Data Sharing Agreement

Data Sharing Agreement

A Data Sharing Agreement (DSA) is an agreement between the research team’s entity (university) and a third party (another university, a company, a research centre, …). It is set up « when data is transferred between two legal entities and the other party will reuse the data for its own purposes » (Utrecht University, Research Data Management).

DSA can be different depending on the type of data, the receiving party, and the use (commercial use, academic use, testing use…) that will be made.

This page presents good practice and information on the elements that should be present in a DSA. However, it does not provide legal advice: we strongly recommend that you contact a legal advisor at your university to ensure the quality of your DSA.

What should be present in a DSA?

1. Title: should contain: the name of the agreement, of the disclosing party (the person who disclose the data), and of the receiving party.
2. Introduction: Should contain:
   1. a brief description of the data, the type of data (personal, sensitive, anonymized, pseudonymized). Are there any other documents (metadata, data documentation or description) that must be shared with the data?
   2. the purpose of the data collection and sharing, and the way data will be used by the receiving party. Are there any exclusion? Will the data be merged with other datasets?
   3. the name of the research project in which it has been collected (grant).
   4. any relevant regulation that applies to the data (university code of conduct, GDPR, etc.). If your data are concerned by GDPR, please consult our specific webpage, or contact your Data Protection Officer, it will affect the DSA as a whole.
3. Access provisions: Who will have the rights to access the data? Who has the right to change or modify the data, what methods will be used to access it? Is the access free of charge or paid?
4. Confidentiality: how will the data be protected (IT solutions, encryption, non-disclosure agreements, etc.)? What method of transfer, storage, will be used? How will the data be retained or destroyed?
5. Third parties: what can the data be used for and whether it can be shared with third parties (and which ones), and under what conditions.
6. Publishing/dissemination/sharing of data: is any party allowed to share, publish or release any insight of the data (which data, for what purpose, to whom)? Specify whether there will be secondary use or disclosure by the receiving party. Will this be a one-time disclosure or an on-going disclosure (e.g. annual)?
7. Ownership: state that the data still belong to your university (or supplementary owner if appropriate), and when they will be returned.
8. Duration and termination: the duration of the agreement and the authorization of use. In what circumstances can the agreement be terminated early?
9. Governing law: applicable law and procedure in the event of a dispute.
10. Authority: names, signatures and other legal aspects.