Quarterly project update (October 2022)

Hello! 👋

The past quarter was a very productive one, both for us at the Data Privacy Project, as well as for privacy governance within the university as a whole.

🧠 Data Privacy Handbook

In the past quarter, we have:

• Published the chapters What are personal data?, Privacy notices, and Sharing data with collaborators. Feedback after publication is of course very welcome!.
• Upgraded the looks of the Handbook. The looks are now more in line with the style of Utrecht University.
• Added a new chapter “Privacy FAQs”, in which we want to answer real Frequently Asked Questions about privacy in research.
• Gotten enthusiastic reactions both from within and outside of the university about the Handbook.

Currently in progress:

• Chapter “Designing your project” with a short explanation of Privacy by Design strategies (soon to be published).
• More sections in the chapter “Documents and Agreements” (e.g., on Informed consent and Agreements).
• Sections on several Privacy-enhancing techniques, such as Pseudonymisation and anonymisation, Synthetic data, and Data donation.
• Collectively answering FAQs arising from the Survey and other channels.

🔍 Survey

We have recently closed the Data Privacy Survey. In total, we received 176 responses on the online survey, and had one-on-one meetings with 28 researchers. There are now 2 reports available: a report with the full Results (including for faculties separately) and one with Recommendations. Additionally, all code, documentation and a synthetic dataset are shared in the GitHub repository, and can be cited as specified here.

The next steps are to:

• Present the results of the survey to all relevant stakeholders, such as privacy officers at faculties and central level, library staff, IT staff, researchers, and possible even outside of the university.
• Answer Frequently Asked Questions arisen from the survey in the Handbook, as well as other ways to incorporate researchers’ feedback in the organisation.

🛠️ Use Cases

Use cases are research projects with a privacy-related issue that we can help solve in the form of workflows, tools, services, etc. We hope to document these in the Data Privacy Handbook for others to reuse.

In the past quarter, we have:

• Documented two use cases in the Handbook: one on Publishing metadata and one on Data minimisation in a survey.
• Started working on a use case with SURF to pilot test the “Blind” version of “SANE” (Secure ANalysis Evironment). The goal is to enable external researchers to perform analyses on a dataset to which they do not have access.
• Further developed the MetaSynth package, a Python package to generate synthetic datasets. It was also presented on the Open Science Festival.
• Found some other leads on potential use cases on Sharing personal data outside of the EU, pseudonymising different types of data, and reusing educational data (e.g., student grades) for research purposes.

💪 Dissemination

We have made significant progress on the e-learning “Privacy basics for researchers”. We are currently working on the last part of the first version of the e-learning. In the next quarter, we hope to:

• Finish a first full draft version of the e-learning, including yet to be recorded knowledge clips.
• Receive feedback from privacy officers and external universities who are also creating privacy-related materials for researchers.

❓ Questions?

Questions or comments about this project? Want to collaborate or provide input? Awesome! Please feel free to drop Dorien a message via email or Twitter.