We recently have received for the NeuralynxRawIO several datasets which were originally collected in human subjects. This has raised the question of whether such data can be placed in this repository.
I first note that questions about this have often caused quite long delays in test data being accepted for Neo, like many months. I think it is quite understandable that with these long delays the original contributors of the data and code patches lose interest and drift away. Thus these delays do not help to have Neo and ephy_testing_data be a robust community supported project.
Indeed it has previously led to code being merged without any test data in the repository or tests present in the code base. Of course, this is not really good practice. When I am asked to look at issues with Neuralynx the first thing I want to do is get some test data, place it in the proper place for the tests to find, and write a test to reproduce the problem. That way, I know if I have actually fixed it.
Of course this is an important question and I think we should have a resolved policy that is both time effective and safe. I have previously been a member of the IRB in the USA and if the data are de-identified and there is no way for researchers to tie the data back to individuals, then it is not considered "human subjects research". See https://irb.ucsf.edu/not-human-subjects-research
Given this, I would suggest the policy should be that so long as the data are de-identified or anonymized, that they should be placed into the repository.
Hoping to get input on this so we can add data kindly provided by users more quickly.
We recently have received for the NeuralynxRawIO several datasets which were originally collected in human subjects. This has raised the question of whether such data can be placed in this repository.
I first note that questions about this have often caused quite long delays in test data being accepted for Neo, like many months. I think it is quite understandable that with these long delays the original contributors of the data and code patches lose interest and drift away. Thus these delays do not help to have Neo and ephy_testing_data be a robust community supported project.
Indeed it has previously led to code being merged without any test data in the repository or tests present in the code base. Of course, this is not really good practice. When I am asked to look at issues with Neuralynx the first thing I want to do is get some test data, place it in the proper place for the tests to find, and write a test to reproduce the problem. That way, I know if I have actually fixed it.
Of course this is an important question and I think we should have a resolved policy that is both time effective and safe. I have previously been a member of the IRB in the USA and if the data are de-identified and there is no way for researchers to tie the data back to individuals, then it is not considered "human subjects research". See https://irb.ucsf.edu/not-human-subjects-research
Given this, I would suggest the policy should be that so long as the data are de-identified or anonymized, that they should be placed into the repository.
Hoping to get input on this so we can add data kindly provided by users more quickly.
Sorry I don't check GIN unless I've been tagged. This is my bad.
As someone also in the US this is how I've also understood this. Since much of the Neo infrastructure is based in Europe (France, Italy, and Germany) I think it is actually better if other people on the team comment. I'll ping them Peter!
Sorry I don't check GIN unless I've been tagged. This is my bad.
As someone also in the US this is how I've also understood this. Since much of the Neo infrastructure is based in Europe (France, Italy, and Germany) I think it is actually better if other people on the team comment. I'll ping them Peter!
I am not an expert, but I understand the main difference between the USA and the EU is about what counts as de-identified. For example, de-facing of MRI scans is not considered as sufficient (see https://doi.org/10.1016/j.ynirp.2021.100053). I believe that even EEG data cannot be shared without a specific data-use agreement, as they could in principle be linked back to an individual, especially in an era of deep-learning tools.
I am not an expert, but I understand the main difference between the USA and the EU is about what counts as de-identified. For example, de-facing of MRI scans is not considered as sufficient (see https://doi.org/10.1016/j.ynirp.2021.100053). I believe that even EEG data cannot be shared without a specific data-use agreement, as they could in principle be linked back to an individual, especially in an era of deep-learning tools.
I think the issue with neuroimages though is that the face and skull portions can be used to reconstruct an image of the person which can then be used to de-identify them.
It the case of EEG recordings I think it would be nearly impossible to use the electrical activity inside their brain to identify them. Maybe some day in the very distant, but not foreseeable, future.
Thus if any patient initials or other identifiers and the times and dates of recording are removed, I think it is truly de-identified.
I had a look at that article. Quite interesting.
I think the issue with neuroimages though is that the face and skull portions can be used to reconstruct an image of the person which can then be used to de-identify them.
It the case of EEG recordings I think it would be nearly impossible to use the electrical activity inside their brain to identify them. Maybe some day in the very distant, but not foreseeable, future.
Thus if any patient initials or other identifiers and the times and dates of recording are removed, I think it is truly de-identified.
I see that the Terms of Use say "Using G-Node services to make data available to others requires having the rights to make the data available in the way provided by the respective service, and in particular must not infringe intellectual property rights or confidentiality agreements." - do you have any suggestions about how to interpret this in the context of the GDPR?
@twachtler Does GIN have a policy on this?
I see that the Terms of Use say "Using G-Node services to make data available to others requires having the rights to make the data available in the way provided by the respective service, and in particular must not infringe intellectual property rights or confidentiality agreements." - do you have any suggestions about how to interpret this in the context of the GDPR?
The terms cannot be more detailed because only the user has the necessary information about the data and needs to take responsibility. Under which conditions and agreements have the data been recorded? Do I have permission to share them? Is it legal? Is it ethical?
De-identifyability of neuroimaging data is a concerning issue because it may be possible to identify the individual not just from facial information, but from the neuranatomy. We are actually considering introducing restrictions regarding neuroimaging data.
But do I understand correctly that the question is about EEG data? There I would agree that (assuming you have written consent to sharing the data anonymously) the neural activity data alone should not be a problem, as long as care is taken to remove any potentially identifying information from the metadata.
The terms cannot be more detailed because only the user has the necessary information about the data and needs to take responsibility. Under which conditions and agreements have the data been recorded? Do I have permission to share them? Is it legal? Is it ethical?
De-identifyability of neuroimaging data is a concerning issue because it may be possible to identify the individual not just from facial information, but from the neuranatomy. We are actually considering introducing restrictions regarding neuroimaging data.
But do I understand correctly that the question is about EEG data? There I would agree that (assuming you have written consent to sharing the data anonymously) the neural activity data alone should not be a problem, as long as care is taken to remove any potentially identifying information from the metadata.
Zach McKenzie
We recently have received for the NeuralynxRawIO several datasets which were originally collected in human subjects. This has raised the question of whether such data can be placed in this repository.
I first note that questions about this have often caused quite long delays in test data being accepted for Neo, like many months. I think it is quite understandable that with these long delays the original contributors of the data and code patches lose interest and drift away. Thus these delays do not help to have Neo and ephy_testing_data be a robust community supported project.
Indeed it has previously led to code being merged without any test data in the repository or tests present in the code base. Of course, this is not really good practice. When I am asked to look at issues with Neuralynx the first thing I want to do is get some test data, place it in the proper place for the tests to find, and write a test to reproduce the problem. That way, I know if I have actually fixed it.
Of course this is an important question and I think we should have a resolved policy that is both time effective and safe. I have previously been a member of the IRB in the USA and if the data are de-identified and there is no way for researchers to tie the data back to individuals, then it is not considered "human subjects research". See https://irb.ucsf.edu/not-human-subjects-research
Given this, I would suggest the policy should be that so long as the data are de-identified or anonymized, that they should be placed into the repository.
Hoping to get input on this so we can add data kindly provided by users more quickly.
Sorry I don't check GIN unless I've been tagged. This is my bad. As someone also in the US this is how I've also understood this. Since much of the Neo infrastructure is based in Europe (France, Italy, and Germany) I think it is actually better if other people on the team comment. I'll ping them Peter!
Zach, I think that would be good.
I have not figured out how to include the others here. It seems the normal @ convention doesn't work for me.
I am not an expert, but I understand the main difference between the USA and the EU is about what counts as de-identified. For example, de-facing of MRI scans is not considered as sufficient (see https://doi.org/10.1016/j.ynirp.2021.100053). I believe that even EEG data cannot be shared without a specific data-use agreement, as they could in principle be linked back to an individual, especially in an era of deep-learning tools.
I had a look at that article. Quite interesting.
I think the issue with neuroimages though is that the face and skull portions can be used to reconstruct an image of the person which can then be used to de-identify them.
It the case of EEG recordings I think it would be nearly impossible to use the electrical activity inside their brain to identify them. Maybe some day in the very distant, but not foreseeable, future.
Thus if any patient initials or other identifiers and the times and dates of recording are removed, I think it is truly de-identified.
@twachtler Does GIN have a policy on this?
I see that the Terms of Use say "Using G-Node services to make data available to others requires having the rights to make the data available in the way provided by the respective service, and in particular must not infringe intellectual property rights or confidentiality agreements." - do you have any suggestions about how to interpret this in the context of the GDPR?
The terms cannot be more detailed because only the user has the necessary information about the data and needs to take responsibility. Under which conditions and agreements have the data been recorded? Do I have permission to share them? Is it legal? Is it ethical?
De-identifyability of neuroimaging data is a concerning issue because it may be possible to identify the individual not just from facial information, but from the neuranatomy. We are actually considering introducing restrictions regarding neuroimaging data.
But do I understand correctly that the question is about EEG data? There I would agree that (assuming you have written consent to sharing the data anonymously) the neural activity data alone should not be a problem, as long as care is taken to remove any potentially identifying information from the metadata.