Principle 4 (Legal Compliance): Data used and methods employed are consistent with legal requirements such as Data Protection Legislation, the Human Rights Act 1998, the Statistics and Registration Service Act 2007 and the common law duty of confidence
16. Established legal gateways and agreements
Low risk:
The access and use of this data are lawful via a legal gateway, or a gateway is not required
Average risk:
Don’t know, or unsure if the proposed use of data requires a legal gateway
High risk:
Legality has not been confirmed, and/or there has been no formal action to seek legal advice or clearance from the relevant department
Depending on the type of research that you are undertaking, there may be a requirement for data to be acquired, processed, accessed, or disclosed via powers set out in legislation in order for the research to go ahead. We call these powers legal gateways.
If required, it is your responsibility to ensure that you access the data required for your research using appropriate legal gateways and agreements, and for the purpose that these gateways and agreements were intended for. Examples of legal gateways that may facilitate this access include the Accredited Researcher scheme in the Digital Economy Act 2017, the Approved Researcher scheme in the Statistics and Registration Service Act 2007, and Section 251 of the NHS Act.
As identified in the first response in the self-assessment tool, a legal gateway may not be required for data to be accessed and processed. This may be due to the project being a primary survey collection activity, or a case of a data owner accessing data that it already holds (such as ONS analysts using data that ONS already holds).
Please note, however, that legal gateways and data agreements do not exclusively apply to data access and may also apply to other areas of analysis and data sharing, such as data linkage, processing and onwards disclosure. Please consider all aspects of the research that you are undertaking when considering where legal gateways may be applicable. If this is unclear, please get in touch with your organisation’s legal support service.
For further information on ethical considerations when using third-party data, see our high-level ethics checklist focused on this data type.
Back to top17. Established legal frameworks
Low risk:
The proposed use of data is compliant with all relevant legislation
Average risk:
Don’t know, or unsure what the relevant legal frameworks are in the research area
High risk:
Legal frameworks are unclear or still developing in the research area
For this item, please consider what legal frameworks are applicable to your research. Examples of commonly applicable legal frameworks for research and statistics include: the Research strand of the Digital Economy Act 2017, UK GDPR, the Human Rights Act 1998 and the Equality Act 2010. Within your scoring justification, where applicable, you should include detail on your lawful basis for processing this data under UK GDPR. Note, if the lawful basis is consent, this must be reflected in the ethical consent item.
Working within a developing legal framework entails risks, especially for long-term projects, and as such requires researchers to remain alert to assess the impact of new laws relevant to their project. Due to the trans-national nature of some data and/or research projects, researchers should also consider the need to comply with international legislation when appropriate.
Researchers should consult with legal professionals to ensure the legal compliance of their approach.
Back to top