going to ask questions related to personal data as well. What becomes a bit more complicated is when you have an EU or other collaborative project and there you need to see the ethics and data protection requirements set by the consortium. Now this of course has to do with the national law but also it has to do with third countries. For some reason the autocorrect made it fourth countries but I mean third countries. Third countries we mean countries which are outside the EU and what does it mean if the data are to flow outside the EU or to come from data subjects that are located outside the EU. And of course to check what are the conditions of the call for these particular funding instruments. So the important thing there is to identify who is the one that sets the conditions for the processing of data. Is it the project coordinator and if that is the case how are data being stored between the different partners and who is processing them and who is acting as a controller. So in the case of any EU project you have to answer these questions at the outset of the project and let me repeat the key questions is who is the one who sets the conditions and purposes of the data processing and that should be the controller and what are the different roles of the different partners within the project. It could very well be that the data controller is the coordinator but sometimes you have one partner who's responsible for the infrastructure and that particular partner may operate either as a controller if it has indeed full control over the purposes of and the proposing of the processing of data or may operate as a processor on behalf of the consortium. So what is really crucial is to understand how the consortium is is structured and who is the one who sets the conditions and who is the one that actually does the processing. Second case which we increasingly see is when you have a tender and there the question is are you data processor or co-controller. Most of the cases when you respond for instance into an EU tender you will be a processor on behalf of the commission who is going to be the controller. Classic example the Clarion project which we have seen in Athena or the ELRC project which we have seen at Athena Reset Center where the Reset Center doesn't operate as a controller but as a processor. It doesn't set the conditions and purposes and does not control fully the the data but it's steady tax on behalf of the commission. Similar is when you have a commercial entity that comes and asks you to do some research for them you're again going to operate as a control as a processor and that means you need to have a contract that specifically sets the conditions as to how data are to be processed. Two more questions who is the data protection officer if we're talking about the first scenario when we have the RPO that you most probably are going to have a data processor or data a DPO who's responsible for the institution what becomes what it becomes a bit more complicated is when you have a consortium and then you need to understand how the DPO's of the different organizations work with each other. The other question is how how does the DPO relate to the ethics committee and here I have to mention three let's say actors in our drama you have the DPO you have the ethics committee and you may have a compliance officer or compliance people that are in responsible for the compliance which may be a third company so for instance it could be that the DPO is a let's say a person who's not part of the hierarchy but is someone that operates as a controller and as an auditor of the organization and its data protection activities you have the compliance people which are people that really go process by process and conform and comply to the law and finally the ethics committee who deals with issues which are far broader than the data protection issues and they are not just issues that are are defined by the relevant legislation they could be also rules that the institution or institutions have defined themselves and operate as forms of self-regulation so moving to the next the next element which is important for us is the purpose what is the purpose of processing personal data at a scientific context the overall purpose is normally scientific resets a very important article for us is article 89 of GDPR where it sets the conditions for what constitute scientific resets the the regulation provides a very broad definition it doesn't necessarily mean you're an RPO it could be that you're a private company or a public sector organization scientific resets is any kind of research you may be conducting and it doesn't mean that it is commercial or non-commercial so we have a pretty broad definition of what scientific research is now the specific type of research may be useful because it explains us and it gives boundaries and limits to as to what we can do with these data so for instance if I do a social research and I get this kind of this data from let's say a particular segment of the population in the city in order to for instance just a fictional example to assess urban and housing conditions I cannot then use this data for let's say direct marketing so there is that's why the type of research is necessary and it needs to be defined at the beginning when we try to set the conditions for resets and of course we start normally with one condition and as we will see later we may change the purpose and this is a big problem we have to see how we accommodate it so what happens when the purpose changes over time the purpose always has to fit within a particular legal basis and when the purposes change then we have to check whether they covered by the new legal basis so moving to the legal aid basis mostly the the ddpr provides six basic legal basis another ten for specific types of processing the the question the question that we have here is how how do we define this legal basis in terms of resets we normally would say this is public interest but in cases when we have a tender the legal basis may be a contract and when you want to conduct specific resets for with sensitive data what we now call special categories of data we may be talking about consent I always suggest that we go for consent only it's not our first option we will do it only if it's absolutely necessary and here you see a list of the six basic legal basis and all what we normally do the green light the green color is the public interest because that's our primary legal basis that is what most resets institutions are using legal obligation is when you do the resets as part of an obligation you have we're not going to see that frequently or at all because normally the public interest legal basis covers us but it could be that we work under contract or consent in cases like the ones that I mentioned before contracting tender is consent thing a very specialized research where you want to do things and you want to absolutely make sure that you get the consent by the data subjects the legitimate interest is the last one and I have it in red because I think it's a highly risky legal basis it means you don't really necessarily ask the data subjects if they agree or not you assume that your legitimate interest is not harmful enough for the data subject and hence any legitimate interest type of research requires that you have done an impact assessment I really discovered research organizations to to actually do base their research on legitimate interest they could very well do it with public interest and if they require specific things they could go for consent here also on this table what you see is that the the groups on the top there's no discretion is part of the things you do because you have to do because of your organization purpose as we said it's performing organization the more you go down there is discretion you may choose to contact it or not but they are you you are asking the the data subject to provide consent as well so how do we actually do the whole thing we need to trace the life cycle of the data we need to follow the data and and we see that different purposes types of data processing have different purposes legal basis and we always need to stay with the legal basis and that's not self-evident and in this diagram which is a very simple DMP it shows you the problem I could collect the data for instance for and I can I go to my previous example I'm doing housing research in central London and I collect this data by different residents I get it from the data subject plus I complement them from third party I may buy some data from a commercial entity plus I may further enrich those data from publicly available resources from data.gov now once I have this data I need to read them so some people need to have access and I may update or enrich them so these are forms of processing which need to be covered by my original legal basis if this is public interest and if I still operate within the scope of my work I'm still covered but if I take this data and I want to change the scope also for instance I got the data using consent forms from the data subjects and I told them I'm going to keep them for five years but then I need to keep them for another five years because I need them for another type of research then preservation that you see here is not necessarily going to be covered by my original consent my original database so I have to seek for other day or other legal basis and here I would go for resets scientific presets and public interest similarly if I am to disseminate them it really makes a difference how I disseminate them am I giving them to a third party for instance that's a data processor a subcontractor unless I have this covers at the point of collection of the data is very difficult to make such changes also can I pass this data further to other researchers is my public interest legal basis going to cover me in order to be able to answer this question you always need impact assessment so what you see is that from the moment of collection to the moment of data sharing and in between the data management I need to be always be have a good grasp of my data management plan and why think a action a or action b takes place and respectively how purposes may change and how the legal basis may change now the final thing is that when I operate under article 89 which is when I'm performing scientific research which as I said multiple times it is a form of legal basis of public interest another benefit I have is that the data subject has its rights being limited and we see that in a series of articles within GDPR basically in most of the articles where the rights of the data subject are defined we have exceptions in relation to scientific resets the the law the general data protection regulation identifies three types of exceptions that are related scientific research statistical purposes and archiving in all cases there needs to be public interest behind it as I said before that's a really broad definition it allows us to do a lot of things but we need to make sure we stick to that purpose and also we need to do three more things we need to have taken the necessary technical organizational measures in order to protect the data subject which means we need to have our processes written documented and approved a very good practice would be to have a DMP and have it pass through our ethics committee that pretty much covers a lot of stuff and also ensures that there are the processes there a second thing is pseudonymization not necessarily anonymization uh anonymization is mostly when we really want to decouple the data from the data subject but this is not necessarily always desirable or feasible so pseudonymization is an option and this is something explicitly mentioned by the regulation and the condition which actually makes us understand whether we are you know outside the scope of the regulation is whether any kinds of requests from the data subject to exercise their rights is likely to be possible or seriously impact the achievement of the objectives of that processing which pretty much gives us a lot of space for actually not having always to give access or explain why we're doing x or y with the data having said that this needs to be not unnecessarily or abusive I mean this is something we need to do within the scope of of good will and of course it is necessary to always have data sub to also have notices and provide the data subject with a relevant information so to sum up what we see is that if we do personal data processing within the context of the open science it is something that could be done it is actually carried however it means we really need to focus on the data management plan and make sure the purpose and the legal basis are always justified there so that's it for me thanks very much many thanks Thomas and Thomas so now we can start with the questions and and the answers we have already a question in the in the chat so maybe we should start from that and then we have two slides where we have gathered some of the questions that we have collected and the rest from the registration form okay so we have some highlights here that Thomas and then Prodromus will will reply but let's first check the the chat I think where we have a question okay it's here yeah so Thomas the question it's about the the cc0 cc by and the fact that the attribution time request it's not always or I think seldom the questions says forward um yes that's why we're presenting two options cc0 and cc by but you know the main question here and at the understanding can be frustrating for the expectations of you as as researchers is why they want attribution right um there are areas of law and again here I'm just explaining you the law I'm not giving an opinion that's saying well you know your contribution here corresponds to an original work therefore you have economic and moral rights and one of these moral rights is attribution in that case the law tells you well because you're putting the the rhetoric would be part of your personality into the work then you deserve from a moral point of view to be recognized as the author and therefore attribution has to be given so for example when there is an you use the word for purposes of say quotation then you have to attribute the law evaluates data and we're talking about data here differently in fact data as we saw very often it's not protected at all you don't like it well you know we have to see what is the scope of the law and what is the scope of the likes of sorry of of science and open science in general is it the promotion of the personality of the researcher or is the promotion of science in general so it's a public or a private goal that it's being pursued here the law in for the law the answer is quite clear data raw data and structured that is not protected therefore you can do whatever you want now if you decide to limit it contractually even with a contract that is quite liberal such as cc by you are reducing the space and therefore the main recommendation for that is cc0 because it's the license that mirrors better what the law considers to be protectable or not protectable and being said in our guides we clearly say well if you feel strongly about attribution then use of cc by but you know what I would invite you to do it's not to a critically as researchers apply cc by think of the consequences if you think well you know in this case you know it's just some data collected there there is no really much value in it why restrict them further if you feel strong really strong about them apply a cc by I think it's suboptimal but still a fully open access and open science compliant the important thing is to avoid more restrictive conditions such as non-commercial okay thank you so tomas let's try now to do the exercise so let's have maximum like 15 minutes I think it's not easy to do it to answer all the questions but with your effort tomas and prodromos let's let's see if we can do so we have here like a set of questions that people put in the the registration form some of them ask us to talk about legal issues versus opening up that the research that so patterns and open data but we have two questions here about I think you have already addressed this during your presentation but so raw raw data and the specific so do you have anything let me let me say that you know let's not try to you know be like to try to create um well how do I put this I don't know anyway um we have if you want so one thing is to say that uh research data as such they are not protected by uh let's say they do not they do not qualify as a database for the purpose of of the law um but what the law requires it's very minimal so there is a question saying uh what if we structure uh the data in a spreadsheet um of observational measurements that could be enough you know the important you know it's not the spreadsheet that it's uh the decisive element here it's how you try so how that data is uh is organized so the usual example here even though it's a bit you know old school it's yellow pages and white pages so white pages is a collection of data names and phone numbers but this collection follows like an alphabetical order and is exhausted so there is no selection and there is in in in in how you choose the data and there is no rearrangement in how you present them so white pages traditionally are a good example of uh a database that is not protected yellow pages because you apply some sort of selection to the data you don't collect everyone everyone's name and phone numbers but just someone and you follow some sort of structure there and then when you when you reorganize it we you may classify down there I don't know flammers electricians etc etc such a that that's a very minimal level of originality in your strategy but it might suffice now the thing that we have to understand here is that this example for how we presented it works for copyrights so white pages not protected by copper yellow pages they are but what copper protects here is the structure so how you design the selection and arrangement which means that in the case of the yellow pages a competitor could not reuse your structure so the way which is selected and presented but he could reuse your data so you know the single data uh well not the single the entire data right for corporate purposes because corporate doesn't protect the data collected only protects the structure if on top of that in Europe there is a substantial investment in obtaining verifying and presenting and this could happen both for white pages and yellow pages then you might have a swipe generous database right and this would prevent a competitor from extracting the same amount of data so this is the difference um what you have to do so if you want to protect your data just instead of publish them in a completely unstructured way just give it some structure that's probably more than enough to uh to to make them protectable and apply a license keep in mind that you're moving away from open science principles though that's something you have to keep in mind if your goal if you really feel strong about attribution then you know make sure you present your public make available the data in a way that is protectable but apply cc by 4.0 and apply it properly all this information is contained in the guides um but otherwise cc 0 might be a much better choice so keep keep all these variables in mind yeah um yes i think it was really explicit what you said and thank you for that um so if you if you want to address any other so topic here in these questions that uh i think you already answered so let's you can we can come back here but let's now move to the i think there's just one thing and then we can move to the data protection keep in mind the other that copyright belongs to the author the swipe generous database right doesn't belong to the author belongs to the maker the person or entity who makes the financial investment or takes the risk which is normal in university so you know the point is if you want to play the game of the law make sure you know the rules of the game because you might have a noble intentions but you might enter um an area that you know you don't know very well and it may backfire so make sure what you want to do and do it properly okay so thomas please take a look to the to the question in answer box where you have some more comments from from mario about the question that you have put so but now we move to and then you can answer if you have something to to head and now we move to another set of questions that we have together here from the registration form more or less related to the with them so privacy issue personal data so prodromos do you want to yes and i think these are these are in a sense very classic questions um we we i tried in the presentation also to bring an example from social science research um as i said before it's absolutely crucial to have a clear data management plan and make sure you pass through all necessary uh steps uh in one of the three main let's say parts of a data management plan so you need to be absolutely clear when you are hard to obtain the data to actually know what you're going to do with them it seems it's very similar in that sense with how you do a copyright strategy but when you um at the point of data collection you have to have made your mind as to what you're going to do with this data are you just going to do research within your rpo are you going to be part of a consortium are you going to publish the whole thing are you going to publish the uh questionnaires as well um and this is once you you you start with what you want to do so for instance let's say i want to have the data forever and be totally open or it could be uh i want to have the data just for my research institution and i think both options are not really there um in reality you're always going to share your data with someone and in reality you're not going to be able for all sorts of reasons to fully open everything so you need to understand that what is the purpose of the whole thing why am i doing that so if it's social research which is about writing a paper but it's also something which needs to be further verified by other researchers or be part of my data collection in in my institution or i'm doing that as part of a european project then i need to know which are the ethics rules within the context of my research so i use a housing example but it could be that i do public health research or i do research that relates to minority groups or anything that has special categories of data what we use to call sensitive data in that sense of course i have to comply with the law if most probably means i would get need to get consent it would mean that the consent has the consent forms have to be very thoroughly checked um by your legal department or and and also to be seen by your dpo they would also have to pass through your ethics community you should have a standard process as to how you um you clear things of uh legal and ethical issues and then you proceed with your research um that sometimes sounds awfully bureaucratic it may take ages but i'm afraid there's no other option if you're doing this as that contains personal data now in terms of patient's data there it becomes a bit more difficult because we don't just have the personal data rules we're going to have ethical rules which relate to the university and ethical rules that may relate to the hospital or the national health system of that particular country and here uh it's not that's the only the data if you're dealing with the biobanks you also have another set of regulations biomaterial and material transfer agreements so i'll leave that so i consider that outside our discussion if we talk about simple patient data you you check what is the data protection rules in your country or your region if we talk about the transnational project you check the ethics committee of the university or the center and the ethics rules and committee of the hospital now uh can we anonymize them or it depends really um if this is not i would say that pseudonymization tends to be better because you can place it back and this may be relevant to your research but anonymization is not just or pseudonymization is not just a technical process it's very much a procedural thing um so it has to do with how you have access to this data and how you return to them um finally it could be that the research itself does not allow you to anonymize you need to have things which make the person identifiable a hand and hence so you may remove the name you can still identify the person let's say uh it's a woman who's in that particular region she's over 80 years old and she has PhD so it's probably someone's probably married so you you you have a lot of these things especially when you deal with genetic data what has happened with the pharmaceutical pharmaceutical pharmaceutical company uh of course this in that case you may even be a processor and not a controller it may provide you uh limitations that have to do with sharing or archiving but these are not going to be necessarily limitations related to personal data or ethics they will be confidentiality trade secrets or IP limitations um so we also need to understand that the flow of data is not only limited by legal rules from GP or ethical rules that um self governing boards uh set but it could be also property rules and here it's very important that we also have a trade secrets directive it just it's a very recent thing in the most countries are transposing transposing in now and it places quite a few restrictions on research as contact information research how how do we share data if they're from any different institutions normally you have model consortium agreement uh which should be your bible uh what happens unfortunately is that we people use still the very classic consortium agreement that the EU provides which has been built for industrial property is extremely heavy for copyright um in terms of data protection is basically box-taking and in terms of how you deal with trade secrets and how you deal with sharing of property it lets it lets it quite open to you to decide what I always suggest is to make sure that you understand what the word packages do and what it means for the type of processing and the purposes and then identify how we can actually make sure that we have a DPO for the project and how it relates to the different DPOs of the involved organizations uh finally in terms of ownership um if you have personal data they are not owned by the individuals involved individuals involved have rights that relate to personal data legislation or personality which are not the same thing there are different things or they have rights that come out of self-regulations such as the all the ones that an ethics committee would set or a professional body would set to a sector so please this would help you a lot don't confuse personal data with property rights they are very different and again to emphasize three things which people always confuse confidential data they are not necessarily personal so it could be corporate data that have to do let's say with the clinical trials they don't necessarily have personal data but you know the the company that paid you doesn't want you to release them they're protected contractually and through the trade secrets legislation secondly you have personal data and a subcategory sensitive or special category of data they are personal data these are protected through gtpr and national legislation they are also regulated by um uh quotes of conduct and ethics um rules that the organizations or sectors impose on themselves and then you have personality rights which are broader that personal data and they may have to do with rights on images or um rights that actually relate to the personality of the end of the individual and then finally you have hardcore property rights intellectual property rights copyrights related rights to e-generous rights from the side let's say of the things that look more like author's rights and similar types of things and then you have industrial rights buttons trademarks trade secrets blood varieties um the protected names of origin etc so these are hardware property rights so please don't confuse these three things confidentiality personal data property rights intellectual property rights yeah thank you um really helpful your input so tomas i'm not sure if you want to say something about the uh second comment from mario here in the chat um because it's more on the i don't see i don't think i see you know i in the chat but uh i only see the the original one it is in the in the question in answer it's here can can you see my screen now it's in the question so uh can you read i see i see your screen but i don't see which one is it okay i maybe don't so but you don't see the oh okay okay now sorry okay so um i think we so tomas will you know will reply to this um well it's a comment you know yes yes it's a view the the only one thing to keep in mind is that uh if it is raw data and again i'm pretty sure that it is structured in a database if it is not structured in a database because it is raw data and this is an example of what um prodromos just said about property rights if there is no underlying property rights and you apply a license any kind of license uh pretty common but also a closed license then it's only the contract that binds the two parties there is no underlying property right means that any good faith third part is not bound by the contract so it's not bound by attribution so the reason why they are doing it it's because there is a perception of a community norm not a legal uh requirement okay so once again i understand why you may want to do that there may be better ways to do that metadata could be another way but you know don't once again don't misunderstand the the law because it's complex so yeah okay not much or if you if you want to say something to finalize i will just to finalize the webinar but prodromos tomas if you want to have a final remark just say it now and then we will um close the i think we we'd like to hear uh any possible feedback um both on the webinar and how to develop further uh the guides i think this is important and we can see we can do something after the webinar based on the on those that have participated i think the the the copyright is quite well developed um what i would be very interested is is from the presentation to get some feedback what would people like to see uh in terms of um of a guides on personal data is the i i try to be extremely concise because of the limitations in time we have but um i think we would greatly appreciate some indications as to what i think they are mostly interesting so that we can then produce a guides uh which is more oriented to these needs i try to mention the basic things how do you set up in terms of data protection and project what you should take care of whether you conduct the project which are the main issues related to the dnp and open and and tdpr but it could be that there are other things people are interested in so please give us feedback yeah so many thanks just before i i closed this webinar i just want to do three final remarks so we will ask you your your your contribution in your comments it's quite important for us to have your feedback but i think it's important also to highlight that the way that we are trying to organize all these new uh guides around legal issues but also others around open science research data management is trying to have so real user questions so real needs so real dots and then we can place it as a question and we try to to address and answer and put information via these these guides and as we have the national open access desks we have a strong network network delivering several presentations seven training um in different countries and via the no ads the national open access tests we are trying to collect these kind of questions and doubts and it's it's why we are putting also the guides in this form so the other things that tom was already already presented it was about the improvements that we want to do about the content that we have from this legal legal guide so we have all the content the text it's fine the structure is really good but we want to improve a bit we want to create some infographics and we want even to create some more like media and videos around the content that we have because then you can reuse it in training activities in your institutions or to share with your colleagues or to or just for you to to learn more and the last one is to invite you as we have a large audience i want to highlight that we will have the open science fair conference um 2019 in september in port all the conferences is organized around workshops and training sessions we opened yesterday the call for proposals for workshops and posters and demos also so we don't have like papers traditional conference it's more an interactive conference so i it's why i'm inviting you because for sure we will have um also we will address also some issues related with um legal issues in open science so um put in your calendars if you if you can make it just participate and come to to to port because i'm in port right now to participate in this in this conference so from our side it's all many things for your participation participation we have already the slides available we already shared with you the links but we will send it via email and they will be available in them in the normal communication channels from open air please follow the twitter of open air follow also the newsletter because it will be via these channels that we will publicize the new support materials that we will deliver in the coming masses so many thanks tomas and prodoms for your effort to do this great webinar i think it was very good and helpful so many thanks and see you bye by all thank you for your participation thank you bye bye bye thank you