Publishing data under access restrictions

Most of the research data produced by a University can be shared freely as 'open data' if there is value in doing so. However, some data can only be shared under access restrictions. This may be because there are ethical or commercial complexities.

Most research data repositories offer some kind of restricted access to data. Potential data users must register or apply to see restricted data and will only be allowed to do so if they meet certain criteria. Below, we outline the process for the University of Bristol's data.bris research data repository but the general principles apply to most major research data repositories.

Why make data available under access restrictions?

Many researchers find they are asked, either by a research funder or an academic publisher, to find a secure way to share research data. The 'open' publication of anonymised data should be ruled out first, as using any kind of access restriction will most likely discourage some researchers from wishing to use your data. You should bear in mind that an embargo period can be applied to data at any access level.

There are many reasons that open access to research data might be inappropriate e.g. political sensitivities, health and safely risks or agreements with commercial funders. Where such factors rule out sharing altogether, data must remain closed. If you find you are required to share data but are prevented from doing so by the conditions under which the data was generated, please contact us to discuss the options. However, where data can be shared with bona fide researchers (only) you may wish to use the data.bris repository's 'Restricted' or 'Controlled' access levels.

'Restricted' or 'Controlled'?

Restricted data has some degree of sensitivity involved. Controlled data has a large degree of sensitivity involved. 

So, for example, if the terms of a commercially funded project specified that the data can be shared with 'other researchers', you'd select Restricted access, as this would ensure that only researchers could access the data.

If research participants have not given explicit consent to share data openly and anonymisation cannot be carried out effectively, making the risk of re-identification of participants medium to high, Controlled access would be more appropriate. Political sensitivities might be addressed by making data Controlled and thereby placing access decisions in the hands of the University Data Access Committee.

If you're not sure which access level to assign to your data, please contact us to discuss. 

How do applicants access 'Restricted' data?

A metadata record describing the Restricted dataset is made available by the data.bris repository but the actual data is only made available to authenticated researchers upon application. In addition, an applicant's host institution must agree to a Data Access Agreement which specifies how data may be used. The criteria we check applicants against is:

  • The applicant has provided a verifiable institutional affiliation
  • The applicant has provided verifiable institutional contact details
  • The applicant has nominated an appropriate institutional signatory
  • The applicant has ethical approval in place (this may not be required, depending on the nature of the requested dataset)

How do applicants access 'Controlled' data?

After an applicant has been authenticated against the same criteria we use for Restricted data, their request is referred to the University of Bristol Data Access Committee (DAC) for approval before data can be released. Again, the applicant's host institution must agree to a Data Access Agreement.

If you'd like to learn more about how research data is accessed from the perspective of an external researcher, please see Accessing research data held in the repository.

What do researchers have to do to publish 'Restricted' data?

Researchers who wish to publish their data as 'Restricted' data should follow the same depositing steps outlined in the Depositing Guide, selecting the appropriate access level. In addition, depositors are asked to consider very carefully the terms under which their data was generated before deciding whether or not it can be shared with authenticated researchers. Typically this means:

  • Reviewing the terms of any consent and participant/patient information sheets used (if used, a specimen version of both must be included in the data deposit)
  • Reviewing your ethical approval and ethical planning documents
  • Reviewing the terms of funding, particularly if non-UKRI funded
  • Reviewing any collaboration agreements which may impact on your project
  • Reviewing any other formal documents which may affect data sharing (e.g. your commercialisation plan or the terms of use for any 3rd party data included as part of your deposit)

If any of the above explicitly preclude sharing data please contact us to discuss.

What do researchers have to do to publish 'Controlled' data?

The guidance above also applies to Controlled data. However, in addition, depositors are expected to include a copy of any relevant formal documents as part of their deposit package. This is to help the University Data Access Committee reach a decision on whether or not to grant access to data.

Edit this page