Skip to Main Content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Research Data Management: Legal aspects of data

Personal and confidential information

Every research data involves the questions of rights, legal and ethical issues. Show that you are aware of the relevant legislation related to your data processing. Get familiarised with Data protection path of research in Tampere higher education community.

  • Does your data include personal information? The term personal data refers to all information relating to an identified or identifiable natural person. Personal data include, for example, name, address, an identification number, location data, an IP address, an online identifier, a photograph, dietary data, health data, or other data that on its own or combined with other data tells something about a specific individual.
  • If personal data are processed in your research, Data Protection Act will apply to it.
  • The basis for collecting, processing and storing personal data for research purposes must always be described in the research plan and in the data management plan.
  • Does the research include sensitive data (i.e. a specific category of personal data)?
  • Does your work require a research permit or ethical review?
  • Do you work with other confidential data (e.g., commercial or company data, trade secrets, military information, sensitive species data)?
  • Explain what are the risks (.docx) involved and how are they managed.

In your DMP, the focus should be on the ethical aspects of the data management whereas the ethical issues related to your research methods are covered in the research plan.

Guidelines for handling personal information in research
Further information

Sensitive data

Collecting and processing special categories of personal data (or “sensitive data”) is possible for scientific or historical research purposes or statistical purposes (article 9, EU’s General Data Protection Regulation). Special categories of personal data include:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • sexual orientation
  • information about a person’s health
  • criminal convictions and offenses
  • genetic or biometric data processed for uniquely identifying a person.

When sensitive data belonging to special categories are collected, consent must be explicit. Sensitive data also requires specific protection because there is a significant risk to the fundamental rights of the individual. In the data management, actions intended to minimise the risks of revealing sensitive information must be taken care of during the entire data lifecycle.

Read more: Additional instructions for planning the management of sensitive and confidential data 2019

Intellectual Property Rights

Agreements on the IPR rights and rights of use of the data should be made before you start collecting or producing the data. By doing so, you prevent possible conflicts at later stages and make sure that your data will be accessible and reusable.

Check the short video about Intellectual property rights and data by Maria Rehbinder from Aalto University.

Data that is factual, has no copyright protection and it is not possible to copyright facts. In many cases, the data in a data management system as well as the metadata describing that data is factual, and hence not protected by copyright. However, project might, for example, use copyrighted photographs.

A database can also have legal protection (sui generis data base right, for example). A process of deciding what data needs to be included in the database, how to organize data, and how to relate different data elements are all creative decisions that may receive protection. So, intellectual property rights can govern the use of databases but also some data content.

Data can also be protected by trade secrets legislation (in Finnish)

Rights to research data may be created in three ways

  1. by legislation (e.g., copyright)
  2. by commitments (e.g., funder requirements)
  3. by agreements (e.g.,  research consortia, contract research, co-operation with companies).
Tips for best practices
  • Tampere higher education community's Open Science and Research policy states that research data produced within Tampere higher education community is primarily owned by Tampere University or Tampere University of Applied Sciences. The researcher always has the first right to the data. When the data form a work as stipulated in Section 1 of the Copyright Act, the copyright belongs to the producer of the data.
  • Check the Intellectual property policy of Tampere Universities.
  • Researcher's Practical Guide to Intellectual Property 2017 by Aalto University
  • Copyright (Finnish Social Science Data Archive)
  • Innovation services can help you with questions related to various aspects on utilization of research results and know how and IP protection aspects. Please contact
  • If you receive personal or sensitive personal data from a third party, e.g., a health care register, you or the University may still be the controller for that data even if you or the University does not own the data. In these cases, the research contract you make with the data owner sets the conditions how you can use and share the data.

Photo by

Contact us

Is there something you did not found in this guide? Or is some important information missing? You can always contact us for further information, and we will help you with the research data management.