3.5 Data provider agreement

Data providers could be companies providing sensor systems, map data, weather data or other services that the project needs to enhance the dataset. The organisations may or may not be part of the project.

Data provider agreements are a contract between a data provider and a data consumer (in this case, the project consortium) that reflects the terms and conditions of the data provision. These agreements are required to ensure both parties understand their rights and obligations and may include provisions related to data ownership, specification of permitted uses of data, aspects of privacy protection, confidentiality, or other technical specifications (e.g., including data formats or licenses).  It is important to be aware of topics that can affect future research due to possible restrictions in data use, as well as complications that may arise should the data provider change ownership or cease trading.

The aspects outlined in Table 3 should be considered when considering contracting data from third parties:

Table 3: Data provider agreements

TopicIssues to be considered
Data collection & storageWhat data is to be collected? What, where and for how long data will be stored?
Data access & useWhat methods and procedures are used to access the data and how will data be transferred or shared? What will the data be used for including areas of future research? Are there restrictions on the data use or special conditions for using the data after the project?
Data governanceWho is responsible for the transfer of the data? Who owns the data? Who has access to the data (project partners/third parties)? What are the provisions dealing with the ownership of a third-party (e.g., in case of notable changes in ownership (like merges), or even if a business is shut down)?
LegalWhich is the applicable jurisdiction in the event of a dispute? How is notification of financial and other conflicts of interest handled?
Data privacy, security and protectionWhat data is confidential? Is there any personal data? What measures are implemented to ensure data security? How is the right to withdraw implemented (incl. destruction of data and associated procedures)? How can data providers keep adequate records, and supporting documents relating to the data subjects?
VisibilityDoes any output from the dataset refer to any identifier of the dataset, and/or the Grant or funding statement?
Ethics and classified informationSensitive information with security recommendations must comply with additional requirements imposed by the funding authority.