Skip to content
The picture shows a section of a keyboard with a blue cube bearing a white Paragraph symbol lying on it.

Breaches and contractual penalties

The aim of this website is to give users and interested researchers a quick overview of our guidelines and to inform them about the contractual penalties for breaches. The website does not claim to be complete, all guidelines and breaches are listed in the user agreements.

Guidelines:

Data users shall use the weakly anonymous data made available by the FDZ of the BA solely for the purpose of the requested research project. These data shall not be used for any other purpose, disclosed to third parties (including research partners) or used for commercial purposes.

Data users will be provided with access to weakly anonymous data on-site and via remote execution. Extensions of this group of persons are amendments to the agreement and are only valid if made in writing. The requesting institution is obliged to notify the FDZ of the BA immediately about separations of users from the institution conducting the research project.

The requesting institution and the data users agree that the weakly anonymous data made available by the FDZ of the BA will be kept confidential.

The data, or extracts thereof, shall not be combined with other micro data. However, data at an aggregate level may be added to the data in accordance with the guidelines of the FDZ of the BA. Permission of adding such aggregate data requires prior consent of the FDZ of the BA.

Weakly anonymous data and internal output must neither be copied in writing, printed or photographed nor copied, duplicated or removed from the computing environment of the FDZ of the BA by any other means. The dissemination of weakly anonymous data or internal output via email, telephone, text messages, fax or any other form of communication is prohibited.

Other breaches include extraction, transfer or publication of internal output via remote execution with JoSuA, noncompliance with the Guidelines for the Design of Evaluation Programmes and Analysis Results (pdf), attempts at deanonymization, and publication of results that permit inferences on single people or establishments.

The data user shall be required to pay up to 60,000 Euros in total in the event of a wilful or grossly negligent breach. The enforcement of further claims remains intact.

In the event of a breach the data user shall also be barred from all provisions of data and data access from the FDZ of the BA and the IAB for a period of up to two years.

Should any third party collaborating in the requested research project be barred from data access, the requesting institution and its data users will also be barred from data access for the research project for the same period as the third party.

After a breach, a statement is requested from the users concerned, which is forwarded to the IAB legal department. This department examines each breach individually and decides on the penalty.

Information about breaches will be shared with other Research Data Centres and Data Service Centres.

Guidelines:

The data recipient may process and use the data set solely in the context of the requested research project (Earmarking).

The data recipient is obliged to delete the data set, including any backup files, data extracts and auxiliary files, by the end of the data use period at the latest.

The deletion of the data set shall be confirmed in writing immediately by the data protection officer or the director of the research institution and this confirmation shall be transmitted to the FDZ of the BA.

The data recipient is obliged to apply to the FDZ of the BA again for an extension of the group of the requested users.

The data recipient is only permitted to process the data in the data recipient‘s rooms at the address specified in the application. The data recipient is obliged to report any changes to the FDZ of the BA immediately in writing.

Merging the data set with other data sets or with other individual data for the purpose of de-anonymisation is not permitted.

Merging the data set with other versions of this data set or with statistical details from the same or different sources is inadmissible.

The data recipient shall refrain from any action aimed at or suitable for deanonymising the anonymous statistical details contained in the data set.

A breach of the clause regarding the limitation of use of the data to specified purposes (Earmarking) shall be punishable by a fine of 500 Euros.

A breach of the obligation to delete data or to report the deletion immediately or failure to comply with the obligations within 3 months shall be punishable by a fine of 500 Euros. This fine increases by 200 Euros for every further month commenced.

A breach of the obligation to report changes in the group of persons authorised to access the data, shall be punishable by a fine of 500 Euros.

A breach of the obligation to report changes in the premises, shall be punishable by a fine of 500 Euros.

In the case of a wilful or grossly negligent breach of the prohibition of linking and de-anonymisation, the data recipient is obliged to pay a contractual penalty amounting to up to 60,000 Euros. The assertion of further claims remains unaffected by this.

In the case of a serious breach, the research institution can be excluded from any further provision of data via the FDZ of the BA for the duration of 2 years. It is incumbent on the Data Provider to define the seriousness of a breach.

After a breach, a statement is requested from the users concerned, which is forwarded to the IAB legal department. This department examines each breach individually and decides on the penalty.

Information about breaches will be shared with other Research Data Centres and Data Service Centres.