| Metadata | Value |
|---|---|
| Template SOP number | GDI-SOP0003 |
| Template SOP version | v1 |
| Topic | Data & metadata management |
| Template SOP Type | European-Level SOP |
| GDI Node | |
| Instance version |
- Document History
- Glossary
- Roles and Responsibilities
- Purpose
- Scope
- Introduction and Background Information
- Summary or Context Diagram
- Procedure
- References
| Template Version | Instance version | Author(s) | Description of changes | Date |
|---|---|---|---|---|
v1.0.1 |
Marcos Casado Barbero | Transform document to markdown and complete version | 2024.10.24 |
|
v1 |
Marcos Casado Barbero | Transform document to markdown and complete version | 2024.10.04 |
|
v0 |
Dylan Spalding | First version of SOP drafted | 2024.04.11 |
Find GDI SOPs common Glossary at the charter document.
For this SOP in particular, the source of truth for most definitions and terms is the 1+MG Data Access Governance for Research.
| Abbreviation | Description |
|---|---|
| DAC | Data Access Committee, responsible for reviewing access requests and approving or denying the requests |
| 1+MG DAC | 1+MG Data Access Committee - Data Access Committee, which may include several domain-specific sub-committees, provided by 1+MG that receives and reviews access requests and moderates consensus discussions on access requests where necessary |
| EDIC | European Digital Infrastructure Consortium, will serve as the DAC for managing access requests to data in GDI |
| NCP | National Coordination Point |
| Term | Definition |
|---|---|
See the qualifications and responsibilities of the roles at the Organisational Roles and Responsibilities document.
| Role | Full name | GDI/node role | Organisation |
|---|---|---|---|
| Author | Dylan Spalding | Finland / Pillar II co-lead | CSC |
| Author | Marcos Casado Barbero | Task 4.3 Lead | EMBL-EBI |
| Reviewer | Regina Becker | LU / Pillar I co-lead | LNDS |
| Reviewer | Gergő Csarnai | LU / Senior ELSI Specialist | LNDS |
| Approver | Gabriele Rinck | Task 4.3 member | EMBL-EBI |
The purpose of this SOP is to define the process for requesting and granting access to controlled data within the European Genomic Data Infrastructure (GDI). This SOP ensures that:
- Access to data is granted only in justified cases, following thorough review by the 1+MG Data Access Committee (DAC) and involving all necessary stakeholders to protect the rights and freedoms of the data subjects.
- The 1+MG DAC reviews applications to ensure compliance with the 1+MG Data Governance requirements, and makes recommendations to National Coordination Points (NCPs), who may agree or exercise their veto rights.
- The process is transparent, and disputes are resolved in a timely manner, adhering to the allocated timeframes for each request.
This SOP covers the process from when a data access application is received by the 1+MG DAC to when the application is approved or rejected by the 1+MG DAC. The input is a completed application form, and the output is a notification of approval or rejection of the request for authorisation to access the controlled access data described in the application.
To access controlled access data within the European Genomic Data Infrastructure a user must apply for authorisation to access the data from the 1+ Million Genomes Data Access Committee (1+MG DAC). The 1+MG DAC will review applications to ensure they conform to the 1+MG Data Governance requirements, and make recommendations to the relevant National Coordination Points (NCPs) who may agree or disagree with the recommendation.
Additionally, the 1+MG DAC will follow a review process when the NCP disagrees with its recommendation (see GDI-SOP0002_NCPs-veto-EDIC-decision.md). Once an agreement is reached, or the review process completes, the data user will be informed of the decision.
The following diagram summarises the step-by-step process for the recommendation by the 1+MG DAC of approval or rejection of data access applications.
graph TD
A[**Start**: Data Access<br>Application Received]
B1{**Step 1**:<br> Application Checked<br> by 1+MG DAC}
B2[**Step 2**: Application<br>Recommended for Approval]
B2.2{Response<br>from NCPs?}
B3[**Step 3**: No NCP Response<br> - Approval Confirmed]
B4[**Step 4**: NCP Agrees<br> - Approval Confirmed]
B5[**Step 5**: NCP Disagrees<br> - NCP Review<br> Process Initiated]
B6[**Step 6**: NCP Review<br> Upholds Recommendation<br> - Approval Confirmed]
B7[**Step 7**: NCP Review<br> Overrules Recommendation<br> - Application Rejected]
B8[**Step 8**: Review Delayed<br> - Inform Data User]
B9[**Step 9**: Approval confirmed<br> - Inform Data User]
B10[**Step 10**: Rejection confirmed<br> - Inform Data User]
A --> B1
B1 -->|Application<br>is approved| B2
B2 --> B2.2
B2.2 -->|No NCP Response| B3
B2.2 -->|NCP Agrees| B4
B2.2 -->|NCP Disagrees| B5
B3 --> B9
B4 --> B9
B6 --> B9
B5 -->|Recommendation Upheld| B6
B5 -->|Recommendation Overruled| B7
B5 -->|Review Delayed| B8
B1 -->|Application<br>is rejected| B10
B7 --> B10
B8 -->|Follow up<br> review process| B5
| Step identifier | When | Who |
|---|---|---|
| 1 | On receipt of notification of a new data access application | 1+MG DAC |
As the 1+MG DAC, check the requester's application, based on the criteria in the Data Access Review section of the Data Governance document. The application form, which is used to help the data requester enter valid and complete information for the application, must be checked to ensure that:
- The research has institutional sign-off, if applicable.
- The data analysis plan is present and suitable for the proposed research.
- The data minimisation principle is met.
- Algorithms (such as artificial intelligence) are suitable for the proposed purpose and transparent.
- The ethical approval has been obtained for the proposed research, where applicable, and that the approval is applicable for the proposed research and conclusions of the ethics review are followed.
- The funding mechanisms for the proposed research are in place (if required).
- The project description corresponds with the data analysis plan, and the ethical approval and legal requirements exist with respect to the requested data.
- Any peer review of the scientific validity of the proposed research exists. In case it does not, follow section II.3 of the Data Governance document.
You must finish this initial assessment within 5 working days (review agreed timelines if needed). After this period,you shall transmit the outcome of the review and a decision recommendation to the 1+MG NCPs who can channel it to relevant bodies on the national level.
Be mindful that this timeline may be affected where the planned research affects vulnerable subjects or groups, as specified in section III.2 of the Data Governance document.
Depending on the outcome of this initial evaluation:
- If all steps are correct, move to step 2.
- If any step fails, the application must be rejected:
- Inform the relevant NCPs, who may veto the rejection (see GDI-SOP0002_NCPs-veto-EDIC-decision.md). In your communication to the NCPs, clearly state the date for which their veto expires. Also inform NCPs about the possibility of extending the veto period, in exceptional and justified cases (as defined in the 1+MG Data Access Governance for Research).
- After 6 calendar days since NCPs were notified, send a reminder to the NCPs.
- After 11 working days (
DATE:A) since NCPs were notified, if no response was given from NCPs, move to step 10.
| Step identifier | When | Who |
|---|---|---|
| 2 | Once a completed application has been reviewed by the 1+MG DAC and recommended for approval | 1+MG DAC |
Once initial evaluation of data request is positive, mark application as 'Recommended for Approval'.
Inform the relevant NCP(s) of the review outcome, and pass the application to them for further action as per GDI-SOP0002_NCPs-veto-EDIC-decision.md. Record the date of recommendation and set a reminder for 11 working days (DATE:A).
Depending on the response from NCPs:
- If no response before the end of DATE:A, move to step 3.
- If NCPs agree with recommendation, move to step 4.
- If NCPs disagree with recommendation, move to step 5.
| Step identifier | When | Who |
|---|---|---|
| 3 | DATE:A is reached or past, and no response from the NCP has been received | 1+MG DAC |
After the end of DATE:A is reached with no response from relevant NCPs, confirm the approval of the data access request: move to step 9.
| Step identifier | When | Who |
|---|---|---|
| 4 | DATE:A has not been passed, and the NCP agrees with the 1+MG DAC recommendation | 1+MG DAC |
If the NCPs agree with the recommendation, then confirm the approval of the data access request: move to step 9.
| Step identifier | When | Who |
|---|---|---|
| 5 | DATE:A has not been passed, and the NCP disagrees with the 1+MG DAC recommendation | 1+MG DAC |
If the NCPs disagree with the recommendation (see GDI-SOP0002_NCPs-veto-EDIC-decision.md), initiate the review process for handling NCP disagreements as per SOP NCP review process of disagreement with 1+MG DAC recommendation. This process must be completed by the time limit set in that SOP (DATE:B).
Depending on the outcome of the NCP review process:
- If no response before the end of
DATE:B, move to step 8. - If NCPs upholds recommendation, move to step 6.
- If NCPs overrules recommendation (see GDI-SOP0002_NCPs-veto-EDIC-decision.md), move to step 7.
| Step identifier | When | Who |
|---|---|---|
| 6 | DATE:B has not been passed, and the NCP review process upholds the 1+MG DAC recommendation | 1+MG DAC |
If the outcome of the NCP review process is positive, then confirm the approval of the data access request: move to step 9.
| Step identifier | When | Who |
|---|---|---|
| 7 | DATE:B has not been passed, and the NCP review process overrules the 1+MG DAC recommendation | 1+MG DAC |
If the NCPs overrule the initial recommendation, reject the application: move to step 10.
| Step identifier | When | Who |
|---|---|---|
| 8 | DATE:B has passed, and the review process has not returned a decision within 2 months | 1+MG DAC |
After the end of DATE:B, if no decision is obtained after 2 months, inform the data user that the application is still under review.
Move back to step 5.
| Step identifier | When | Who |
|---|---|---|
| 9 | After confirmation of approval is reached | 1+MG DAC |
Regardless of the path of confirmation, once the approval has been confirmed:
- Record the decision and reasons.
- Inform the data requestor.
This concludes the process resulting in confirmation of the data request.
| Step identifier | When | Who |
|---|---|---|
| 10 | After rejection of request is reached | 1+MG DAC |
Regardless of the path of rejection:
- Record the decision and reasons (e.g., missing documents, invalid data, non-compliance with ethical standards...). Include options to rectify these issues for the data requestor to amend and re-submit the application.
- Inform the data requestor.
This concludes the process resulting in rejection of the data request.
| Reference | Description |
|---|---|
| 1 | European GDI - SOP Charter |
| 2 | European GDI - Organisational Roles and Responsibilities (ORR) |
| 3 | European GDI SOP - NCPs veto EDIC Decision |
| 4 | 1+MG Data Access Governance for Research |
| 5 | European GDI - NCP review process of disagreement with 1+MG DAC recommendation |
| 6 | European GDI - Obtain Institutional Sign-off |