#Introduction
(enchant: ?page, (text-colour: black) + (background: white))
###About this guide
With the increasing amount of data sharing initiatives, researchers collecting brain MRI data cannot stay behind. However, many EU researchers do not know:
- Where to start
- What they can share and where
- Where they can find information or support
For these reasons, we developed this brain MRI data sharing guide. The guide is meant for researchers who want to share their MRI data of the brain, and who are new to data sharing.
Click **Yes, indeed** to go through the guide. You can always go back to previous pages or select more information. Have fun!
---
I want to share identifiable brain MRI data
[[Yes, indeed->Precautions]]
<footer>
[[About this guide->About]]
</footer>(enchant: ?page, (text-colour: black) + (background: white))
#Informed consent
Are you using informed consent as a <a href="https://gdpr-info.eu/art-6-gdpr/" target="_blank">legal basis</a> to share personal data?
---
<div class="row">
<div class="column">[[Yes -> Purposes of data sharing]] </div>
<div class="column">[[No, I don't need to -> Other legal basis]]</div>
<div class="column">[[No, I can't (anymore) -> Share derived MRI data]]</div>
<div class="column">[[I am not sure -> Find support]]</div>
</div>
<details style="background-color:#e0fdee;"><summary>ℹ️ *What needs to go in my informed consent form?*</summary>
If you are planning to share personal data with others, include at least the following information in the data sharing section of the information letter/privacy notice:
* What personal data will be shared?
* For what purpose will the personal data be shared? E.g., what type of research can reuse the data (e.g., “future research in the field of functional MRI”)?
* With whom will the personal data be shared? E.g., publicly, only with researchers from a university, within the EU, outside of the EU, upon request, etc.
* Pay special attention if you collect and want to share <a href="https://gdpr-info.eu/art-9-gdpr/" target="_blank">sensitive personal data</a>
Please refer to a GDPR-compliant consent form by the Open Brain Consent initiative <a href="https://open-brain-consent.readthedocs.io/en/latest/gdpr/ultimate_gdpr.html" target="_blank">here</a> (includes several translations).
**Please note:**
* contact your privacy officer or information manager to make sure you are complying to all necessary regulations and policies.
* if you study children under 16, informed consent is the only legal basis allowed.
</details>
<footer>
[[About this guide->About]]
</footer>(enchant: ?page, (text-colour: black) + (background: white))
#Before moving on...
Have you taken the following precautions, or are you still able to do so? Necessary precautions include:
- Deidentify the MRI data as much as possible
- Deidentify or even anonymize accompanying data as much as possible
---
<div class="row">
<div class="column">[[I have or am still able to, let's move on -> Informed Consent]]</div>
<div class="column">[[I cannot do this (anymore) -> Share derived MRI data]]</div>
</div>
<details style="background-color:#e0fdee;"><summary>ℹ️ *What precautions do I need to take to share brain MRI data?*</summary>
Because brain MRI data is unique biomedical data, we consider MRI data of the brain always **personal data**, although policies and opinions of data protection officers may differ on this matter.
To share brain MRI data safely, you need to take the following precautions:
* Ask participants for consent to share their data. Alternatively, you could consider using a different legal basis, ask your data protection officer or privacy officer for help.
* Deidentify your MRI data
* Preferably use a repository that stores data in the EU. This is because the EU is bound to the GDPR and <a href="https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/rules-international-data-transfers_en" target="_blank">other countries</a> may not be.
** Because data will be hosted on an external server (in- or outside of the EU), the institution responsible for the data needs to have a processing agreement with the repository.
** If the data are hosted outside of the EU, additional agreements need to be set up with the repository on top of the processing agreement. This is necessary to ensure that the repository will handle the data in line with the GDPR.
* For personal data, it is highly recommended to use a Data Use Agreement before sharing. This is because the institution that is considered to be the <a href="https://gdpr.eu/article-4-definitions/" target="_blank">data controller</a> remains responsible for the data and may want to control what recipients are permitted to do with the (personal) data.
</details>
<details style="background-color:#e0fdee;"><summary>ℹ️ *How is brain MRI data identifiable?*</summary>
Raw brain MRI data can be identifiable in the following ways:
* **DICOM headers and .PAR files** (Philips scanners) can contain personally identifying information such as name, date of birth, date of data collection, etc.
* Structural MRI scans often contain **facial features**
* Each brain is unique. Studies have found that **both anatomical and functional patterns can act as a fingerprint** (<a href="http://dx.doi.org/10.1101/447102" target="_blank">Abramian & Eklund, 2018</a>, *preprint*; <a href="https://arxiv.org/abs/1908.03260v1" target="_blank">Ravindra & Grama, 2019</a>, *preprint*; <a href="https://doi.org/10.1101/2019.12.17.879346" target="_blank">Peng et al., 2019</a>, *preprint*; <a href="https://doi.org/10.1038/nn.4135" target="_blank">Finn et al.</a>, 2015). If a database linking MRI data with a name is published publicly elsewhere, releasing deidentified MRI data of the same participant can lead to them being identified through combination with the named data. In that sense, MRI data can be an identifier in the form of biometric data, which is a form of sensitive personal data that requires <a href="https://gdpr-info.eu/art-9-gdpr/" target="_blank">additional protective measures</a>.
* If shared in combination with other data that can lead to identification (<a href="https://gdpr-info.eu/issues/personal-data/" target="_blank">see link</a>), e.g.:
** Identifiers, such as name, identification number, location data, phone number, personnel number, number plate, IP address, etc.
** Demographic information, e.g., zip code, date of birth, gender
** <a href="https://gdpr-info.eu/art-9-gdpr/" target="_blank">Sensitive personal data</a>: genetic, biometric and health data, racial and ethnic origin, political opinions, religious or ideological convictions, trade union membership
** Open text fields in questionnaire data
** Highly unique phenotypic and clinical data
Because brain MRI data is unique biomedical data and a unique profile can be generated from them, we consider raw and defaced structural (and possibly functional) MRI data personal data (see <a href="https://www.lcrdm.nl/files/lcrdm/2020-01/LCRDM%20Risk%20management%20for%20research%20data%20about%20people.pdf" target="_blank">this pseudonymization guide</a> for more information on different levels of pseudonymization). Please note however that policies and opinions of data protection officers may differ on this matter: some do consider deidentified MRI data an sich anonymous. Contact your data protection officer or privacy manager when in doubt.
</details>
<details style="background-color:#e0fdee;"><summary>ℹ️ *How do I deidentify my brain MRI data?*</summary>
To deidentify MRI data, perform at least the following actions:
* Remove identifying <a href="https://open-brain-consent.readthedocs.io/en/latest/anon_tools.html#sanitization-of-headers-filenames" target="_blank">header information</a> in DICOM or PAR files, such as name, date of birth, date of data collection, etc.
* <a href="https://open-brain-consent.readthedocs.io/en/latest/anon_tools.html#faces-dental-stripping" target="_blank">Deface</a> or skull strip anatomical images to get rid of facial features
* Anonymize or pseudonymize accompanying data as much as possible (<a href="http://www.cs.cornell.edu/~shmat/courses/cs5436/anonymization.pdf" target="_blank">see also</a>)
** Aggregate data, for example:
*** Date of birth → Age → Age category
*** Clinical score → Clinical category
*** Postal code → Place of residence → Province / Living area
** Remove directly identifying information, for example:
*** Name
*** Date of measurement
*** Pictures
*** Extreme or unique values that can be identifying (for example extremely old, extreme clinical scores, etc.)
* Use random identifiers (e.g., subject codes) and/or randomize these subject codes before data sharing
* Do not include keyfiles such as participant-identifier links, identifier mapping and transformation matrices in the shared dataset.
</details>
<footer>
[[About this guide->About]]
</footer>
(enchant: ?page, (text-colour: black) + (background: white))
##About this guide
This guide and documentation are currently most applicable to researchers in the Netherlands. It might also be helpful for researchers from other EU countries, but local and national regulations could differ. We encourage reusing and adapting this guide to local circumstances.
A static pdf version of this guide is available via <a href="https://doi.org/10.5281/zenodo.3822289" target="_blank">https://doi.org/10.5281/zenodo.3822289</a>.
### How to use
1. Simply follow the steps in the guide to get to an "outcome"
2. You can always go back to previous steps with the arrows on the top left
3. On some pages, you can get more information by clicking the "ℹ️" followed by a question
<details style="background-color:#e0fdee;"><summary>*ℹ️ Clicking this will give you more information*</summary>This is more information.</details>
There are 3 possible "outcomes":
1. Share MRI data publicly
2. Share MRI data with access restrictions
3. Share derived MRI data only
**Disclaimer**: We cannot guarantee that the outcome you get to is your desired outcome or the outcome that fits your particular situation best. Therefore, we recommend to **always [[find support-> Find support]]** before you share MRI data other than derived data.
### Contributing or questions?
Do you have questions, feedback or comments? Please contact Dorien Huijser via the dedicated GitHub repository: <a href="https://github.com/DorienHuijser/MRIsharingguide" target="_blank">https://github.com/DorienHuijser/MRIsharingguide</a>.
(enchant: ?page, (text-colour: black) + (background: white))
#Share derived brain MRI data
If your data cannot be deidentified as much as possible or you have no legal basis to share personal data, you cannot share the raw MRI images.
<details style="background-color:#e0fdee;"><summary>ℹ️ *What are reasons not to share raw brain MRI data?*</summary>
Valid reasons not to share raw MR images of the brain are:
* When data are not considered anonymous and you have no legal basis to share them, e.g., you have not obtained informed consent
* There is no way to share the data securely (e.g., if the data receiver cannot guarantee safe storage and processing)
* Your institution does not allow sharing personal data with others at all (this does not happen often however)
* There are ethical concerns due to the nature of the research (e.g., conducted among vulnerable or high-risk groups)
</details>
You can however still make your data useful in the following ways:
###1. Share derived brain MRI data
Instead of sharing raw MRI data which can contain sensitive information, you can always share processed/derived MRI data, such as:
* spatially normalized or otherwise preprocessed MRI data, provided the transformation matrices (containing the warping parameters for normalization) are excluded from the shared dataset. This is because such matrices can be seen as a re-identification key to get back to identifiable MRI data.
* statistical (or other) values from (individual) regions of interest
* group maps such as unthresholded statistical maps (via <a href="https://neurovault.org/" target="_blank">NeuroVault</a>). This is highly recommended, because sharing group maps this way allows for more accurate meta-analyses and makes peer reviewing your manuscript much easier.
###2. Synthetic data (functional MRI data)
Creating a synthetic dataset can be useful to capture the statistical idiosyncrasies of your real dataset. This synthetic dataset can be used to reproduce the results of your analysis, without violating any privacy or intellectual property regulations. Synthesizing MRI data relies on having a very clear and precise “forward model” of what the BOLD response of a given voxel will be, depending on some response parameter of that voxel. Therefore, synthetic MRI data can also be used for power analysis. Read more <a href="https://brainpower.readthedocs.io/en/latest/simulations.html" target="_blank">here</a> and <a href="https://doi.org/10.1016/j.neuroimage.2020.117284" target="_blank">here</a>.
###3. Federated/distributed learning
Federated or distributed learning arises from the field of Artificial Intelligence and relies “on the principle of remote execution—that is, distributing copies of a machine learning algorithm to the sites or devices where the data is kept (nodes), performing training iterations locally, and returning the results of the computation (for example, updated neural network weights) to a central repository to update the main algorithm.” (<a href="https://doi.org/10.1038/s42256-020-0186-1" target="_blank">Kaissis et al., 2020</a>). This means that you do not move your data, while still providing valuable information about it.
Some federated learning tools and projects:
* <a href="https://github.com/trendscenter/coinstac" target="_blank">COINSTAC</a>
* <a href="https://github.com/OpenMined/PySyft" target="_blank">PySyft</a>
* <a href="http://enigma.ini.usc.edu/" target="_blank">ENIGMA</a> consortium: Consortium with several working groups. Share pre- and post-processing analysis scripts, the leading site will conduct the meta-analysis
* <a href="https://ohdsi.org/" target="_blank">OHDSI</a> (Observational Health Data Sciences and Informatics): collaborative to bring out the value of health data through large-scale analytics.
* <a href="https://www.dtls.nl/fair-data/personal-health-train/" target="_blank">Personal Health Train</a>, part of Health-RI (official website <a href="https://pht.health-ri.nl/" target="_blank">here</a>)
---
See all data sharing platforms [[here -> Platform overview]]
##Take note
* When in doubt, always [[talk with a data steward, trial officer or information manager -> Find support]] at your institution!
* Preferably use the <a href="https://bids.neuroimaging.io/" target="_blank">BIDS format</a> for your MRI data.
* Always aim to include a persistent identifier (e.g., DOI) to your (meta)data in your manuscript.
<footer>
[[About this guide->About]]
</footer>(enchant: ?page, (text-colour: black) + (background: white))
#Purposes of data sharing
To what purposes of personal data sharing have your participants consented or will they consent?
---
<div class="row">
<div class="column">[[No MRI data sharing -> Share derived MRI data]] </div>
<div class="column">[[Public data sharing for all purposes, also outside of the EU -> Sample consent]]</div>
<div class="column">[[Data sharing under specific conditions -> Deidentified data with access restrictions]]</div>
</div>
<details style="background-color:#e0fdee;"><summary>ℹ️ *What needs to go in my informed consent form?*</summary>
If you are planning to share personal data with others, include at least the following information in the data sharing section of the information letter/privacy notice:
* What personal data will be shared?
* For what purpose will the personal data be shared? E.g., what type of research can reuse the data (e.g., “future research in the field of functional MRI”)?
* With whom will the personal data be shared? E.g., publicly, only with researchers from a university, within the EU, outside of the EU, upon request, etc.
* Pay special attention if you collect and want to share <a href="https://gdpr-info.eu/art-9-gdpr/" target="_blank">sensitive personal data</a>
Please refer to a GDPR-compliant consent form by the Open Brain Consent initiative <a href="https://open-brain-consent.readthedocs.io/en/latest/gdpr/ultimate_gdpr.html" target="_blank">here</a> (includes several translations).
**Please note:**
* contact your privacy officer or information manager to make sure you are complying to all necessary regulations and policies.
* if you study children under 16, informed consent is the only legal basis allowed.
</details>
<footer>
[[About this guide->About]]
</footer>(enchant: ?page, (text-colour: black) + (background: white))
#No informed consent
I do not need to obtain informed consent, because either
- My institution considers deidentified MRI data anonymous.
- At my institution, we use a different legal basis for personal data sharing than informed consent.
Please make sure that your institute's data protection officer agrees when you think either of these scenarios is the case.
---
One of these scenarios is indeed true:
<div class="row">
<div class="column">[[Yes, I made sure -> Sample no consent]]</div>
<div class="column">[[I am not sure -> Find support]]</div>
<div class="column">[[No, back to informed consent -> Informed Consent]]</div>
</div>
<details style="background-color:#e0fdee;"><summary>ℹ️ *What is identifiable data?*</summary>
The General Data Protection Regulation (GDPR) distinguishes 2 types of data:
###Anonymous data
Anonymous data is data that is not in any way traceable to an individual. Strictly speaking, re-identification should not be possible with anonymous data. Importantly, anonymous data do not fall under the GDPR. Therefore, from a privacy perspective, **sharing anonymous data publicly is possible without requiring a legal basis**.
###Personal data
All data that can identify individuals with **reasonable means** are personal, either directly or indirectly:
* Directly: for example, via a name, picture, or contact information
* Indirectly:
** If your data are so **unique**, they can only refer to one person. For example, if your data includes a man 105 years of age from a small Dutch village, those living in that village will most likely be able to say: ‘Hey, that’s Bob!’
** If combining (public) datasets can lead to identification through a so-called **“linkage attack”**, i.e., linking de-identified data with data that contain identifying information. For example, the combination of zip code, date of birth and gender can already identify 87% of the United States population (<a href="http://www.cs.cornell.edu/~shmat/courses/cs5436/anonymization.pdf" target="_blank">source</a>). An attacker could use public data (e.g., a voter list) that contains names, gender, zip code and date of birth to cross-reference and identify the individuals (<a href="https://www.marklogic.com/blog/protecting-linkage-attacks-use-anonymous-data/" target="_blank">see link</a>).
** If re-identification is still possible. Data that look anonymous but can still re-identify individuals are called <a href="https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-8-pseudonymization/" target="_blank">**pseudonymous**</a> data.One example is when the name-number key still exists:
*** A strict interpretation of the GDPR states that the data can **never** be anonymous as long as this key file exists, no matter how securely stored it may be.
*** A more liberal interpretation of the GDPR is that the data can be considered anonymous if the key file is not shared and is stored securely and the data are anonymous in all other aspects as well.
**All personal data fall under the GDPR**. In order to be able to process and share these data, you need a legal basis. In research, this is most often **informed consent** (but there are <a href="https://gdpr.eu/article-6-how-to-process-personal-data-legally/" target="_blank">other legal grounds</a> to consider as well).
###Are my data personal?
It is sometimes difficult to estimate whether your data are anonymous. Generally, you can follow the following steps:
1. **Deidentify** your data, e.g., remove directly identifying information
2. After deidentification, estimate whether it is possible to re-identify someone using **reasonable means**
3. Think about whether these means would be reasonable **within a few years' time** as well, e.g., considering the speedy development of Artificial Intelligence and Big Data.
4. Think about how **unique** your study sample is and evaluate the risk of identification for this population
5. Before making a decision on anonymity, consider all of the above together with a privacy officer or data steward at your institute.
See also <a href="https://docs.google.com/presentation/d/1LLtjGaeQgGHojZZ0q_hkgCHpOmP_nboekw_oX6aDslE/edit?usp=sharing" target="_blank">this presentation</a> by Enrico Glerean from Aalto University (2020-10-27).
</details>
<footer>
[[About this guide->About]]
</footer>(enchant: ?page, (text-colour: black) + (background: white))
#Sample
My study sample consists of...
---
<div class="row">
<div class="column">[[Healthy or non-vulnerable participants -> Deidentified data publicly]]</div>
<div class="column">[[Young or otherwise vulnerable participants -> Deidentified data with access restrictions]]</div>
</div>
<details style="background-color:#e0fdee;"><summary>ℹ️ *When does my data require extra protection?*</summary>
We recommend not sharing data publicly and introducing additional access restrictions in the following situations:
* When you have collected data from high-risk or <a href="http://ec.europa.eu/newsroom/document.cfm?doc_id=47711" target="_blank">vulnerable individuals</a>, such as:
** children (<16)
** clinical populations (especially when individuals show unique abnormalities)
* When your data are easily identifiable, e.g., because they are highly unique or contain identifying additional information and pseudonymizing them would lead to data loss.
</details>
<details style="background-color:#e0fdee;"><summary>ℹ️ *What is identifiable data?*</summary>
The General Data Protection Regulation (GDPR) distinguishes 2 types of data:
###Anonymous data
Anonymous data is data that is not in any way traceable to an individual. Strictly speaking, re-identification should not be possible with anonymous data. Importantly, anonymous data do not fall under the GDPR. Therefore, from a privacy perspective, **sharing anonymous data publicly is possible without requiring a legal basis**.
###Personal data
All data that can identify individuals with **reasonable means** are personal, either directly or indirectly:
* Directly: for example, via a name, picture, or contact information
* Indirectly:
** If your data are so **unique**, they can only refer to one person. For example, if your data includes a man 105 years of age from a small Dutch village, those living in that village will most likely be able to say: ‘Hey, that’s Bob!’
** If combining (public) datasets can lead to identification through a so-called **“linkage attack”**, i.e., linking de-identified data with data that contain identifying information. For example, the combination of zip code, date of birth and gender can already identify 87% of the United States population (<a href="http://www.cs.cornell.edu/~shmat/courses/cs5436/anonymization.pdf" target="_blank">source</a>). An attacker could use public data (e.g., a voter list) that contains names, gender, zip code and date of birth to cross-reference and identify the individuals (<a href="https://www.marklogic.com/blog/protecting-linkage-attacks-use-anonymous-data/" target="_blank">see link</a>).
** If re-identification is still possible. Data that look anonymous but can still re-identify individuals are called <a href="https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-8-pseudonymization/" target="_blank">**pseudonymous**</a> data.One example is when the name-number key still exists:
*** A strict interpretation of the GDPR states that the data can **never** be anonymous as long as this key file exists, no matter how securely stored it may be.
*** A more liberal interpretation of the GDPR is that the data can be considered anonymous if the key file is not shared and is stored securely and the data are anonymous in all other aspects as well.
**All personal data fall under the GDPR**. In order to be able to process and share these data, you need a legal basis. In research, this is most often **informed consent** (but there are <a href="https://gdpr.eu/article-6-how-to-process-personal-data-legally/" target="_blank">other legal grounds</a> to consider as well).
###Are my data personal?
It is sometimes difficult to estimate whether your data are anonymous. Generally, you can follow the following steps:
1. **Deidentify** your data, e.g., remove directly identifying information
2. After deidentification, estimate whether it is possible to re-identify someone using **reasonable means**
3. Think about whether these means would be reasonable **within a few years' time** as well, e.g., considering the speedy development of Artificial Intelligence and Big Data.
4. Think about how **unique** your study sample is and evaluate the risk of identification for this population
5. Before making a decision on anonymity, consider all of the above together with a privacy officer or data steward at your institute.
See also <a href="https://docs.google.com/presentation/d/1LLtjGaeQgGHojZZ0q_hkgCHpOmP_nboekw_oX6aDslE/edit?usp=sharing" target="_blank">this presentation</a> by Enrico Glerean from Aalto University (2020-10-27).
</details>
<footer>
[[About this guide->About]]
</footer>(enchant: ?page, (text-colour: black) + (background: white))
#Share deidentified brain MRI data with access restrictions
Provided you have a legal basis (e.g., explicit informed consent), you can share your deidentified raw MRI data with **access restrictions**, e.g., by granting access after:
- signing a data use agreement
- accepting terms or using a restrictive license
<details style="background-color:#e0fdee;"><summary>ℹ️ *When do I need a Data Use Agreement?*</summary>
###What is a DUA?
A Data Use Agreement (DUA; sometimes: data sharing agreement) is a legal document between two parties (often 2 institutions) in which an agreement is made about which data can be used by whom and how. In a way, a DUA can function as a substitute for a license if you just share the data case by case.
Use a DUA when:
* you want to take additional measures to better protect your participants’ privacy.
* you want to take care of ownership issues.
**Please note**
* A DUA is **not** a replacement for informed consent. If you don’t have explicit consent, you cannot share personal data.
* Make sure an **authorized signatory** of your institution signs the agreement. In most cases, the institution claims ownership over all collected research data. Therefore, in most cases, someone who is authorized to make decisions on behalf of the institution should sign the agreement, not individual researchers.
###Content
A DUA often contains at least the components mentioned in <a href="https://open-brain-consent.readthedocs.io/en/latest/gdpr/data_user_agreement.html" target="_blank">this template</a>. It is important to have your legal department take a look at the agreement:
* formulations may differ per institution
* your institution may have model agreements available to use as a template
* all legal agreements need to be approved by them.
</details>
<details style="background-color:#e0fdee;"><summary>ℹ️ *What license should I use for MRI data?*</summary>
Not all commonly used licenses are appropriate for data(bases). Some recommended licenses are:
* **Sharing data publicly**: CC0: your data will become public domain. This allows people to do anything they want with the data, technically even without acknowledging the source.
* **Sharing data publicly or on request**: CC-BY 4.0: allows people to do anything they want with the data, while acknowledging the source.
* **Sharing data case by case**: DUA: a Data Use Agreement can be seen as a specific license that is designed for data and can take into account that, besides the rights of the licensor (e.g. the researcher or university), there may also be rights of the participants whose data is included, for example relating to re-identification. You could call an “agreement” or a “contract” between data provider and data downloader a “license”, but calling it a “data use agreement” makes it more explicit that it is not about the (re)use of a creative work (like written text or code by an author) but reuse of measured/observed data (<a href="https://open-brain-consent.readthedocs.io/en/latest/gdpr/data_user_agreement.html" target="_blank">source: Open Brain Consent</a>)
</details>
Depending on the contents of your informed consent form and your study population, the necessary access restrictions may differ.
You can additionally [[share only derived (e.g., group) MRI data -> Share derived MRI data]]
---
Platforms you could use to share data with access restrictions include:
* <a href="https://ebrains.eu/" target="_blank">EBRAINS</a>
* <a href="https://data.4tu.nl/info/en/use/publish-cite/upload-your-data-in-our-data-repository/" target="_blank">4TU data</a>
* <a href="https://easy.dans.knaw.nl/ui/home" target="_blank">DANS EASY</a>
* <a href="https://trait.health-ri.nl/trait-tools/xnat" target="_blank">TraIT</a>
* Institute-specific repositories, e.g., <a href="https://dataverse.nl/" target="_blank">DataverseNL</a>
* During research: case by case sharing via <a href="http://surfdrive.surf.nl/" target="_blank">SURFdrive</a> / <a href="http://filesender.surf.nl/" target="_blank">SURF filesender</a> / <a href="https://www.surf.nl/en/research-drive-securely-and-easily-store-and-share-research-data" target="_blank">SURF Research Drive</a>. Note that these are **not FAIR** solutions
* See all platforms [[here -> Platform overview]]
##Take note
* When in doubt, always [[talk with a data steward, trial officer or information manager -> Find support]] at your institution!
* Preferably use the <a href="https://bids.neuroimaging.io/" target="_blank">BIDS format</a> for your MRI data.
* Always aim to include a persistent identifier (e.g., DOI) to your (meta)data in your manuscript.
<footer>
[[About this guide->About]]
</footer>(enchant: ?page, (text-colour: black) + (background: white))
#Find support
If you are not certain how you should go about data sharing, especially when it concerns personal data, please go find support within your institution, such as a data steward, privacy officer, information manager, or trial officer. See <a href="https://www.lcrdm.nl/en/rdm-in-the-netherlands" target="_blank">this link</a> for support at most Dutch institutions.
<footer>
[[About this guide->About]]
</footer>(enchant: ?page, (text-colour: black) + (background: white))
#Sample
My study sample consists of...
---
<div class="row">
<div class="column">[[Healthy adults (> 16) -> Deidentified data publicly]]</div>
<div class="column">[[Vulnerable participants, e.g., clinical groups -> Deidentified data with access restrictions]]</div>
<div class="column">[[Children (< 16) -> Informed Consent]]</div>
</div>
<details style="background-color:#e0fdee;"><summary>ℹ️ *When does my data require extra protection?*</summary>
We recommend not sharing data publicly and introducing additional access restrictions in the following situations:
* When you have collected data from high-risk or <a href="http://ec.europa.eu/newsroom/document.cfm?doc_id=47711" target="_blank">vulnerable individuals</a>, such as:
** children (<16)
** clinical populations (especially when individuals show unique abnormalities)
* When your data are easily identifiable, e.g., because they are highly unique or contain identifying additional information and pseudonymizing them would lead to data loss.
</details>
<footer>
[[About this guide->About]]
</footer>(enchant: ?page, (text-colour: black) + (background: white))
#Share deidentified brain MRI data publicly
Provided you have a legal basis (e.g., explicit informed consent) and you do not have highly unique data from vulnerable populations, you can share your deidentified raw MRI data publicly. Please note that sharing data publicly is **irreversible**, so when in doubt, please contact someone at your institute.
---
Additional options to share your MRI data include:
<div class="row">
<div class="column">[[Share your data with acces restrictions -> Deidentified data with access restrictions]]</div>
<div class="column">[[Share only derived (e.g., group) MRI data -> Share derived MRI data]]</div>
</div>
---
Platforms you could use to share MRI data publicly include:
* <a href="https://openneuro.org/" target="_blank">Openneuro</a>
* <a href="https://ebrains.eu/" target="_blank">EBRAINS</a>
* <a href="https://osf.io/" target="_blank">Open Science Framework</a>
* <a href="https://zenodo.org" target="_blank">Zenodo</a>
* <a href="https://data.4tu.nl/info/en/use/publish-cite/upload-your-data-in-our-data-repository/" target="_blank">4TU data</a>
* <a href="https://easy.dans.knaw.nl/ui/home" target="_blank">DANS EASY</a>
* <a href="https://trait.health-ri.nl/trait-tools/xnat" target="_blank">TraIT</a>
* Institute-specific repositories, e.g., <a href="https://dataverse.nl/" target="_blank">DataverseNL</a>
* See all platforms [[here -> Platform overview]]
##Take note
* When in doubt, always [[talk with a data steward, trial officer or information manager -> Find support]] at your institution!
* Preferably use the <a href="https://bids.neuroimaging.io/" target="_blank">BIDS format</a> for your MRI data.
* Always aim to include a persistent identifier (e.g., DOI) to your (meta)data in your manuscript.
<footer>
[[About this guide->About]]
</footer>(enchant: ?page, (text-colour: black) + (background: white))
On this page, you can find an overview of some of the most common platforms that are currently available for Dutch researchers to share neuroimaging data. If there is no suitable solution in this overview, try searching for one here.
Please note that storage of personal data within the EU is needed to comply with the GDPR.
**Quick jump to**:
- <a href="#internationalservices">International services</a>
- <a href="#dutchservices">National (Dutch) services</a>
- <a href="#instituteservices">Institute-specific services</a>
<h2 id = "internationalservices">International services</h2>
<table>
<tr>
<th>Name</th>
<th>Description</th>
<th>Storage location</th>
<th>Access restrictions</th>
<th>Storage limit</th>
<th>Costs</th>
</tr>
<tr> <!-- OPENNEURO -->
<td><a href="https://openneuro.org/" target="_blank">Openneuro</a></td>
<td>Platform for sharing raw (defaced) neurimaging datasets using the <a href="https://bids.neuroimaging.io/" target="_blank">BIDS format</a></td>
<td>United States</td>
<td>Public or embargoed for up to 6 months</td>
<td>No limit</td>
<td>Free</td>
</tr>
<tr> <!-- EBRAINS -->
<td><a href="https://ebrains.eu/" target="_blank">EBRAINS</a> (in development)</td>
<td>Platform for sharing raw (defaced) MRI data, requires institution subscription, reviewed before publication</td>
<td>Switzerland</td>
<td>Public, Embargoed or Restricted access (for registered users only)</td>
<td>Unknown</td>
<td>Unknown</td>
</tr>
<tr> <!-- OPEN SCIENCE FRAMEWORK -->
<td><a href="https://osf.io/" target="_blank">Open Science Framework<a></td>
<td>Project management and sharing tool</td>
<td>United States, Germany, Canada or Australia</td>
<td>Public and Private</td>
<td>50 GB for public projects, 5 GB for private projects</td>
<td>Free</td>
</tr>
<tr> <!-- NEUROVAULT -->
<td><a href="https://neurovault.org/" target="_blank">NeuroVault</a></td>
<td>Platform for sharing unthresholded statistical maps, parcellations, and atlases</td>
<td>United States</td>
<td>Public and Private</td>
<td>No limit</td>
<td>Free</td>
</tr>
<tr> <!-- ZENODO -->
<td><a href="https://zenodo.org" target="_blank">Zenodo</a></td>
<td>General purpose repository for sharing and archiving all kinds of research output</td>
<td>Switzerland</td>
<td>Open, Embargoed or Closed (depending on the license used)</td>
<td>50 GB</td>
<td>Free</td>
</tr>
</table>
---
<h2 id="dutchservices">National (Dutch) services</h2>
<table>
<tr>
<th>Name</th>
<th>Description</th>
<th>Storage location</th>
<th>Access restrictions</th>
<th>Storage limit</th>
<th>Costs</th>
</tr>
<tr> <!-- 4TU data -->
<td><a href="https://data.4tu.nl/info/en/use/publish-cite/upload-your-data-in-our-data-repository/" target="_blank">4TU data</a></td>
<td>International data repository for sharing and archiving data in the fields of science, engineering and design</td>
<td>The Netherlands</td>
<td>Public, Embargoed, Restricted or Metadata only</td>
<td>Up to 1 TB</td>
<td>Free up to 10 GB, free up to 1 TB for affiliated researchers</td>
</tr>
<tr> <!-- DANS EASY -->
<td><a href="https://easy.dans.knaw.nl/ui/home" target="_blank">DANS EASY</a></td>
<td>Dutch generic service for archiving and sharing data</td>
<td>The Netherlands</td>
<td>Public, Registered users, Restricted (editable access conditions), Other (via another repository)</td>
<td>No limit</td>
<td>Free up to 100 GB for individual researchers</td>
</tr>
<tr> <!-- TRAIT -->
<td><a href="https://trait.health-ri.nl/" target="_blank">TraIT</a> by Health-RI</td>
<td>Dutch imaging platform for clinical data management,data processing, collaboration and archiving</td>
<td>The Netherlands</td>
<td>Public, Protected (public metadata), Private</td>
<td>No limit</td>
<td>See <a href="https://trait.health-ri.nl/about-trait/pricing-model" target="_blank">pricing</a></td>
</tr>
</table>
---
<h2 id="instituteservices">Institute-specific services</h2>
<table>
<tr>
<th>Name</th>
<th>Description</th>
<th>Storage location</th>
<th>Access restrictions</th>
<th>Storage limit</th>
<th>Costs</th>
</tr>
<tr> <!-- YODA -->
<td><a href="https://www.uu.nl/en/research/yoda" target="_blank">iRODS Yoda</a></td>
<td>Full-circle SURF service for data management, archiving and publishing (currently in pre-production mode)</td>
<td>The Netherlands</td>
<td>Public, Metadata only, Archiving only (private)</td>
<td>Institution-dependent</td>
<td>Free for researchers at affiliated institutions</td>
</tr>
<tr> <!-- DATAVERSE -->
<td><a href="http://dataverse.nl/" target="_blank">DataverseNL</a> (in development)</td>
<td>Sharing and archiving publication-related data and documentation (guidelines may differ between institutions)</td>
<td>The Netherlands</td>
<td>Public, On request, Custom conditions, Private URL</td>
<td>Max. 9.3 GB per (zip)file</td>
<td>Free for affiliated researchers</td>
</tr>
<tr> <!-- EDR -->
<td><a href="https://datarepository.eur.nl/" target="_blank">Erasmus University Rotterdam data repository<a></td>
<td>Sharing and archiving data and documentation for EUR-researchers</td>
<td>Figshare: Amazon Web Services, Ireland</td>
<td>Public, Private, Custom conditions</td>
<td>5 GB per file, 20 GB private space, unlimited public space</td>
<td>Free for EUR researchers</td>
</tr>
<tr> <!-- DONDERS -->
<td><a href="https://data.donders.ru.nl/" target="_blank">Donders repository</a></td>
<td>Data repository for the Donders Institute in Nijmegen</td>
<td>The Netherlands</td>
<td>Public, Restricted, Custom conditions</td>
<td>No limit</td>
<td>Free for researchers at Radboud university</td>
</tr>
<tr> <!-- Amsterdam UMCdb -->
<td><a href="https://amsterdammedicaldatascience.nl/" target="_blank">Amsterdam UMCdb</a></td>
<td>Medical database for sharing clinical ICU data, not usable for everyone</td>
<td>The Netherlands</td>
<td>Restricted</td>
<td>Unknown</td>
<td>Unknown</td>
</tr>
<tr> <!-- OMERO -->
<td><a href="https://www.openmicroscopy.org/omero/" target="_blank">OMERO</a></td>
<td>Manage, archive and share imaging data (originally for microscopy data)</td>
<td>The Netherlands</td>
<td>Private, Read-only, Read-annotate, Read-write</td>
<td>Unknown</td>
<td>Unknown</td>
</tr>
<tr> <!-- SURFDrive -->
<td><a href="http://surfdrive.surf.nl/" target="_blank">SURFdrive</a></td>
<td>SURF service for collaborating on files in the cloud during research. <b>Suitable for sharing case by case; not FAIR!</b></td>
<td>The Netherlands</td>
<td>Create links, Share folders. Access levels: read, write</td>
<td>500 GB per affiliated researcher</td>
<td>Free for affiliated researchers</td>
</tr>
<tr> <!-- SURF Research Drive -->
<td><a href="https://www.surf.nl/en/research-drive-securely-and-easily-store-and-share-research-data" target="_blank">SURF Research Drive</a></td>
<td>SURF service for collaborating on data and documents in the cloud in teams. <b>Suitable for sharing case by case; not FAIR!</b></td>
<td>The Netherlands</td>
<td>Create links, Share folders. Access levels: read, write (delete, edit, move), reshare</td>
<td>Institution-dependent</td>
<td>Institution-dependent</td>
</tr>
<tr> <!-- SURF Filesender -->
<td><a href="http://filesender.surf.nl/" target="_blank">SURF filesender</a></td>
<td>SURF service for securely sending files (replacing email attachments). <b>Suitable for sharing case by case; not FAIR!</b></td>
<td>The Netherlands (data are saved 14-21 days)</td>
<td>Download via email or URL, additional encryption possible</td>
<td>1 TB (2 GB when sending encrypted)</td>
<td>Free for affiliated researchers</td>
</tr>
</table>
<footer>
[[About this guide->About]]
</footer>